Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Decentralized Identifier (DIDs) fundamentals deep dive

296 views

Published on

https://ssimeetup.org/decentralized-identifiers-dids-fundamentals-identitybook-info-drummond-reed-markus-sabadello-webinar-46/
Decentralized identifiers (abbreviated as “DIDs”), are the cryptographic counterpart to verifiable credentials (VCs) that together are the “twin pillars” of SSI architecture. In this special IdentityBook.info webinar Markus Sabadello, Founder and CEO of Danube Tech, and Drummond Reed, Chief Trust Officer at Evernym, co-authors of the DID chapter of the “Self-Sovereign Identity:
Decentralized Digital Identity and Verifiable Credentials” book published by Manning will explain all the fundamentals of DIDs. Based on the did chapter of the book, you will learn how DIDs evolved from the work started with VCs, how they are related to URLs and URNs, why a new type of cryptographically-verifiable identifier is needed for SSI, and how DIDs are being standardized at World Wide Web Consortium (W3C). Your guides will be two of the editors of the W3C Decentralized Identifier 1.0 specification: Markus Sabadello and Drummond Reed.

Published in: Internet
  • Be the first to comment

Decentralized Identifier (DIDs) fundamentals deep dive

  1. 1. Decentralized Identifiers (DIDs) fundamentals IdentityBook.info special twitter.com/IdentityBookHQ SSIMeetup.orghttps://creativecommons.org/licenses/by-sa/4.0/ Drummond Reed W3C DID specification co-author Chief Trust Officer Evernym Markus Sabadello W3C DID specification co-author Founder Danube Tech
  2. 2. 1. Empower global SSI communities 2. Open to everyone interested in SSI 3. All content is shared with CC BY SA SSIMeetup.org Alex Preukschat @SSIMeetup @AlexPreukschat Coordinating Node SSIMeetup.org https://creativecommons.org/licenses/by-sa/4.0/ SSIMeetup objectives 17 May 2018
  3. 3. https://www.manning.com/books/self-sovereign-identity and IdentiyBook.info Released under a Creative Commons license. (CC BY-SA 4.0). SSIMeetup.org
  4. 4. Introduction SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0). You can understand DIDs at four progressively deeper levels.
  5. 5. The Superficial Level: What is a DID? SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  6. 6. URIs, URLs, and URNs SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0). ● URLs locate resources on a network ● URNs are persistent names for a resource that will never change no matter its location ● A DID is functionally a URN that in many cases can be resolved into one or more URLs
  7. 7. The four core properties of a DID SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  8. 8. The Functional Level: How DIDs Work SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  9. 9. SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0). "For digital identifiers, the usefulness comes just not from the identifier itself, but from how it can be used by applications designed to consume that particular type of identifier.”
  10. 10. DIDs, DID documents, and DID subjects SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  11. 11. A typical DID document contains: SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0). ● One or more public keys (or other verification methods) that can be used to authenticate the DID subject during an interaction ● One or more services associated with the DID subject that can be used for interaction via protocols supported by those services ● Additional metadata such as timestamps, digital signatures and other cryptographic proofs, or metadata related to delegation and authorization
  12. 12. Example DID Document SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0). { "@context": "https://www.w3.org/ns/did/v1", "id": "did:example:123456789abcdefghi", "authentication": [{ "id": "did:example:123456789abcdefghi#keys-1", "type": "Ed25519VerificationKey2018", "controller": "did:example:123456789abcdefghi", "publicKeyBase58" : "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV" }], "service": [{ "id":"did:example:123456789abcdefghi#vcs", "type": "VerifiableCredentialService", "serviceEndpoint": "https://example.com/vc/" }] }
  13. 13. DID Methods SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0). ● DIDs are not created and maintained in a single type of database or network like most other types of URIs ● DID methods all support the same basic functionality but they differ in how that functionality is implemented
  14. 14. DID Resolution SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0). ● The process of obtaining the DID document associated with a DID ● Rather than thinking of DID resolution as a protocol, it should be considered an abstract function or algorithm
  15. 15. DID URLs SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0). ● DIDs are powerful identifiers by themselves, but they can also be used as the basis for constructing more advanced URLs rooted in a DID ● This is like how http/https URLs can consist of more than just a domain name ● DID URLs enable an "identifier space" for additional resources associated with the DID
  16. 16. Example DID URLs SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0). did:example:1234/ did:example:1234#keys-1 did:example:1234;version-id=4#keys-1 did:example:1234/my/path?query#fragment did:example:1234;service=hub/my/path?query#fragment
  17. 17. Comparing DIDs with Domain Names Decentralized Identifiers (DIDs) Domain Names Globally unique Globally unique Persistent Reassignable Machine-friendly identifiers (i.e., long character strings based on random numbers / cryptography) Human-readable names Resolvable using different mechanisms defined by the applicable DID method Resolvable using the standard DNS protocol Associated data is expressed in DID documents Associated data is expressed in DNS zone files Fully decentralized namespaces without delegation Hierarchical, delegatable namespaces based on centralized root registries for top-level domain names (TLDs) Cryptographically-verifiable Verifiable using DNS security extensions (DNSSEC) Fully under the control of the DID controller Ultimately controlled by ICANN and the registry operator for each DNS TLD SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  18. 18. Comparison with other persistent identifiers SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  19. 19. Types of DIDs SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0). ● Ledger-based DIDs: The "original" category of DID methods involves a blockchain or other DLT ● Ledger Middleware (“Layer 2”) DIDs: Adds an additional storage layer “on top” of the base layer blockchain ● Peer DIDs: Exists only within a relationship between a limited number of participants ● Static DIDs: Can only be created and resolved, but not updated or deactivated ● Alternative DIDs: Do not fall into any of the other categories
  20. 20. The Architectural Level: Why DIDs Work SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  21. 21. SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0). “Since it was first conceived, PKI has one hard problem at its very core. It is not a problem with cryptography per se, i.e., with the math involved with public/private keys or encryption/decryption algorithms. Rather it is a problem with cryptographic infrastructure, i.e., how we can make public/private key cryptography easy and safe for people and organizations to use at scale.”
  22. 22. The following slides walk you through the narrative we present in this part of the chapter SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  23. 23. 24 SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  24. 24. The PKI Trust Triangle 25 Controller Private Key Public Key Controls Publishes Cryptographic binding SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  25. 25. Public Half MUST be shared The PKI Trust Triangle 26 Controller Private Key Public Key Controls Publishes Private Half Must NOT be shared Cryptographic binding SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  26. 26. The problem lies right here 27 Controller Private Key Public Key Controls Problem spot SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  27. 27. 28 SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  28. 28. This half is NOT the problem 29 Controller Private Key Public Key Controls SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  29. 29. 30 SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  30. 30. This half is the problem 31 Controller Private Key Public Key Controls SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  31. 31. 32 SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  32. 32. 33 SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  33. 33. The real PKI Trust Triangle 34 Identifier Private Key Public Key Controls Publishes Controller Identifies SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  34. 34. 35 SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  35. 35. 36 SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  36. 36. Problem Spot #1 37 Identifier Private Key Public Key Controls Publishes Controller Identifies SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  37. 37. 38 SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  38. 38. Problem Spot #2 39 Identifier Private Key Public Key Controls Publishes Controller Identifies SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  39. 39. 40 SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  40. 40. 42 SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  41. 41. 43 SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  42. 42. Digital Identifiers Type Challenges with Strong Binding Phone Number Reassignable, limited #, hard to register IP Address Reassignable, spoofable, hard to register Domain Name Reassignable, spoofable, DNS poisoning Email Address Reassignable, spoofable, weak security URL Dependent on a Domain Name X.500 Dist. Name Hard to register X.500 Certs SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  43. 43. 45 SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  44. 44. 46 SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  45. 45. 47 SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  46. 46. 48 SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  47. 47. 49 SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  48. 48. 50 SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  49. 49. 51 SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  50. 50. Public Key Certificate Signed by a CA 52 Private Key Public Key Controls Publishes Controller Identifies Identifier SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  51. 51. 53 SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  52. 52. 55 SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  53. 53. Self-Certifying Identifiers 56 Private Key Public Key Controls Publishes Controller Publishes Identifier Generates SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  54. 54. 57 SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  55. 55. 58 SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  56. 56. Public key-to-identifier binding 59 Identifier Private Key Public Key Controls Publishes Controller Publishes Generates SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  57. 57. 60 SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  58. 58. Identifier-to-controller binding 61 Identifier Private Key Public Key Controls Publishes Controller Publishes Generates SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  59. 59. 62 SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  60. 60. 63 SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  61. 61. 65 SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  62. 62. 66 SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  63. 63. Generation of the original key pair and DID 67 DID Private Key1 Public Key1 Controls Publishes Controller Generates Publishes SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  64. 64. 68 SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  65. 65. Publishing the original DID document DID Private Key1 Public Key1 Controls Publishes Controller Generates Publishes SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  66. 66. 70 SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  67. 67. Publishing the updated DID document 71 DID Private Key2 Public Key2 Controls Publishes Controller Publishes SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  68. 68. 72 SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  69. 69. 73 SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  70. 70. 75 SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  71. 71. 76 SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  72. 72. Example: a DID for a newborn DID Private Key Public Key Controller IdentifiesKnows Publishes SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  73. 73. 78 SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  74. 74. 79 SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  75. 75. Discovery of service endpoint URLs DID Private Key Public Key Controller URL SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  76. 76. The Semantic Level: What DIDs Mean SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  77. 77. A brief history of addresses SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).
  78. 78. SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0). “What new communications network function- ality do DIDs enable that could not be done before? The short answer is that DIDs were invented to support both the cryptographic trust and the human trust required for the four-layer architecture of any trust network based on the Trust over IP stack introduced in Chapter 5 and shown again here.”
  79. 79. https://www.manning.com/books/self-sovereign-identity and IdentiyBook.info Released under a Creative Commons license. (CC BY-SA 4.0). SSIMeetup.org
  80. 80. Questions? SSIMeetup.orgReleased under a Creative Commons license. (CC BY-SA 4.0).

×