Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sovereign Identity (SSI)


Published on

Drummond Reed, Chief Trust Officer at Evernym, will explain in our second Webinar "Decentralized Identifiers (DIDs) - Building Block of Self-Sovereign Identity (SSI)" giving us the background on how DIDs work, where they come from and why they are important for Blockchain based Digital Identity.

Published in: Internet
  • Be the first to comment

Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sovereign Identity (SSI)

  1. 1. Webinar: Decentralized Identifiers (DIDs) The Fundamental Building Block of Self-Sovereign Identity (SSI) SSIMeetup.org07 May 2018 Drummond Reed Chief Trust Officer Evernym and Sovrin Foundation Trustee @drummondreed
  2. 2. 1. Empower global SSI communities 2. Open to everyone interested in SSI 3. All content is shared with CC BY SA Alex Preukschat @SSIMeetup @AlexPreukschat Coordinating Node SSIMeetup objectives 07 May 2018
  3. 3. Who Am I? 3 • 20 years in Internet Identity • 13 years (all 26 instances) of Internet Identity Workshop • 15 years in Internet Identity standards – W3C – OASIS – IETF – OpenID Foundation Years
  4. 4. Who Am I? 4 Chief Trust Officer, Evernym Trustee, Sovrin Foundation Chair, Sovrin Trust Framework Co-Chair, Decentralized Identity Foundation ID WG Co-Chair, OASIS XDI TC Principle Investigator, U.S Dept. of Homeland Security DID and DKMS Projects Hats
  5. 5. Three Models of Digital Identity
  6. 6. #1: Siloed (Centralized) Identity Standards:
  7. 7. #2: Third-Party IDP (Federated) Identity Standards:
  8. 8. #3: Self-Sovereign Identity (SSI)
  9. 9. #3: Self-Sovereign Identity (SSI) Digital wallet
  10. 10. Emerging Open Standards for SSI
  11. 11. What is a DID?
  12. 12. 078-05-1120
  13. 13. did:sov:3k9dg356wdcj5gf2k9bw8kfg7a
  14. 14. 14
  15. 15. 15 You will not have just one DID. You will have thousands.
  16. 16. 16 Each one will give you a lifetime encrypted private channel with another person, organization, or thing
  17. 17. 17 You will use it not just for authentication, but to exchange verifiable digital credentials
  18. 18. 18 Best of all: there is no central registration authority— every DID is registered directly by you on a public or private blockchain or distributed network
  19. 19. In summary, a DID is… A permanent (persistent) identifier – It never needs to change A resolvable identifier – You can look it up to get metadata A cryptographically-verifiable identifier – You can prove ownership using cryptography A decentralized identifier – No centralized registration authority is required 19
  20. 20. 20 No identifier in history has had all four of these properties—because what fundamentally enables DIDs is blockchain technology
  21. 21. What does a DID look like?
  22. 22. URN Syntax (RFC 2141) 22 urn:uuid:ae84-d5c2-9fb785ea-72cd34 Namespace Scheme Namespace-Specific Identifier
  23. 23. 23 did:sov:3k9dg356wdcj5gf2k9bw8kfg7a Method Scheme Method-Specific Identifier DID Syntax (W3C)
  24. 24. What is a DID method spec?
  25. 25. 25 A DID method specification defines how to read and write a DID (and its DID document) on a specific blockchain or distributed network
  26. 26. 26 Active DID Method Specs
  27. 27. The syntax of the method-specific identifier Any method-specific elements of a DID document The CRUD (Create, Read, Update, Delete) operations on DIDs and DID documents for the target system 27 A DID Method spec defines…
  28. 28. What is a DID document?
  29. 29. 29 { “Key”: “Value” }
  30. 30. DID (for self-description) Set of public keys (for verification) Set of auth methods (for authentication) Set of service endpoints (for interaction) Timestamp (for audit history) Signature (for integrity) 30 The standard elements of a DID doc
  31. 31. { "@context": "", "id": "did:example:123456789abcdefghi", "publicKey": [{ "id": "did:example:123456789abcdefghi#keys-1", "type": "RsaSigningKey2018", "owner": "did:example:123456789abcdefghi", "publicKeyPem": "-----BEGIN PUBLIC KEY...END PUBLIC KEY-----rn" }], "authentication": [{ "type": "RsaSignatureAuthentication2018", "publicKey": "did:example:123456789abcdefghi#keys-1" }], "service": [{ "type": "ExampleService", "serviceEndpoint": "" }], Example DID Document (Part 1) 31
  32. 32. Example DID Document (Part 2) 32 "created": "2002-10-10T17:00:00Z", "updated": "2016-10-17T02:41:00Z", "signature": { "type": "RsaSignature2016", "created": "2016-02-08T16:02:20Z", "creator": "did:sov:8uQhQMGzWxR8vw5P3UWH1j#key/1", "signatureValue": "IOmA4R7TfhkYTYW87z640O3GYFldw0 yqie9Wl1kZ5OBYNAKOwG5uOsPRK8/2C4STOWF+83cMcbZ3CBMq2/ gi25s=" } }
  33. 33. DID paths, queries, fragments • A DID itself always identifies a person, organization, or thing • But like any URI, a DID may be followed by a path, query, and/or fragment • A DID without a path or query but with a fragment is a pointer into the DID document • A DID with a path identifies another resource “rooted” on the DID 33
  34. 34. DIDs and Decentralized Identity
  35. 35. 35 DIDs only represent the very bottom layer of the decentralized identity stack
  36. 36. DID Layer The decentralized identity “stack” Cloud Layer Identity Owners Edge Layer
  37. 37. DIDs enable digitally signed verifiable claims
  38. 38. DID Standardization
  39. 39. How did DIDs happen? Conceived in 2015 by W3C Verifiable Claims Task Force Evernym applied to U.S. Dept of Homeland Security S&T to fund DID standard Over 2016 Evernym worked with SSI community to develop DID V1.0 June 2017 DID spec contributed to W3C Credentials Community Group 39
  40. 40. 40 The second generation DID spec is currently being standardized by the W3C Credentials Community Group—membership is free and open to all
  41. 41. 41 Work has begun to form the W3C DID Working Group—this is where the DID specification will become an official W3C open standard
  42. 42. 42 DID Specification Links Implementers: please send feedback!
  43. 43. 43 Thank You
  44. 44. Webinar: Decentralized Identifiers (DIDs) The Fundamental Building Block of Self-Sovereign Identity (SSI) SSIMeetup.org07 May 2018 Drummond Reed Chief Trust Officer Evernym and Sovrin Foundation Trustee @drummondreed