Centralized Identity Management Decentralized Identity Management
Increased risk of data breaches from storing data in a centralized system Data is decentralized and stored by users in their wallets, which reduces the risk of large scale data breaches
Data may be collected, stored, and shared with other parties without your knowledge Data is only shared when you give authorization
Data is owned and controlled by organizations, apps, and services Data is fully owned and controlled by the user

Establishing Standards for Decentralized Identity

There are many organizations working to standardize and shape the field of decentralized identity. These are the key organizations:

How Decentralized Identity Works

https://uploads-ssl.webflow.com/6311eb97e2519f5dbb9ea0cb/6327a7f30bfc4707ddb0937b_4-How-decentralized-identity-works.png

A decentralized identity system has these main elements:

  1. Blockchain: A decentralized database that is shared among computers in the blockchain network that records information in a way that makes it very difficult to change, hack, or cheat the system.
  2. Decentralized Identity Wallet: An app that allows users to create their decentralized identifiers and manage their Verifiable Credentials.
  3. Decentralized Identifier (DID): A unique identifier on the blockchain made up of a string of letters and numbers that contains details like the public key and verification information.
  4. Verifiable Credential (VC): A digital, cryptographically secured version of both paper and digital credentials that people can present to organizations that need them for verification. These are the main parties in the VC system:

https://uploads-ssl.webflow.com/6311eb97e2519f5dbb9ea0cb/6327a83db4cc47061d4c23b3_7-decentralized identity holders%2C issuers verifiers.png

The main parties in the Verifiable Credentials system are the holders, issuers, and verifiers.

Let’s go into more detail about how each of these elements works individually and then how they all work together.

Decentralized Identity on Blockchain

A blockchain is a digital database that records transactions across a network of computers. It is called a "blockchain" because it is made up of a chain of blocks that contain information about the transactions. Each block contains a list of transactions, and once it is added to the chain, the information in it cannot be altered (or it’s extremely difficult to alter). This makes the blockchain secure and transparent, and it is often used for things like cryptocurrency and online voting.

With Dock, only DIDs are registered on the blockchain, but no Verifiable Credential data is ever put on the blockchain for security and privacy.

Key features of a blockchain:

Security: Blockchain uses cryptography to ensure that once a block is added to the chain, it’s extremely difficult to alter, making the information stored in it secure.

Tamper-resistance: The blocks in a blockchain are linked together using a cryptographic function, making it difficult for any malicious actors to tamper with or alter the data stored in the blocks.  Once data is written on blockchain it is almost impossible to change, tamper or delete, providing trust and security to the data.

Decentralized: A blockchain is a decentralized system, meaning that it is not controlled by any one central authority or organization. This allows for a more democratic and transparent system.

Transparency: All the transactions are recorded in a public ledger, which can be viewed by anyone on the network, promoting transparency and accountability.

Trustless: Blockchain enables trustless transactions by using consensus algorithms, smart contracts and digital signatures, which eliminates the need for third party intermediaries.

Here is how each party uses the blockchain in a decentralized identity system:

The blockchain allows everyone in the network to have the same source of truth about which credentials are valid and who authenticated the validity of the data inside the credentials. The blockchain establishes a basis of trust by maintaining a verifiable registry (or records) of:

The identity information is not stored on the blockchain but rather on the holder’s digital wallet. The credentials issued using the Dock blockchain are stored off-chain, usually in someone’s decentralized digital wallet app.

What Are Decentralized Identifiers (DIDs)?

Dock's Solutions Architect Mike Parkhill explains how decentralized identifiers (DIDs) work and their importance.

A decentralized identifier (DID) is a way to identify yourself or something online without relying on a centralized company or organization. Imagine a phone number is like a centralized identifier because it is assigned to you by a phone company, and they keep track of who it belongs to.

A DID is like a personal phone number that you create, own, and control. You can use it to prove who you are online without having to rely on a third party. It's like having a digital passport that you can use on the internet, and it's not controlled by any one company or organization. It's simple to understand like a phone number you own and control.

https://uploads-ssl.webflow.com/6311eb97e2519f5dbb9ea0cb/63e3f2286da69a5c0683bb98_decentralized identity multiple DIDs.png

Right now, most of us use centralized identifiers like emails, passwords, and user names to access websites, apps, and services. But these identifiers have often resulted in:

But DIDs solve many of these problems. A Decentralized Identifier (DID):

集中式身份管理 去中心化身份管理
存储数据于集中式系统中增加了数据泄露的风险 数据是去中心化的,由用户在他们的钱包中存储,降低了数据泄露风险
数据可能会被收集、存储并在未经您同意的情况下与其他方共享 只有您授权分享数据时,才会被分享
数据由组织、应用和服务所拥有和控制 数据完全由用户拥有和控制

去中心化身份建立标准

有许多组织正在致力于标准化和塑造去中心化身份领域。以下是关键组织:

去中心化身份的工作原理

https://uploads-ssl.webflow.com/6311eb97e2519f5dbb9ea0cb/6327a7f30bfc4707ddb0937b_4-How-decentralized-identity-works.png

去中心化身份系统有以下主要元素:

  1. 区块链: 一个分散的数据库,在区块链网络中共享,以记录信息,使其难以更改、黑客攻击或欺骗系统。
  2. 去中心化身份钱包: 一个应用程序,允许用户创建他们的去中心化标识符和管理其可验证凭据。
  3. 去中心化标识符 (DID): 由字母和数字组成的区块链上的唯一标识符,包含公钥和验证信息等详细信息。
  4. 可验证凭证 (VC): 人们可以向需要它们进行验证的组织提供的数字加密证明版本,用于证明纸质和数字证明的真实性和有效性。这些是 VC 系统中的主要参与方:

https://uploads-ssl.webflow.com/6311eb97e2519f5dbb9ea0cb/6327a83db4cc47061d4c23b3_7-decentralized identity holders%2C issuers verifiers.png

可验证凭证系统的主要参与方是持有者、签发者和验证者。

现在,我们将深入探讨每个元素如何单独工作,然后再探讨它们如何相互配合。

区块链上的去中心化身份

区块链是记录跨计算机网络的交易的数字数据库。它之所以被称为“区块链”,是因为它由一系列包含有关交易信息的块组成。每个块包含交易列表,一旦添加到链中,其中的信息就无法更改(或极难更改)。这使得区块链安全和透明,通常用于像加密货币和在线投票之类的事情。

在 Dock 中,只有 DID 注册在区块链上,但 Verifiable Credential 数据从安全和隐私的角度来看,从未放在区块链上。

区块链的关键特点:

安全性: 区块链使用加密技术,确保一旦块添加到链中,极难更改,从而使存储在其中的信息安全。

防篡改性: 区块链中的块使用加密函数链接在一起,使任何恶意行为者难以篡改或更改块中存储的数据。一旦数据被写入区块链,就几乎不可能更改、篡改或删除,从而为数据提供了信任和安全。

去中心化: 区块链是一个去中心化的系统,意味着它不受任何一个中央机构或组织的控制。这允许一个更民主和透明的系统。

透明度: 所有交易都记录在公共账本中,任何人都可以在网络上查看,促进透明度和问责制。

无需信任: 区块链通过使用共识算法、智能合约和数字签名实现无需信任的交易,从而消除了第三方中介的需求。

以下是每个参与方在去中心化身份系统中如何使用区块链:

区块链使网络中的每个人都可以获得关于哪些凭证是有效的以及谁认证了凭证中的数据的相同真实性来源。区块链通过维护可验证注册表(或记录)建立了信任基础,包括:

身份信息不是存储在区块链上,而是存储在持有者的数字钱包中。使用 Dock 区块链发行的凭证通常存储在某人的去中心化数字钱包应用程序中。

什么是去中心化标识符 (DIDs)?

Dock 的解决方案架构师 Mike Parkhill 解释了去中心化标识符 (DIDs) 的工作原理和重要性。

去中心化标识符 (DID) 是一种在线上标识自己或某些东西的方式,而不依赖于集中式公司或组织。想象电话号码就像集中式标识符,因为它是由电话公司分配给您的,他们跟踪它属于谁。

DID 就像您创建、拥有和控制的个人电话号码。您可以在互联网上使用它来证明自己的身份,而不必依赖第三方。它就像拥有一本可以在互联网上使用的数字护照,不受任何一家公司或组织的控制。它类似于您拥有和控制的电话号码,容易理解。

https://uploads-ssl.webflow.com/6311eb97e2519f5dbb9ea0cb/63e3f2286da69a5c0683bb98_decentralized identity multiple DIDs.png

现在,我们大多数人使用像电子邮件、密码和用户名这样的集中式标识符来访问网站、应用和服务。但这些标识符常常导致:

但是 DIDs 解决了许多这些问题。去中心化标识符 (DID):