The DID Report 1: The First Official W3C DID Working Group Meeting (Japan)- Drummond Reed/Markus Sabadello

The DID Report—September 2019
First Meeting of the New W3C DID Working Group in Japan
Drummond Reed
W3C DID speciﬁcation
co-author
Chief Trust Officer Evernym
This presentation is released under a Creative Commons license. (CC BY-SA 4.0). SSIMeetup.org
Markus Sabadello
W3C DID speciﬁcation
co-author
Founder Danube Tech

1. Empower global SSI communities
2. Open to everyone interested in SSI
3. All content is shared with CC BY SA
SSIMeetup.org
Alex Preukschat @SSIMeetup @AlexPreukschat
Coordinating Node SSIMeetup.org
https://creativecommons.org/licenses/by-sa/4.0/
SSIMeetup objectives

Your Reporters
Drummond Reed
● 20 years in Internet ID
standards
● Co-Editor W3C DID Spec—
Initial spec author
● Sovrin Foundation Trustee
& Chair of Governance WG
● Evernym Chief Trust Oﬃcer
3
Markus Sabadello
● 15 years in Internet ID
standards
● Co-Editor W3C DID Spec
and DID Resolution Spec
● Sovrin Foundation
Technical Gov Board
● Danube Tech Founder

Where does the story start?
4

● Work on DIDs began four years ago
● A ﬁrst draft spec gained real momentum
● It was contributed to the W3C Credentials
Community Group for further incubation
● After two years, the W3C membership voted to
form a full W3C Working Group
○ https://www.w3.org/2019/did-wg/
● This is a report on the ﬁrst meeting that just took
place at W3C TPAC in Fukuoka Japan
5

Part One:
Background
6

Let’s begin at the beginning:
What is a DID?
7

8
A DID is a new type of globally
unique identiﬁer (URI) that
does not require a centralized
registration authority because
control of the identiﬁer can be
proved using cryptography

Where did the term “DID” come from?
9

10

How long have you been working on
DIDs?
12

Timeline
13
2015 2016 2017 2018 2019
Spring IIW:
First
blockchain
identity
discussions
Fall IIW:
Decision to
begin
blockchain
ID projects
W3C VCTF:
A
Decentral-
ized Hash
Table for
the Web
DHS:
Awards 1st
blockchain
Identity
R&D
contracts
IIW+RWOT:
DID Spec
work fully
underway
IIW+RWOT:
First DID
Spec nearly
complete
DHS:
First DID
Spec
published &
contract
complete
DHS:
DKMS
contract
awarded;
work
begins
W3C CCG:
DID Spec
contributed
DHS:
DKMS
Design &
Architec-
ture V3
published
W3C CCG:
Second
draft of
DID Spec
W3C CCG:
Work on
DID WG
Charter
begins
W3C:
DID WG
Charter
approved
W3C CCG:
Community
Final
Draft of
DID Spec
DHS:
DKMS
Design &
Architec-
ture V4
published

How widely are DIDs in use today?
14

Some statistics
● There are currently 32 DID methods registered in the informal W3C
Credentials Community Group DID Method Registry
○ https://w3c-ccg.github.io/did-method-registry/
○ Three for Bitcoin
○ Six for Ethereum
● The Sovrin Foundation currently has 71 stewards around the world
hosting a public permissioned distributed ledger for DIDs
● The Canadian provinces of British Columbia and Ontario have issued
over 1.4 million veriﬁable business license credentials based on DIDs
15

Part Two:
Understanding DIDs
16

Why did the U.S. Department of
Homeland Security fund the initial
development of the DID spec?
17

The four core properties of a DID
1. A permanent (persistent) identifier
It never needs to change
2. A resolvable identifier
You can look it up to discover metadata
3. A cryptographically-verifiable identifier
You can prove control using cryptography
4. A decentralized identifier
No centralized registration authority is required
18

What does a DID look like?
19

URNs (Uniform Resource Names, RFC 8141)
20
DIDs

What is a DID method?
21

A DID Method...
Deﬁnes how to perform the four CRUD operations on a DID
1. Create: How to generate a new DID
2. Read: How to resolve a DID into a DID document
3. Update: How to write a new version of a DID document
4. De-activate: How to revoke (terminate) a DID so it no
longer functions
22

What is a DID document?
23

A DID Document...
Contains metadata for describing and interacting with the
DID subject (the entity identiﬁed by the DID)
1. Public keys or other cryptographic proof material
2. Service endpoints for engaging in trusted interactions
3. Authentication mechanisms for proving control of the
DID
4. Other metadata
24

Example DID Document in JSON-LD
25
{
"@context": "https://w3id.org/did/v1",
"id": "did:example:456",
"publicKey": [
{
"id": "did:example:456#key-1",
"type": "Ed25519VerificationKey2018",
"publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjJCwDmqPV"
}
],
"service": {
"type": "hub",
"serviceEndpoint":
"https://cloud.service.com/hub/did:example:456"
},
"authentication": {
"did:example:456#key-1"
}
}

What is DID resolution?
26

DID Resolution...
Is the process of using the DID to look up and retrieve a
copy of the DID document
● How this is done depends on the DID method
○ Defined by the Read operation
● Different DID methods do this in different ways
● DID Resolution is a separate specification
○ Not in scope for the W3C DID Working Group
27

Who is deﬁning DID Resolution?
28

What will happen where?
DID Spec
(DID Working Group)
DID URI Scheme
DID Document Data Model
DID Document Syntax(es)
Requirements for DID Methods
Security+Privacy Considerations
DID Resolution Spec
(Credentials Community Group)
DID Resolution Algorithm
DID URL Dereferencing Algorithm
HTTP(S) Binding
Input Options
Result Metadata
DID Method Specs
(by anyone)
Method Name
Method-specific Identifier
Create, Read, Update, Deactivate
Security+Privacy Considerations

Part Three:
The W3C DID Working Group
30

Who is in the DID Working Group?
31

● Chairs
○ Dan Burnett (ConsenSys), Brent Zundel (Evernym)
● Editors
○ Manu Sporny (Digital Bazaar), Drummond Reed (Evernym),
Markus Sabadello (Danube Tech)
● 54 participants from 18 member orgs
○ AKASHA, BrightLink, Conexxus, Credly, Etri, GS1, Microsoft,
Scottish Government, SecureKey, Sovrin Foundation, Surf
Net, Transmute, Universities Admissions Centre, Wiley
32
W3C DID Working Group

What are the deliverables of the WG?
33

Deliverables
● Recommendation-Track Specification
○ Decentralized Identifiers v1.0
● W3C Notes
○ Decentralized Identifier Use Cases v1.0
○ Decentralized Characteristics Rubric v1.0
● Other Deliverables
○ Test Suite and Implementation Report
34

What is the proposed schedule?
35

Aug 2021Jul 2021
March 2021
(CR2)
Nov 2020
(CR1) .
Nov 2019
(FPWD)
Timing of the DID 1.0 Spec
36
May 2020
(Feature freeze)

Part Four:
DID Deep Dive
37

How many types of DIDs are there?
38

There are at least four categories of DIDs
1. Ledger-based: DIDs that are registered and resolved using
blockchains or distributed ledgers
2. Peer-to-peer: DIDs that are shared directly peer-to-peer
and do not require a public ledger
3. Layer 2: DIDs that leverage a blockchain or DLT but are not
registered on it directly
4. Alternative: interesting new types of DIDs that do not meet
all four core properties
39

Aren’t most DIDs based on blockchains
and distributed ledgers?
40

Ledger-Based DIDs
● Over 90% of current DID methods are ledger-based
○ Based on those in the W3C DID Method Registry:
https://w3c-ccg.github.io/did-method-registry/
● Two basic subtypes
○ DID is based on a blockchain address
○ DID is derived from a public/private key pair and then
registered on the blockchain using the private key
41

How are peer DIDs diﬀerent?
42
[Slides credit: Ken Ebert, Sovrin Foundation]

● Anywise DID
○ Unknowable parties
○ Publicly resolveable
● N-wise DID
○ N enumerated parties
○ Privately resolveable
● Pairwise DID
○ 2 parties
○ Privately resolveable
...
DIDs Are About Relationships
Government DID Alice DID
Blockchain
Alice DID Bob DID
Carol DID
Alice DID Bob DID
Bob DID

Sample
did:peer:11-479cbc07c3f991725836a3aa2a581ca2029198aa420b9d99bc0e131d9f3e2cbe
ABNF
peer-did = "did:peer:" numalgo encalgo "-" numbasis
numalgo = "1"
encalgo = "1"
numbasis = 64*HEXDIGCI
HEXDIGCI = HEXDIG / "a" / "b" / "c" / "d" / "e" / "f”
What's a Peer DID Look Like?

● Cheap: no transaction costs
● Fast
● Scalable: as a function of the participants
● Secure
● Reduced PI and privacy concerns
● Independent of any ledger: minimal political or technical baggage
● Graftable into other DID ecosystems
Beneﬁts of Peer DIDs

What is a “public key DID”?
46
[Slides credit: Ken Ebert, Sovrin Foundation]

Sample (ed25519 public key)
did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH
ABNF
did-key = "did:key:" multibase( multicodec( public-key ) )
multibase = function(bytes) => [1-9A-Za-z]
multicodec = function(codec, bytes) => codec[ed25519publickey -> 0xed, …] bytes
public-key = [0x00-0xff]
What's a Public Key-based
DID Look Like?

Beneﬁts of Public Key DIDs
● Self-describing
● Cheap: no transaction costs
● Fast
● Scalable: as a function of the participants
● Secure
● No PI and privacy concerns
● Independent of any ledger: minimal political or technical baggage
● Graftable into other DID ecosystems

What is a Layer 2 DID?
49
[Slides credit: Daniel Buchner, Microsoft]

Layer 2 DID Network

The Scale of Decentralized Identity:
Human Identity
There are 7.5 billion humans on Earth currently. At bare minimum, a
decentralized identity system must be capable of supporting identities for
all of them. Each person may have multiple Decentralized Identifiers, each
requiring their own PKI lineage.
Identity of All
Things.
Human identity is just the tip of the
iceberg – there is an entire world
containing hundreds of billions of
devices, machines, apps, and other
entities, both tangible and virtual.
51This presentation is released under a Creative Commons license. (CC BY-SA 4.0). SSIMeetup.org

Key Realization
Identifiers and PKI do not suffer from
the same double spend problem
money does, because DIDs do not need
to be transferred between parties like
assets. However, you must still prevent
double issuance and ensure all parties
on the DID network can derive a single
deterministic PKI state for an identifier.
How might these differences in
requirements affect how we approach
the architecture of a DID network?

What is ION?
ION is a public, permissionless, decentralized DID overlay
network that runs on Bitcoin, and leverages a deterministic
DPKI protocol, called Sidetree.

The path to a robust network - a three stage journey:
54
Stage 1
Larger entities run full nodes to
jumpstart the network
Stage 2
Entities with product needs
and early adopter hobbyists
start running full nodes ad
hoc
Stage 3
The long tail of developers, users,
and organizations run a mix of
light and full nodes to suit their
needs

What are “alternative DIDs”?
55
[Slides credit: Manu Sporny, Digital Bazaar]

Alternative DID
Methods...
Typically fall into at least one of
these categories.
● Based on deployed tech
● Utilize existing large networks
● May not be truly "decentralized"
● Doesn't use a cryptocurrency
● Bridge the old world to the new,
making the adjacent possible…
possible.

● did:web:example.com/jdoe
● Pros
○ It's a resource on the Web
○ Works today, zero changes to Web
○ Uses existing CA system
● Cons
○ No revision control
○ No audit trail
○ Uses existing CA system
did:web
A DID Method for the Web

● did:git:a7c...38a/b2f...9d1
● Pros
○ Blockchain-like version control
○ Digitally signed transaction history
○ Highly decentralized
● Cons
○ Undetectable "forking" possible
○ No single point of truth
○ High potential for DoS
did:git
A DID Method for developers

● did:ipid:12D...y5w
● Pros
○ Cheap to create (self-hosted)
○ Possible to replicate
○ Network is fault-tolerant
● Cons
○ DIDs can disappear
○ Possibly expensive to maintain
did:ipid
A DID Method layered on top of
a DHT-based clustered ﬁle
system

did:PROPRIETARY
DID Methods where the
namespace is owned by an
organization.
● did:facebook:jdoe, did:gmail:jdoe,
did:linkedin:jdoe
● Pros
○ Cheap to create and maintain
○ Clear responsibilities
○ Extremely reliable network
● Cons
○ Centralized network
○ Centralized governance
○ Not portable

What is a “DID rubric”?
61
[Slides credit: Joe Andrieu, Legendary Requirements]

From the DID WG Charter
Provide a rubric of decentralized
characteristics for DID Method specifications.
This allows the DID Method specifications to
self-certify, or independent third parties to
evaluate, the DID Method specification's level
of adherence to principles of decentralization.

Why a Rubric for Decentralization
of DID Methods?
► “Decentralized” is a quagmire
► Requirements for DID Methods led to
passionate, intense debate:
► The DID community came together with several
subtly different meanings of decentralization.
► How can we evaluate DID Methods against
the criteria driving this work?

Intentions
► A tool for evaluating DID Methods
► Objective & non-judgmental
► Minimize bias. Avoid advocacy. Champion
characterization.
► Evaluation is in the eye of the beholder
► Weighting / Selection of criteria based on use case
under evaluation
► Evaluations / Responses up to evaluator
► No summary rating. No universal metric.

Questions?

Image credits
Japanese ﬂag, by Steve Conover
67

The DID Report 1: The First Official W3C DID Working Group Meeting (Japan)- Drummond Reed/Markus Sabadello

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to The DID Report 1: The First Official W3C DID Working Group Meeting (Japan)- Drummond Reed/Markus Sabadello

Similar to The DID Report 1: The First Official W3C DID Working Group Meeting (Japan)- Drummond Reed/Markus Sabadello (20)

More from SSIMeetup

More from SSIMeetup (20)

Recently uploaded

Recently uploaded (20)

The DID Report 1: The First Official W3C DID Working Group Meeting (Japan)- Drummond Reed/Markus Sabadello