It is increasingly important to identify persons, concepts, things…
any reasoning, control, associations, etc., of resources rely on this ability
The digital economy relies on proper identification to combine information from different sources
it is vital that identifiers are unique
Globally unique identifiers are all around us
They are becoming ubiquitous:
persons
companies, institutions,…
books, magazines,…
retail items
genes, proteins, viruses,…
stars, galaxies,…
vehicles, airplanes,…
intelligent home devices, Internet/Web of Things,…
Identifiers on the Web
The fundamentals of the Web Architecture are defined on three axes:
Identification: “URIs are used to identify resources.”
Interaction: “Web agents communicate using standardized protocols[…]. By entering a URI [user agents] perform a retrieval action for the resource identified by the URI.”
Formats: “Most protocols […] contain a payload of representation data and metadata, to transfer the representation between agents.”
What are the problems?
A typical experience
Consider these two scholarly references:
Tomislav Strinić, Damir Buković, Ljubomir Pavelić, Josip Fajdić, Ivan Herman, Ivica Stipić, Ivan Palada & Ivana Hirš, “Anthropological and clinical characteristics in adolescent women with dysmenorrhea”. Collegium antropologicum, 27(2), (2003).
Ivan Herman, Markus Gylling, “Bridging the Web and Digital Publishing”, The Journal of Electronic Publishing, (2015).
Only one of the two publications is mine…
The name is not enough; you need a unique personal identification to avoid problems with, in this case, homonyms
This has become even more important in a networked, digital world
What happens if I stop paying for the domain and somebody else buys it?
Identifiers may fulfill several requirements
HTTPS URIS are:
resolvable
verifiable by a human and through HTTPS and certificates
but: centralized, not persistent, complex to create
ORCID numbers are:
persistent (while ORCID is around, that is), easy to create
verifiable by a human but not cryptographically
but: centralized, only resolvable by turning them into a special URL
UUID-s are
persistent, decentralized, easy to create
but: not resolvable, not verifiable
No identifiers display all those characteristics!
Goals of DIDs
Ease of creation
it should be quick and “cheap” to create possibly thousands of DIDs
Decentralized
do not depend on centralized registries, identity providers, authorities, etc.
the DID has a sovereign controller, an the entity identified explicitly
the “subject” of the identifier may be different (e.g., the owner of a dog “controls” the DID identifying the dog)
Goals of DIDs
Persistent
once created, it is permanently assigned to the subject
Resolvable
it is possible to find out basic set of information on the subject
Cryptographically verifiable
there is a mechanism to cryptographically prove that it indeed identifies a specific subject (possibly controlled by a separate controller) and nothing else
A DID is a self-sovereign identity, i.e., lifetime, portable, and verifiable digital identity that does not depend on any centralized authority
High level view on DIDs
High level view: DIDs and DID Documents
“Global, distributed, key-value database”
Also known as ”Verifiable Data Registry”
There may be several of those!
in the DID world, the term method is used for the different approaches and/or implementations
Different methods can have very different characteristics
May be based on distributed ledgers (generic or specialized)
DID documents stored may be on specialized sites (e.g., github)
May be ephemeral DIDs with lighter requirements (e.g., on an intelligent device)
The choice depends on the relative importance of the various requirements for a specific usage
DID Documents
Contain reference to the “controllers”, i.e., entities that may make changes on the DID Document
Include cryptographic information related to the DID subject
RSA, secp25519 elliptical curve keys, bitcoin elliptic curve keys, etc.
can be expressed using JWK, or with a DID specific terms
can be used for
authentication;
assertions (e.g., of credentials);
key agreement (e.g., to establish secure communication);
capability invocation (e.g., authorization to access an API);
capability delegation (e.g., delegate an API access to another authority);
…
DID Documents (cont.)
May contain other types of data related to the subject
reference to alternative identities (“alsoKnownAs”)
various service references (e.g., access to a service providing credentials)
etc.
May or may not physically “exist” somewhere in the database
some methods generate them on-the-fly
DIDs and DID Documents are closely coupled
DIDs have the right characteristics through the DID Document
DID documents are the “representation data and metadata” of a DID in the Web architecture
A DID Document is tightly bound to the DID it “describes”
DID+DID Document may be also used as a decentralized cryptographic keychain for various cryptography applications
Serialization of DID Documents
DID Documents are defined via an abstract data model