Decentralized identity

#explain-card ## Introduction **[[Decentralized identity|Decentralized Identity]] (DID)**, also referred to as Self-Sovereign Identity (SSI), is a concept and emerging set of standards for digital identity that gives individuals or organizations control over their own identity data. Unlike traditional identity systems where identities are managed by centralized providers (e.g., governments, tech companies like Google or Facebook), DIDs allow users to create and manage their own globally unique identifiers and control who can access their identity information. - **Importance/Purpose:** DID aims to address the limitations of centralized identity systems, such as data silos, lack of user control, privacy risks, and censorship. It seeks to provide a more secure, private, and user-centric way to manage and present identity information in the digital world. - **Target Audience:** Individuals seeking more control over their digital identity, developers building applications requiring identity verification, organizations looking for more secure and efficient ways to manage identities, and proponents of a more decentralized internet ([[Web3]]). ## Core Concepts & Mechanism ### Key Components of DID Architecture (W3C DID Standard) 1. **Decentralized Identifiers (DIDs):** Globally unique identifiers that individuals or organizations can create and control. A DID (e.g., `did:example:123456789abcdefghi`) is a URI that resolves to a DID Document. 2. **DID Documents:** JSON documents associated with a DID that contain information about the DID subject, such as cryptographic [[Public key|public keys]] for authentication, service endpoints (e.g., for communication or data storage), and other metadata. The DID document essentially describes how to interact with the DID subject. 3. **DID Methods:** Specific implementations that define how DIDs are created, resolved (how their DID Documents are found), updated, and deactivated. Different DID methods can leverage various distributed [[Ledger|ledger]] technologies (DLTs) like blockchains, or other decentralized systems. Examples: `did:ethr` ([[Ethereum]]), `did:ion` ([[Bitcoin]]/IPFS), `did:key` (cryptographic key-based). 4. **Verifiable Credentials (VCs):** Tamper-evident digital attestations or claims made by an issuer about a subject (e.g., a university issuing a degree credential to a student). VCs are cryptographically signed by the issuer and can be held by the subject in their digital [[Wallet|wallet]]. The subject can then present these VCs to verifiers to prove claims about themselves without the verifier needing to contact the original issuer directly for every verification. 5. **DID Wallets/Agents:** Software that users employ to create and manage their DIDs, store their [[Private key|private keys]], hold their Verifiable Credentials, and interact with other entities in the DID ecosystem. ### How DIDs Work (Simplified Flow) 1. **Creation:** A user (or their wallet software) generates a DID and its associated cryptographic key pair (public/private). 2. **Registration (Optional):** Depending on the DID method, the DID and its initial DID Document (containing the public key) might be registered on a DLT or other decentralized system. 3. **Obtaining Verifiable Credentials:** The user requests VCs from issuers (e.g., a government issues a VC for age, a university issues a VC for a degree). The issuer verifies the user's identity (potentially through traditional means or using other VCs) and then issues a digitally signed VC to the user's DID. 4. **Presentation & Verification:** When the user needs to prove an identity attribute to a service provider (verifier), they present one or more VCs. The verifier can check the digital signature of the VC (to ensure its authenticity and integrity) and the status of the issuer's DID (to ensure the issuer is still trusted and the credential hasn't been revoked). The user only shares the necessary information. ## Use Cases & Implications ### Potential Applications - **Secure Login:** Replacing passwords with DID-based authentication. - **Data Control & Portability:** Allowing users to control their data and easily [[Move|move]] it between services. - **KYC/AML & Age Verification:** Presenting verified claims ([[zkKYC]]) without revealing underlying PII. - **Healthcare:** Securely managing and sharing health records. - **Education:** Issuing and verifying academic credentials. - **Supply Chain:** Tracking provenance and authenticity of goods. - **Voting Systems:** Enhancing the security and verifiability of voting. - **[[Soulbound tokens]] & Reputation:** DIDs can serve as the foundation for holding non-transferable attestations. ### Benefits - **User Control & Empowerment:** Individuals control their own identity data. - **Enhanced Privacy:** Reduces the need to share excessive personal information with multiple parties. - **Improved Security:** Reduces risks associated with centralized data breaches. - **Interoperability:** Aims to create a standard way for identities to work across different platforms and services. - **Reduced Friction:** Can simplify onboarding and verification processes. ### Limitations & Challenges - **Complexity & User Experience:** DID concepts and technologies can be complex for average users. - **Key Management:** Securely managing private keys is crucial; loss of keys can mean loss of identity control. - **Scalability:** Some DLT-based DID methods might face scalability challenges. - **Adoption & Network Effects:** Widespread adoption by users, issuers, and verifiers is necessary for the ecosystem to thrive. - **Governance & Trust:** Establishing trust in DID methods, issuers, and the overall ecosystem is vital. - **Revocation:** Efficiently and privately managing the revocation of Verifiable Credentials is a complex issue. - **Interoperability between DID Methods:** Ensuring seamless interaction across different DID methods. ## Related Concepts - [[Zero knowledge proof]] (often used with DIDs/VCs for privacy) - Web3 - Wallet - Soulbound tokens