101 Session / Self-Sovereign Identity (SSI) DID’s, Verifiable Claims etc…
Self-Sovereign Identity 101
Tuesday 5B
Convener: Drummond Reed
Notes-taker: John Callahan
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Drummond Reed (see slides here: https://drive.google.com/file/d/1uxIZkJpO02GJHkWWdS3R2heLAOALDiTg/view?usp=sharing )
3 Models of Identity:
(1) Sioled (Centralized) Identity
(2) IDP (Federated) Identity
(3) Self-Sovereign Identity
Four Emerging Open Standards for SSI
(1) DID (Decentralized Identifier)
(2) DKMS (Decentralized Key Management System) - KMIP compatible
(3) DID Auth
(4) Verifiable Credentials (a W3C Working Group)
What is Self-Sovereign Identity?
- DID = blockchain agnostic, prv/pub key pair
- Mobile Device = Identity Agent
- You will not have just ONE DID
- You will have 1000s of DIDs
- Each will give you a lifetime, encrypted channel with another person, org, thing
(or can be highly emphemeral too)
- You will not just use this to prove your identity, but also credentials
- With no need to a centralized authority
- Every DID is registered on a blockchain or distributed process
- Self-sovereign Digital Identity = lifetime, PORTABLE, identity for any person,
organization, or thing that does not depend on any centralized authority and
can never be taken away
Decentralized Identifiers
- DID itself (for self-description)
- Set of public keys (for verification)
- Set of auth protocols (for authentication)
- Set of service endpoints
Decentralized Key Management System (DKMS)
- Offline recovery (paper wallet)
- Social recovery (trustee)
DID Auth
- Prove control of a DID
Verifiable Credentials (formerly known as Verifiable Claims)
- Issuer
- Holder
- Verifier