DID is the basis of globally available and interoperable identity ID, but a true identity system and infrastructure also requires a complete identity standard.
Extended reading: ” Demystifying Digital Identity: Key Components of Web 3.0 Interoperability “
Original title: “Uncovering the Mystery of Digital Identity (2/2)”
Written by: zuckerman
Translation: will
Proofreading: Tiny Bear
This series is divided into two parts, designed to help you decompose the identity of digital applications, services or products, especially for decentralized architecture and interoperable web. The purpose is to concretize a vague subject, to concretize a big problem, and to simplify the analysis of a difficult and empty field. The first part analyzes the role of identity in digital products. We discussed the social and technical definition of identity, the value it should bring to your product, and the flaws of incomplete identity solutions.
A strong and flexible identity standard
A good identification infrastructure should enable you to easily manage all user-related functions in a product, service, or ecosystem. The common solutions (outlined in the first part) usually fail at this point. They usually do not protect privacy. Usually they are too fragile to accommodate additions or changes. Moreover, even the best implementations do not have the proper foundation to support interoperability to easily expand to new features and use cases over time. A good identification infrastructure should be simple to work now and easily adapt to future product requirements and opportunities.
Common standards for digital identities can provide simple and vetted solutions for a very wide range of identity-related needs, ensuring flexibility and trust, and opening up strong interoperability and opportunities. It allows any application to manage users in a way that users need, while at the same time “using the same language” with other applications, services and networks, and these applications may wish to use or serve other applications, services and networks in the future.
This article shares a positive and specific summary:
- Minimum requirements for interoperable identity: DID
- 5 abilities required for a powerful identification system
- Identity infrastructure with a flexible graphical model
- Actual implementation, including simple steps you can take now
Initial criteria for identity
The identity system links many related functions together. Its role is to help users interact with applications or networks through their identity ID. The standard identity model can ensure that users, data, functions, and applications can work together even if they have different launch conditions or implementations. This decentralized standard is a necessary prerequisite for the realization of a flexible identification system.
DID: Minimum requirements for interoperability
DID from W3C is a widely accepted decentralized identity ID standard. It ensures that the identity system can interoperate across many different networks and environments. DID provides a common format for the globally unique ID, and the ID comes from the abstraction of any single key pair.
// Example of a 3ID DID method
did:3:bafyreib5c5gwpwzxl4pcrl7qw4j6lvgg7ug4zdflnhg2eqvuiw7kv7fng4
Therefore, unlike a key pair, DID can:
- Support multiple keys;
- Keep the identity ID when adding, deleting or changing keys;
- Realize cross-network solutions and communications;
- A DID document that associates metadata, service interfaces, or other related information related to the DID.
The DID specification was originally created by Respect Network (later acquired by Evernym) and proposed at the Rebooting Web of Trust conference. It was later accepted by the Decentralized Identity Foundation (DIF). DIF was founded by uPort, Microsoft, Sovrin, Blockstack, and many other companies with in-depth knowledge of identity and Web3. These organizations have different needs and methods, but they are all committed to the vision of a shared and interoperable self-sovereign identity model. The DID specification was created to ensure that work complements each other. Any application that uses DID can access the entire ecosystem of users and functions, and no one is limited to a single isolation method.
Any product, service or platform that wants to build a real user base, and anyone who wants to participate in and benefit from the global Web3 movement should use DID.
For any application, service or platform that wants to provide services to users in any way other than non-personal, on-chain purchase/sale/transfer transactions, DID is the minimum identity requirement. There are many ready-made implementations, so it is easy to implement.
DID alone is not enough
Using DID means that interoperability can be achieved in the future. The standard identity ID is a basic component that should be built in from the beginning. However, simply using DID will not allow you to have cross-network interactivity, nor can you access the set of user management and identity-related tools and models that are emerging and will continue to appear.
DID, as the user’s unique ID, provides minimally recoverable, sustainable and interoperable information and functions. But this is not enough, because many other functions and features used in your application may have their own “identity” requirements, not just a basic user ID. E.g:
- Databases with encrypted access control require their own keys and key management
- DAOs and some organizations need to delegate authority and link membership in a different way from users
- Different wallets, notification services and verification services will have their own designs
- Users will bring different linked accounts, asset types and preferences
Conceptual representation of the content provided by DID
For a good decentralized identity system, all these arrangements should be seamlessly combined. Aggregate user management related features around user identity and transform identity into a single API for the entire user function suite. Each function can simply be inserted as a module to communicate with other functional modules.
For example, you don’t want to associate user id, notification service, profile data, and encrypted account one by one in the current way of managing user tables and one-time integration. Using this method, time and complexity grow rapidly-when new capabilities grow linearly, the integration and mapping for management grows geometrically (Metcalfe’s law). Instead, you want to tie each new feature or function with the user’s DID so that you can upgrade, replace, or configure at any time.
A blueprint for a complete identity standard
DID is the basis of globally available and interoperable identity ID, but the real identity system and infrastructure must do more than that.
A practical and seamless identity system should provide DID with the ability to manage, route, and control user-related flexible and powerful information and service graphs—regardless of where the information was originally generated, and where it is currently stored or hosted where. It basically does not require users to do any operation, nor does it require developers to do any work.
Five important attributes of interoperable identity standards
To provide the true promise of a decentralized identity authentication infrastructure, and to meet your needs as a developer in a practical way, in addition to DID and a proprietary identity authentication system, there are 5 core elements:
Flexible, standard, DID agnostic model (multiple networks → one identity)
Identity is more than DID (Decentralized Identifiers). The promise of DID is to eliminate the lock-in of identity service providers, but most DID-based identity systems are stubborn and require users to use their specific DID method. A strong identity infrastructure provides a complete identity-based capability model that is independent of identity, flexible, permissionless, and can work across the Internet. This enables it to support users, organizations, IoT devices, and almost all usage scenarios from anywhere in the future.
Chain-independent multi-key authentication (multiple keys → one identity)
In order for DIDs and their associated information to interoperate across networks, wallets, and applications, they need to support a flexible multi-key authentication system that supports any key pair. The keychain model provides cross-chain interoperability, and also adds flexibility to DID, because the only way for users to lose control of DID is for them to lose control of all wallet keys at the same time.
Sharing account metadata (e.g., portable profile and reputation)
For DIDs to be available in the context of an application, they need to support the storage of various public account metadata such as configuration files, social connections, or verifiable claims. The identity infrastructure should provide a standard framework for storing such information, which can be extended to support any other types of account metadata.
It encourages standardization that is useful to everyone, but does not enforce standardization where diversification is needed; it makes extensions, branches, and versions easy to discover and link.
User-centric routing to external resources (for example, a rich data ecosystem)
Most of the data belonging to DID is not account metadata, but data generated when users interact with applications. These applications may be stored anywhere on the Internet, from servers to blockchains. These data can be basic browsing data, user data, content, credentials about the user, reputation statements, or other game or platform-specific data. This information is an important part of identity, and in order for this data to be available between applications, it needs to be associated with the DID so that any application can discover it regardless of where it exists and how it is stored.
On-chain account mapping (e.g. non-divisible token (NFT) or contract ownership)
Since most of the current decentralized applications built on the blockchain require users to interact with the application using a key pair account located on that specific chain, the application needs a way to find the user’s blockchain account And parse it into DID. This allows the application to query public metadata about the user account that is actually associated with a DID. Account links should provide mappings from these chains to DIDs, which can work for accounts or contracts, and live on any blockchain or network.
A dynamic, interoperable identity map
In short, these five capabilities require infrastructure to allow applications, services, networks, and users to flexibly link new identity-related information together. What we need is not a single overall solution, but a reliable distributed middleware for user-centric links and resource routing.
This is best achieved through a set of linked documents that together represent the complete identity as an infographic. A chart that is globally available, distributed, uncensored, and does not allow any application, service or user to use it.
Identity id map
Ceramic’s Identity Standard [8], supports any DID, network, authentication key, statement, personal data and account metadata and external chain sources.
This diagram extends the standard and flexible account model, portable metadata storage, multi-key and privacy protection authentication, and links to external resources anywhere on the Internet. It enables DID to link to external resources (such as application data) and trusted services (such as notification or backup), providing a simple user-centric routing system for various resources related to identity. The same system can be used to manage access control, privacy policies, or preferences related to these off-chain resources.
With a flexible identity map, users can manage their own identity, data and protect privacy, while applications can use the rich identity data in the system without compromising functions or stacks.
This identity infrastructure paves the way for an ecosystem of connected and interoperable services and data. Identity recognition infrastructure allows users, social graphs, and services to be combined, just like blockchain allows assets to be combined, and it can also help Web3 products to be combined faster and easier.
Start the construction of decentralized identity
Implementation of Interoperable Identity
Currently, the Web3 community is actively using this identity model. More and more projects are using DID (3ID, EthrDID, Ion) to ensure that the most basic foundation of user control and interoperability is met. A limited version of the link graph model is widely used in the Ethereum ecosystem through 3Box, which extends the DID with complete identification capabilities. So far, more than 700 applications and 22,000 users have decentralized identities, personal data and associated databases.
The Ceramic Network under construction will extend this DID-based identity map function to any network, key type, DID, resource type or implementation. Ceramic is a permissionless network for storing verifiable, variable, and linked documents, which is perfect for this identity infographic. The Identity Routing Protocol (IRP) is the first graphical standard built on Ceramic. There is now a testnet online and a complete implementation will be available this fall.
Like 3Box, many of the best projects in Web3 are contributing to ensuring that IRP standards meet their use cases, goals, and requirements. This includes wallets like Metamask and Magic, blockchains like Arweave and Filecoin, databases like OrbitDB, Sia and Textile, and communities and applications from the entire space.
We are adding new projects and perspectives every week and would be happy to include yours. The identity of the real world is not static; it is dynamic, rich, and full of many perspectives. The same should be true for digital identities.
starting from today
You don’t have to make a big change once. There are some simple steps you can take to ensure that you build on a strong identity and make identity your advantage rather than a pain point as you grow up.
- It can take up to 1 day to build the DID into the application . You can use 3ID from 3Box, which is a lightweight software based on IPFS, which will be natively built into Ceramic.
- Join us in Ceramic discord , share your use cases, provide input to help shape the network and standards, or ask any questions you have.
- Share or share or discuss with the global Web3 builder community on twitter . If our Web3 ecosystem can work together, it will develop best, and all of this must start with a solid foundation for interoperability.
Reference
Decentralized Identity Foundation:
https://identity.foundation/Ceramic’s Identity Standard:
https://github.com/ceramicnetwork/CIP/issues/3Ceramic Network:
https://github.com/ceramicnetwork/ceramic/blob/master/OVERVIEW.md(IRP):
https://github.com/ceramicnetwork/CIP/issues/33ID from 3Box:
https://docs.3box.io/build/walletsCeramic discord:
https://discord.gg/DM4BS98
Source link: medium.com
