SlideShare a Scribd company logo

Despite both sides having different benefits and tradeoffs, DeFi and CeFi are representing a brand new paradigm in finance and spurring innovation in the sector.

Download as PPTX, PDF
V
VijayBhosale49

However, the scaffolding is emerging for a historic disruption of our current financial infrastructure. DeFi, or decentralized finance, seeks to build and combine opensource financial building blocks into sophisticated products with minimized friction and maximized value to users utilizing blockchain technology. Given it costs no more to provide services to a customer with $100 or $100 million in assets, we believe that DeFi will replace all meaningful centralized financial infrastructure in the future. This is a technology of inclusion whereby anyone can pay the flat fee to use and benefit from the innovations of DeFi

Education
1 of 37
INDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR Sandip Chakraborty sandipc@cse.iitkgp.ac.in Department of Computer Science and Engineering CS61065: Theory and Applications of Blockchain IDENTITY MANAGEMENT
Indian Institute of Technology Kharagpur • People are known by their identities - drives every business and social interactions • Physical Identity is a collection of attributes • Name • Age • Financial history • Work history • Address history • Social history What is Identity? Source: https://securityintelligence.com/reimagining-the- future-of-identity-management-with-blockchain/
Indian Institute of Technology Kharagpur • Individuals do not have any control over the information that comprises their identities • Identity fraud - no visibility over the identity attributes • Authentication • Authorization • Verification Centralized Digital Identity
Indian Institute of Technology Kharagpur • Individuals do not have any control over the information that comprises their identities • Identity fraud - no visibility over the identity attributes • Authentication • Authorization • Verification Centralized Digital Identity
Indian Institute of Technology Kharagpur Digital Identity - Single Sign On (SSO) • Single identity for various purposes – No need to maintain multiple identity documents • Widely conceptualized in software industry – One password to access multiple services • Single identity provider (IDP) maintains the identity • Identity consumers (services) use the IDP to authenticate the identity holder – During authentication, the identity is not exposed to the services Image Source: https://www.e-spincorp.com/global- theme-and-feature-topics/single-sign-on-sso/
Indian Institute of Technology Kharagpur SSO and Decentralization Identity Database Recordkeeping Agency (IDP) Bank Post Office Mobile Companies for user identity verification Public Sector Services User
Indian Institute of Technology Kharagpur • No Centralized Trusted Identity Provider / Registry • Digital representation of physical identity. • Two major problems: • Verifying the identity issuer • Verifying the identity holder Decentralizing Digital Identity Issuer - Government Holder Verifier
Indian Institute of Technology Kharagpur • No Centralized Trusted Identity Provider / Registry • Digital representation of physical identity. • Two major problems: • Verifying the identity issuer • Verifying the identity holder Decentralizing Digital Identity Issuer - Government Holder Verifier
Indian Institute of Technology Kharagpur • Self-Sovereign Identity (Privacy Control) • Individual should have full control and ownership of their identity information • Individuals can control the usage of their own identity profile for business and social interactions (Consent - agreement for information usage) • Identical to how we use our physical identity • Holder possesses the ID • Holder chooses whom to present the ID • Burden at individual user? Fundamental Principles of Digital Identity Management
Indian Institute of Technology Kharagpur • Provides Verifiable, Decentralized Digital identity • Designed to be decoupled from: • centralized registries • identity providers • certificate authorities • Holder of DID can prove its ownership on the DID without the help of any other party. • W3C Proposed Recommendation Decentralized Identifiers (DIDs) https://www.w3.org/TR/did-core/
Indian Institute of Technology Kharagpur DID Architecture https://www.w3.org/TR/did-core/
Indian Institute of Technology Kharagpur DID Architecture https://www.w3.org/TR/did-core/ 1. Unique URI – identifies a subject. 2. Entity (person / organization / etc.. ) being identified. 3. Entity with permission to change DID document. Might be same as subject. 4. Contains information (e.g public key of controller) about the DID. 5. System where DID documents are stored.
Indian Institute of Technology Kharagpur • Controller controls a DID Document. • A DID is a unique address (URI) to the location of that document. DID URI System which supports DID scheme. - Eg. DID resolution. Uniquely identifies a DID doc within the DID Method. https://www.w3.org/TR/did-core/ http://www.faqs.org/rfcs/rfc2396.html
Indian Institute of Technology Kharagpur A DID Document is a set of data describing the DID subject, including mechanisms, such as cryptographic public keys, that the DID subject or a DID delegate can use to authenticate itself and prove its association with the DID. A DID document consists of a map of entries, where each entry consists of a key/value pair. DID Document https://www.w3.org/TR/did-core/ Extensions can also include degree completed, etc. Representation-specific entries include JSON, XML, etc
Indian Institute of Technology Kharagpur { "id": "did:example:123456789abcdefghi", "authentication": [{ "id": "did:example:123456789abcdefghi#keys-1", "type": "Ed25519VerificationKey2020", "controller": "did:example:123456789abcdefghi", "publicKeyMultibase": "zH3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV" }], "service": [{ "id":"did:example:123456789abcdefghi#linked-domain", "type": "LinkedDomains", // external (property value) "serviceEndpoint": https://bar.example.com }] } DID Document Example (JSON) https://www.w3.org/TR/did-core/ DID for a particular DID subject Verification Method specifying how the DID subject can authenticate itself. Service Endpoint denoting ways of communicating with the DID subject It tells how to reach the subject. Otherwise, there is no meaningful use of authentication Note: There is no sensitive information in DID document
Indian Institute of Technology Kharagpur Relationship Between DID, DID Document and DID Controller -A DID is an identifier assigned by a DID controller to refer to a DID subject and resolve to a DID document that describes the DID subject. - The DID document is an artifact of DID resolution and not a separate resource distinct from the DID subject. - DID document resides inside verifiable data registry
Indian Institute of Technology Kharagpur Relationship Between DID, DID Document and DID Controller Often the DID Subject and the DID Controller are the same entity.
Indian Institute of Technology Kharagpur DID Flow – DID Registration 1. Create DID Document Verifiable Data Registry - (registry1) id: did:registry1:alice, authentication: Pk controller: did:registry1:alice Public key: Pk, Secret key: Sk 0. Generate Keys 2. Register DID DID Doc signedby(Sk) Alice 3. Authenticates DID controller (here based on signature) 4. Updates DID Document DID Method Implementation
Indian Institute of Technology Kharagpur DID Flow – Proving Control over DID 1. Create DID Document Verifiable Data Registry - (registry1) id: did:registry1:alice, authentication: Pk controller: did:registry1:alice Public key: Pk, Secret key: Sk 0. Generate Keys 2. Register DID DID Doc signedby(Sk) Alice 3. Authenticates DID controller (here based on signature) 4. Updates DID Document Bob (wants to authenticate the subject of did:registry1:alice) 5. Fetch DID Document for did:registry1:alice 6. Authenticate Alice based on authentication method Pk DID Method Implementation
Indian Institute of Technology Kharagpur • DID Registry ideally enforces DID Method protocols. • Centralized DID Registry brings in risks • Manipulating DID Documents • Changing authentication methods • Censoring DID Documents • Refusing to resolve certain DID Documents • Lack of Transparency. DID Method Security Verifiable Data Registry - (registry1) DID Method Implementation Centralized
Indian Institute of Technology Kharagpur • Blockchain Based Implementation of Verifiable Data Registry • DID Methods are implemented as smart contracts. • Smart contracts enforce how authorization is performed to execute all operations, including any necessary cryptographic processes. • Transparent Immutable Ledger allows verifiability of DID Documents • Any party can validate if a DID Document's creation / updation transactions were authenticated or not. Decentralized DID Registry Verifiable Data Registry
Indian Institute of Technology Kharagpur Blockchain based DID Registry Sidetree https://identity.foundation/sidetree/spec/ https://hyperledger-indy.readthedocs.io/en/latest/ Public permissioned ledger based registry. • Any party can read the ledger. • Only selected (registered) parties and write to the ledger. Protocol for creating scalable DIDnetworks that can run atop any existing permissionless blockchain. (e.g. Bitcoin, Ethereum, etc.)
Indian Institute of Technology Kharagpur • DIDs only allow a DID controller to prove its control over its DID Document. • This is useful to authenticate an entity with respect to its DID Binding DID to Physical Identity Public key: Pk, Secret key: Sk DID Doc - PK Authenticate based on Pk Fetch DID Doc Does not reveal any physical detail. If some physical detail is presented, then that is only self attested by the DID controller, and not any verified information.
Indian Institute of Technology Kharagpur • DIDs only allow a DID controller to prove its control over its DID Document. • This is useful to authenticate an entity with respect to its DID Binding DID to Physical Identity Public key: Pk, Secret key: Sk DID are not inherently tied to any physical identity (real world identity). DID Doc - PK Authenticate based on Pk Fetch DID Doc Does not reveal any physical detail.
Indian Institute of Technology Kharagpur • Verifiable Credentials Data Model – W3C Recommendation • Digital Representation of Credentials • Driver's licenses - assert that capability of operating a motor vehicle • University degrees - assert our level of education • Government-issued passports - permit to travel between countries • Identity – Birth Certificate, Citizenship Certificate, etc. • Decouples Issuer, Holder and Verifier • Cryptographically secure • Privacy respecting • Machine-verifiable Verifiable Credentials https://www.w3.org/TR/vc-data-model/
Indian Institute of Technology Kharagpur VC Data Model Components https://www.w3.org/TR/vc-data-model/
Indian Institute of Technology Kharagpur VC Data Model Components Subject - Entity about which claims are made. Example subjects include human beings, animals, and things. Holder of a VC might not be the subject - example, a parent (the holder) might hold the verifiable credentials of a child (the subject), or a pet owner (the holder) might hold the verifiable credentials of their pet (the subject). Note: some credentials might even be self-certified by the subject Verifier – Receives verifiable presentation to assert claims about subject. Example verifiers include employers, security personnel, and websites. Verifiable data registry - System for creation and verification of DID, keys, and other relevant data, such as VC schemas, revocation registries, issuer public keys, and so on. Holder - possesses one or more VC and generating verifiable presentations from them. Example holders include students, employees, and customers.​ Issuer –Asserts claims (in physical world) about one or more subjects, creating a VC from these claims, and transmitting the VC to a holder. Example issuers include universities, governments, etc.​ https://www.w3.org/TR/vc-data-model/
Indian Institute of Technology Kharagpur VC Data A claim is a statement about a subject. Here Pat and Sam are subjects. A credential is a set of one or more claims made by the same entity. Proof is usually signature by the issuer Claims https://www.w3.org/TR/vc-data-model/
Indian Institute of Technology Kharagpur Information graph of Verifiable Presentation A verifiable presentation expresses data from one or more VCs, and is packaged in such a way that the authorship of the data is verifiable. Holder has to convince that indeed the VC was issued to him https://www.w3.org/TR/vc-data-model/
Indian Institute of Technology Kharagpur Information graph of a basic Verifiable Credential https://www.w3.org/TR/vc-data-model/ These two together are effectively forming the verifiable credential for Pat
Indian Institute of Technology Kharagpur Verifiable Credentials Flow https://www.w3.org/TR/vc-data-model/
Indian Institute of Technology Kharagpur • Acting as issuer, holder, or verifier requires neither registration nor approval by any authority, as the trust involved is bilateral between parties. • Verifier trusts the issuer to issue the VC that it received. To establish this trust, a VC is expected to either: • Include a proof establishing that the issuer generated the credential (signature), or • VC has been transmitted in a way clearly establishing that the issuer generated VC is not tampered in transit or storage. • All entities trust the verifiable data registry to be tamper-evident and to be correct. Blockchain can help?? • The holder and verifier trust the issuer to issue true (that is, not false) credentials about the subject, and to revoke them quickly when appropriate. VC Trust Model https://www.w3.org/TR/vc-data-model/
Indian Institute of Technology Kharagpur Step 1. Create and register DID Combining DIDs and VCs DID Method Implementation 1. Create and register DID Document did:registry1:alice Verifiable Data Registry Alice University
Indian Institute of Technology Kharagpur Step 2. Issue Verifiable Credential Combining DIDs and VCs DID Method Implementation Verifiable Data Registry Alice University 2. Alice Requests Transcript VC issued to did:registry1:alice 4. Alice authenticates as controller of did:registry1:alice 5. University issues Transcript VC Holder: did:registry1:alice Issuer: did:registry1:university
Indian Institute of Technology Kharagpur Step 3. Verifiable Presentation and Verification Combining DIDs and VCs DID Method Implementation Verifiable Data Registry Alice Industry 6. Industry requests Transcript VP 7. Alice presents Transcript VP with signature authenticating did:registry1:alice 8. Industry validates Transcript Issued to did:registry:alice 9. Industry validates issuer of Transcript by validating issuer's signature.
Indian Institute of Technology Kharagpur • Hyperledger Aries is meant for creating, transmitting and storing verifiable digital credentials Use of Blockchain for VCs
Indian Institute of Technology Kharagpur 37

Recommended

FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/Sovrin
FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/SovrinFOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/Sovrin
FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/SovrinCalvin Cheng
 
OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)Torsten Lodderstedt
 
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19Andrew Hughes
 
Introduction to Self Sovereign Identity
Introduction to Self Sovereign IdentityIntroduction to Self Sovereign Identity
Introduction to Self Sovereign IdentityHeather Vescent
 
Hyperledger Indy tutorial
Hyperledger Indy tutorialHyperledger Indy tutorial
Hyperledger Indy tutorialssuser3993f3
 
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...SSIMeetup
 
Self-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web SummitSelf-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web SummitKaliya "Identity Woman" Young
 
Self Sovereign Identity (SSI) Open standards with Drummond Reed
Self Sovereign Identity (SSI) Open standards with Drummond Reed Self Sovereign Identity (SSI) Open standards with Drummond Reed
Self Sovereign Identity (SSI) Open standards with Drummond Reed SSIMeetup
 

Recommended

FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/Sovrin
FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/SovrinFOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/Sovrin
FOSSASIA 2018 Self-Sovereign Identity with Hyperledger Indy/SovrinCalvin Cheng
 
OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)Torsten Lodderstedt
 
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19Andrew Hughes
 
Introduction to Self Sovereign Identity
Introduction to Self Sovereign IdentityIntroduction to Self Sovereign Identity
Introduction to Self Sovereign IdentityHeather Vescent
 
Hyperledger Indy tutorial
Hyperledger Indy tutorialHyperledger Indy tutorial
Hyperledger Indy tutorialssuser3993f3
 
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...SSIMeetup
 
Self-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web SummitSelf-Sovereign Identity for the Decentralized Web Summit
Self-Sovereign Identity for the Decentralized Web SummitKaliya "Identity Woman" Young
 
Self Sovereign Identity (SSI) Open standards with Drummond Reed
Self Sovereign Identity (SSI) Open standards with Drummond Reed Self Sovereign Identity (SSI) Open standards with Drummond Reed
Self Sovereign Identity (SSI) Open standards with Drummond Reed SSIMeetup
 
Identity 3.0 and Oracle
Identity 3.0 and OracleIdentity 3.0 and Oracle
Identity 3.0 and OracleBram van Pelt
 
Identity 3.0 and Oracle at AMIS25
Identity 3.0 and Oracle at AMIS25Identity 3.0 and Oracle at AMIS25
Identity 3.0 and Oracle at AMIS25Getting value from IoT, Integration and Data Analytics
 
OSCON 2018 Getting Started with Hyperledger Indy
OSCON 2018 Getting Started with Hyperledger IndyOSCON 2018 Getting Started with Hyperledger Indy
OSCON 2018 Getting Started with Hyperledger IndyTracy Kuhrt
 
Barcelona presentationv6
Barcelona presentationv6Barcelona presentationv6
Barcelona presentationv6Mohan Venkataraman
 
Returning to Online Privacy - W3C/ANU Future of the Web Roadshow 20190221
Returning to Online Privacy - W3C/ANU Future of the Web Roadshow 20190221Returning to Online Privacy - W3C/ANU Future of the Web Roadshow 20190221
Returning to Online Privacy - W3C/ANU Future of the Web Roadshow 20190221David Wood
 
Dapp
DappDapp
DappShubhamKumar2038
 
TOP FEATURES OF CertiDApp
TOP FEATURES OF CertiDAppTOP FEATURES OF CertiDApp
TOP FEATURES OF CertiDAppVarun Khandelwal
 
IRJET- Keep It – A System to Store Certificates and Develop a Profile
IRJET- Keep It – A System to Store Certificates and Develop a ProfileIRJET- Keep It – A System to Store Certificates and Develop a Profile
IRJET- Keep It – A System to Store Certificates and Develop a ProfileIRJET Journal
 
Introduction to Self Sovereign Identity - IIW October 2019
Introduction to Self Sovereign Identity - IIW October 2019Introduction to Self Sovereign Identity - IIW October 2019
Introduction to Self Sovereign Identity - IIW October 2019Heather Vescent
 
Blockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from PatentsBlockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from PatentsAlex G. Lee, Ph.D. Esq. CLP
 
Introduction to Self-Sovereign Identity
Introduction to Self-Sovereign IdentityIntroduction to Self-Sovereign Identity
Introduction to Self-Sovereign IdentityKaryl Fowler
 
OpenID for SSI
OpenID for SSIOpenID for SSI
OpenID for SSITorsten Lodderstedt
 
Development of Digital Identity Systems
Development of Digital Identity Systems Development of Digital Identity Systems
Development of Digital Identity Systems Maganathin Veeraragaloo
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 
OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)Torsten Lodderstedt
 
Integrating with the ORCID API
Integrating with the ORCID APIIntegrating with the ORCID API
Integrating with the ORCID APINobuko Miyairi
 
Mercedes Wyss - Modern Identity Management (in the Era of Serverless and Micr...
Mercedes Wyss - Modern Identity Management (in the Era of Serverless and Micr...Mercedes Wyss - Modern Identity Management (in the Era of Serverless and Micr...
Mercedes Wyss - Modern Identity Management (in the Era of Serverless and Micr...Codemotion
 
The Domains of Identity & Self-Sovereign Identity MyData 2018
The Domains of Identity & Self-Sovereign Identity MyData 2018The Domains of Identity & Self-Sovereign Identity MyData 2018
The Domains of Identity & Self-Sovereign Identity MyData 2018Kaliya "Identity Woman" Young
 
Overview of Decentralized Identity
Overview of Decentralized IdentityOverview of Decentralized Identity
Overview of Decentralized IdentityJim Flynn
 
Digital Locker System (DigiLocker) - A Government of India Initiative_1.pptx
Digital Locker System (DigiLocker) - A Government of India Initiative_1.pptxDigital Locker System (DigiLocker) - A Government of India Initiative_1.pptx
Digital Locker System (DigiLocker) - A Government of India Initiative_1.pptxAnkitKumar519788
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxPoojaSen20
 

More Related Content

Similar to Despite both sides having different benefits and tradeoffs, DeFi and CeFi are representing a brand new paradigm in finance and spurring innovation in the sector.

Identity 3.0 and Oracle
Identity 3.0 and OracleIdentity 3.0 and Oracle
Identity 3.0 and OracleBram van Pelt
 
OSCON 2018 Getting Started with Hyperledger Indy
OSCON 2018 Getting Started with Hyperledger IndyOSCON 2018 Getting Started with Hyperledger Indy
OSCON 2018 Getting Started with Hyperledger IndyTracy Kuhrt
 
Returning to Online Privacy - W3C/ANU Future of the Web Roadshow 20190221
Returning to Online Privacy - W3C/ANU Future of the Web Roadshow 20190221Returning to Online Privacy - W3C/ANU Future of the Web Roadshow 20190221
Returning to Online Privacy - W3C/ANU Future of the Web Roadshow 20190221David Wood
 
IRJET- Keep It – A System to Store Certificates and Develop a Profile
IRJET- Keep It – A System to Store Certificates and Develop a ProfileIRJET- Keep It – A System to Store Certificates and Develop a Profile
IRJET- Keep It – A System to Store Certificates and Develop a ProfileIRJET Journal
 
Introduction to Self Sovereign Identity - IIW October 2019
Introduction to Self Sovereign Identity - IIW October 2019Introduction to Self Sovereign Identity - IIW October 2019
Introduction to Self Sovereign Identity - IIW October 2019Heather Vescent
 
Blockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from PatentsBlockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from PatentsAlex G. Lee, Ph.D. Esq. CLP
 
Introduction to Self-Sovereign Identity
Introduction to Self-Sovereign IdentityIntroduction to Self-Sovereign Identity
Introduction to Self-Sovereign IdentityKaryl Fowler
 
Development of Digital Identity Systems
Development of Digital Identity Systems Development of Digital Identity Systems
Development of Digital Identity Systems Maganathin Veeraragaloo
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 
OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)Torsten Lodderstedt
 
Integrating with the ORCID API
Integrating with the ORCID APIIntegrating with the ORCID API
Integrating with the ORCID APINobuko Miyairi
 
Mercedes Wyss - Modern Identity Management (in the Era of Serverless and Micr...
Mercedes Wyss - Modern Identity Management (in the Era of Serverless and Micr...Mercedes Wyss - Modern Identity Management (in the Era of Serverless and Micr...
Mercedes Wyss - Modern Identity Management (in the Era of Serverless and Micr...Codemotion
 
The Domains of Identity & Self-Sovereign Identity MyData 2018
The Domains of Identity & Self-Sovereign Identity MyData 2018The Domains of Identity & Self-Sovereign Identity MyData 2018
The Domains of Identity & Self-Sovereign Identity MyData 2018Kaliya "Identity Woman" Young
 
Overview of Decentralized Identity
Overview of Decentralized IdentityOverview of Decentralized Identity
Overview of Decentralized IdentityJim Flynn
 
Digital Locker System (DigiLocker) - A Government of India Initiative_1.pptx
Digital Locker System (DigiLocker) - A Government of India Initiative_1.pptxDigital Locker System (DigiLocker) - A Government of India Initiative_1.pptx
Digital Locker System (DigiLocker) - A Government of India Initiative_1.pptxAnkitKumar519788
 

Similar to Despite both sides having different benefits and tradeoffs, DeFi and CeFi are representing a brand new paradigm in finance and spurring innovation in the sector. (20)

Identity 3.0 and Oracle
Identity 3.0 and OracleIdentity 3.0 and Oracle
Identity 3.0 and Oracle
 
Identity 3.0 and Oracle at AMIS25
Identity 3.0 and Oracle at AMIS25Identity 3.0 and Oracle at AMIS25
Identity 3.0 and Oracle at AMIS25
 
OSCON 2018 Getting Started with Hyperledger Indy
OSCON 2018 Getting Started with Hyperledger IndyOSCON 2018 Getting Started with Hyperledger Indy
OSCON 2018 Getting Started with Hyperledger Indy
 
Barcelona presentationv6
Barcelona presentationv6Barcelona presentationv6
Barcelona presentationv6
 
Returning to Online Privacy - W3C/ANU Future of the Web Roadshow 20190221
Returning to Online Privacy - W3C/ANU Future of the Web Roadshow 20190221Returning to Online Privacy - W3C/ANU Future of the Web Roadshow 20190221
Returning to Online Privacy - W3C/ANU Future of the Web Roadshow 20190221
 
Dapp
DappDapp
Dapp
 
TOP FEATURES OF CertiDApp
TOP FEATURES OF CertiDAppTOP FEATURES OF CertiDApp
TOP FEATURES OF CertiDApp
 
IRJET- Keep It – A System to Store Certificates and Develop a Profile
IRJET- Keep It – A System to Store Certificates and Develop a ProfileIRJET- Keep It – A System to Store Certificates and Develop a Profile
IRJET- Keep It – A System to Store Certificates and Develop a Profile
 
Introduction to Self Sovereign Identity - IIW October 2019
Introduction to Self Sovereign Identity - IIW October 2019Introduction to Self Sovereign Identity - IIW October 2019
Introduction to Self Sovereign Identity - IIW October 2019
 
Blockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from PatentsBlockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from Patents
 
Introduction to Self-Sovereign Identity
Introduction to Self-Sovereign IdentityIntroduction to Self-Sovereign Identity
Introduction to Self-Sovereign Identity
 
OpenID for SSI
OpenID for SSIOpenID for SSI
OpenID for SSI
 
Development of Digital Identity Systems
Development of Digital Identity Systems Development of Digital Identity Systems
Development of Digital Identity Systems
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
 
OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)
 
Integrating with the ORCID API
Integrating with the ORCID APIIntegrating with the ORCID API
Integrating with the ORCID API
 
Mercedes Wyss - Modern Identity Management (in the Era of Serverless and Micr...
Mercedes Wyss - Modern Identity Management (in the Era of Serverless and Micr...Mercedes Wyss - Modern Identity Management (in the Era of Serverless and Micr...
Mercedes Wyss - Modern Identity Management (in the Era of Serverless and Micr...
 
The Domains of Identity & Self-Sovereign Identity MyData 2018
The Domains of Identity & Self-Sovereign Identity MyData 2018The Domains of Identity & Self-Sovereign Identity MyData 2018
The Domains of Identity & Self-Sovereign Identity MyData 2018
 
Overview of Decentralized Identity
Overview of Decentralized IdentityOverview of Decentralized Identity
Overview of Decentralized Identity
 
Digital Locker System (DigiLocker) - A Government of India Initiative_1.pptx
Digital Locker System (DigiLocker) - A Government of India Initiative_1.pptxDigital Locker System (DigiLocker) - A Government of India Initiative_1.pptx
Digital Locker System (DigiLocker) - A Government of India Initiative_1.pptx
 

Recently uploaded

_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxPoojaSen20
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPoojaSen20
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991RKavithamani
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 

Recently uploaded (20)

_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docx
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptx
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 

Despite both sides having different benefits and tradeoffs, DeFi and CeFi are representing a brand new paradigm in finance and spurring innovation in the sector.

  • 1. INDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR Sandip Chakraborty sandipc@cse.iitkgp.ac.in Department of Computer Science and Engineering CS61065: Theory and Applications of Blockchain IDENTITY MANAGEMENT
  • 2. Indian Institute of Technology Kharagpur • People are known by their identities - drives every business and social interactions • Physical Identity is a collection of attributes • Name • Age • Financial history • Work history • Address history • Social history What is Identity? Source: https://securityintelligence.com/reimagining-the- future-of-identity-management-with-blockchain/
  • 3. Indian Institute of Technology Kharagpur • Individuals do not have any control over the information that comprises their identities • Identity fraud - no visibility over the identity attributes • Authentication • Authorization • Verification Centralized Digital Identity
  • 4. Indian Institute of Technology Kharagpur • Individuals do not have any control over the information that comprises their identities • Identity fraud - no visibility over the identity attributes • Authentication • Authorization • Verification Centralized Digital Identity
  • 5. Indian Institute of Technology Kharagpur Digital Identity - Single Sign On (SSO) • Single identity for various purposes – No need to maintain multiple identity documents • Widely conceptualized in software industry – One password to access multiple services • Single identity provider (IDP) maintains the identity • Identity consumers (services) use the IDP to authenticate the identity holder – During authentication, the identity is not exposed to the services Image Source: https://www.e-spincorp.com/global- theme-and-feature-topics/single-sign-on-sso/
  • 6. Indian Institute of Technology Kharagpur SSO and Decentralization Identity Database Recordkeeping Agency (IDP) Bank Post Office Mobile Companies for user identity verification Public Sector Services User
  • 7. Indian Institute of Technology Kharagpur • No Centralized Trusted Identity Provider / Registry • Digital representation of physical identity. • Two major problems: • Verifying the identity issuer • Verifying the identity holder Decentralizing Digital Identity Issuer - Government Holder Verifier
  • 8. Indian Institute of Technology Kharagpur • No Centralized Trusted Identity Provider / Registry • Digital representation of physical identity. • Two major problems: • Verifying the identity issuer • Verifying the identity holder Decentralizing Digital Identity Issuer - Government Holder Verifier
  • 9. Indian Institute of Technology Kharagpur • Self-Sovereign Identity (Privacy Control) • Individual should have full control and ownership of their identity information • Individuals can control the usage of their own identity profile for business and social interactions (Consent - agreement for information usage) • Identical to how we use our physical identity • Holder possesses the ID • Holder chooses whom to present the ID • Burden at individual user? Fundamental Principles of Digital Identity Management
  • 10. Indian Institute of Technology Kharagpur • Provides Verifiable, Decentralized Digital identity • Designed to be decoupled from: • centralized registries • identity providers • certificate authorities • Holder of DID can prove its ownership on the DID without the help of any other party. • W3C Proposed Recommendation Decentralized Identifiers (DIDs) https://www.w3.org/TR/did-core/
  • 11. Indian Institute of Technology Kharagpur DID Architecture https://www.w3.org/TR/did-core/
  • 12. Indian Institute of Technology Kharagpur DID Architecture https://www.w3.org/TR/did-core/ 1. Unique URI – identifies a subject. 2. Entity (person / organization / etc.. ) being identified. 3. Entity with permission to change DID document. Might be same as subject. 4. Contains information (e.g public key of controller) about the DID. 5. System where DID documents are stored.
  • 13. Indian Institute of Technology Kharagpur • Controller controls a DID Document. • A DID is a unique address (URI) to the location of that document. DID URI System which supports DID scheme. - Eg. DID resolution. Uniquely identifies a DID doc within the DID Method. https://www.w3.org/TR/did-core/ http://www.faqs.org/rfcs/rfc2396.html
  • 14. Indian Institute of Technology Kharagpur A DID Document is a set of data describing the DID subject, including mechanisms, such as cryptographic public keys, that the DID subject or a DID delegate can use to authenticate itself and prove its association with the DID. A DID document consists of a map of entries, where each entry consists of a key/value pair. DID Document https://www.w3.org/TR/did-core/ Extensions can also include degree completed, etc. Representation-specific entries include JSON, XML, etc
  • 15. Indian Institute of Technology Kharagpur { "id": "did:example:123456789abcdefghi", "authentication": [{ "id": "did:example:123456789abcdefghi#keys-1", "type": "Ed25519VerificationKey2020", "controller": "did:example:123456789abcdefghi", "publicKeyMultibase": "zH3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV" }], "service": [{ "id":"did:example:123456789abcdefghi#linked-domain", "type": "LinkedDomains", // external (property value) "serviceEndpoint": https://bar.example.com }] } DID Document Example (JSON) https://www.w3.org/TR/did-core/ DID for a particular DID subject Verification Method specifying how the DID subject can authenticate itself. Service Endpoint denoting ways of communicating with the DID subject It tells how to reach the subject. Otherwise, there is no meaningful use of authentication Note: There is no sensitive information in DID document
  • 16. Indian Institute of Technology Kharagpur Relationship Between DID, DID Document and DID Controller -A DID is an identifier assigned by a DID controller to refer to a DID subject and resolve to a DID document that describes the DID subject. - The DID document is an artifact of DID resolution and not a separate resource distinct from the DID subject. - DID document resides inside verifiable data registry
  • 17. Indian Institute of Technology Kharagpur Relationship Between DID, DID Document and DID Controller Often the DID Subject and the DID Controller are the same entity.
  • 18. Indian Institute of Technology Kharagpur DID Flow – DID Registration 1. Create DID Document Verifiable Data Registry - (registry1) id: did:registry1:alice, authentication: Pk controller: did:registry1:alice Public key: Pk, Secret key: Sk 0. Generate Keys 2. Register DID DID Doc signedby(Sk) Alice 3. Authenticates DID controller (here based on signature) 4. Updates DID Document DID Method Implementation
  • 19. Indian Institute of Technology Kharagpur DID Flow – Proving Control over DID 1. Create DID Document Verifiable Data Registry - (registry1) id: did:registry1:alice, authentication: Pk controller: did:registry1:alice Public key: Pk, Secret key: Sk 0. Generate Keys 2. Register DID DID Doc signedby(Sk) Alice 3. Authenticates DID controller (here based on signature) 4. Updates DID Document Bob (wants to authenticate the subject of did:registry1:alice) 5. Fetch DID Document for did:registry1:alice 6. Authenticate Alice based on authentication method Pk DID Method Implementation
  • 20. Indian Institute of Technology Kharagpur • DID Registry ideally enforces DID Method protocols. • Centralized DID Registry brings in risks • Manipulating DID Documents • Changing authentication methods • Censoring DID Documents • Refusing to resolve certain DID Documents • Lack of Transparency. DID Method Security Verifiable Data Registry - (registry1) DID Method Implementation Centralized
  • 21. Indian Institute of Technology Kharagpur • Blockchain Based Implementation of Verifiable Data Registry • DID Methods are implemented as smart contracts. • Smart contracts enforce how authorization is performed to execute all operations, including any necessary cryptographic processes. • Transparent Immutable Ledger allows verifiability of DID Documents • Any party can validate if a DID Document's creation / updation transactions were authenticated or not. Decentralized DID Registry Verifiable Data Registry
  • 22. Indian Institute of Technology Kharagpur Blockchain based DID Registry Sidetree https://identity.foundation/sidetree/spec/ https://hyperledger-indy.readthedocs.io/en/latest/ Public permissioned ledger based registry. • Any party can read the ledger. • Only selected (registered) parties and write to the ledger. Protocol for creating scalable DIDnetworks that can run atop any existing permissionless blockchain. (e.g. Bitcoin, Ethereum, etc.)
  • 23. Indian Institute of Technology Kharagpur • DIDs only allow a DID controller to prove its control over its DID Document. • This is useful to authenticate an entity with respect to its DID Binding DID to Physical Identity Public key: Pk, Secret key: Sk DID Doc - PK Authenticate based on Pk Fetch DID Doc Does not reveal any physical detail. If some physical detail is presented, then that is only self attested by the DID controller, and not any verified information.
  • 24. Indian Institute of Technology Kharagpur • DIDs only allow a DID controller to prove its control over its DID Document. • This is useful to authenticate an entity with respect to its DID Binding DID to Physical Identity Public key: Pk, Secret key: Sk DID are not inherently tied to any physical identity (real world identity). DID Doc - PK Authenticate based on Pk Fetch DID Doc Does not reveal any physical detail.
  • 25. Indian Institute of Technology Kharagpur • Verifiable Credentials Data Model – W3C Recommendation • Digital Representation of Credentials • Driver's licenses - assert that capability of operating a motor vehicle • University degrees - assert our level of education • Government-issued passports - permit to travel between countries • Identity – Birth Certificate, Citizenship Certificate, etc. • Decouples Issuer, Holder and Verifier • Cryptographically secure • Privacy respecting • Machine-verifiable Verifiable Credentials https://www.w3.org/TR/vc-data-model/
  • 26. Indian Institute of Technology Kharagpur VC Data Model Components https://www.w3.org/TR/vc-data-model/
  • 27. Indian Institute of Technology Kharagpur VC Data Model Components Subject - Entity about which claims are made. Example subjects include human beings, animals, and things. Holder of a VC might not be the subject - example, a parent (the holder) might hold the verifiable credentials of a child (the subject), or a pet owner (the holder) might hold the verifiable credentials of their pet (the subject). Note: some credentials might even be self-certified by the subject Verifier – Receives verifiable presentation to assert claims about subject. Example verifiers include employers, security personnel, and websites. Verifiable data registry - System for creation and verification of DID, keys, and other relevant data, such as VC schemas, revocation registries, issuer public keys, and so on. Holder - possesses one or more VC and generating verifiable presentations from them. Example holders include students, employees, and customers.​ Issuer –Asserts claims (in physical world) about one or more subjects, creating a VC from these claims, and transmitting the VC to a holder. Example issuers include universities, governments, etc.​ https://www.w3.org/TR/vc-data-model/
  • 28. Indian Institute of Technology Kharagpur VC Data A claim is a statement about a subject. Here Pat and Sam are subjects. A credential is a set of one or more claims made by the same entity. Proof is usually signature by the issuer Claims https://www.w3.org/TR/vc-data-model/
  • 29. Indian Institute of Technology Kharagpur Information graph of Verifiable Presentation A verifiable presentation expresses data from one or more VCs, and is packaged in such a way that the authorship of the data is verifiable. Holder has to convince that indeed the VC was issued to him https://www.w3.org/TR/vc-data-model/
  • 30. Indian Institute of Technology Kharagpur Information graph of a basic Verifiable Credential https://www.w3.org/TR/vc-data-model/ These two together are effectively forming the verifiable credential for Pat
  • 31. Indian Institute of Technology Kharagpur Verifiable Credentials Flow https://www.w3.org/TR/vc-data-model/
  • 32. Indian Institute of Technology Kharagpur • Acting as issuer, holder, or verifier requires neither registration nor approval by any authority, as the trust involved is bilateral between parties. • Verifier trusts the issuer to issue the VC that it received. To establish this trust, a VC is expected to either: • Include a proof establishing that the issuer generated the credential (signature), or • VC has been transmitted in a way clearly establishing that the issuer generated VC is not tampered in transit or storage. • All entities trust the verifiable data registry to be tamper-evident and to be correct. Blockchain can help?? • The holder and verifier trust the issuer to issue true (that is, not false) credentials about the subject, and to revoke them quickly when appropriate. VC Trust Model https://www.w3.org/TR/vc-data-model/
  • 33. Indian Institute of Technology Kharagpur Step 1. Create and register DID Combining DIDs and VCs DID Method Implementation 1. Create and register DID Document did:registry1:alice Verifiable Data Registry Alice University
  • 34. Indian Institute of Technology Kharagpur Step 2. Issue Verifiable Credential Combining DIDs and VCs DID Method Implementation Verifiable Data Registry Alice University 2. Alice Requests Transcript VC issued to did:registry1:alice 4. Alice authenticates as controller of did:registry1:alice 5. University issues Transcript VC Holder: did:registry1:alice Issuer: did:registry1:university
  • 35. Indian Institute of Technology Kharagpur Step 3. Verifiable Presentation and Verification Combining DIDs and VCs DID Method Implementation Verifiable Data Registry Alice Industry 6. Industry requests Transcript VP 7. Alice presents Transcript VP with signature authenticating did:registry1:alice 8. Industry validates Transcript Issued to did:registry:alice 9. Industry validates issuer of Transcript by validating issuer's signature.
  • 36. Indian Institute of Technology Kharagpur • Hyperledger Aries is meant for creating, transmitting and storing verifiable digital credentials Use of Blockchain for VCs
  • 37. Indian Institute of Technology Kharagpur 37