101 Session / Self-Sovereign Identity (SSI) DID’s, Verifiable Claims etc…

From IIW

Self-Sovereign Identity 101


Tuesday 5B

Convener: Drummond Reed

Notes-taker: John Callahan


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


Drummond Reed (see slides here: https://drive.google.com/file/d/1uxIZkJpO02GJHkWWdS3R2heLAOALDiTg/view?usp=sharing )


3 Models of Identity:

(1) Sioled (Centralized) Identity

(2) IDP (Federated) Identity

(3) Self-Sovereign Identity


Four Emerging Open Standards for SSI

(1) DID (Decentralized Identifier)

(2) DKMS (Decentralized Key Management System) - KMIP compatible

(3) DID Auth

(4) Verifiable Credentials (a W3C Working Group)


What is Self-Sovereign Identity?

  • DID = blockchain agnostic, prv/pub key pair
  • Mobile Device = Identity Agent
  • You will not have just ONE DID
  • You will have 1000s of DIDs
  • Each will give you a lifetime, encrypted channel with another person, org, thing

  (or can be highly emphemeral too)

  • You will not just use this to prove your identity, but also credentials
  • With no need to a centralized authority
  • Every DID is registered on a blockchain or distributed process
  • Self-sovereign Digital Identity = lifetime, PORTABLE, identity for any person,

  organization, or thing that does not depend on any centralized authority and

  can never be taken away


Decentralized Identifiers

  • DID itself (for self-description)
  • Set of public keys (for verification)
  • Set of auth protocols (for authentication)
  • Set of service endpoints


Decentralized Key Management System (DKMS)

  • Offline recovery (paper wallet)
  • Social recovery (trustee)


DID Auth

  • Prove control of a DID


Verifiable Credentials (formerly known as Verifiable Claims)

  • Issuer
  • Holder
  • Verifier