Binary Globe by GDj

Identity Decentralized

8 minute read

Working Group

  • Identifiers and Discovery Working Group - GitHub

    Members of the Working Group are engaged in development of protocols and systems that enable creation, resolution, and discovery of decentralized identifiers and names across underlying decentralized systems, like blockchains and distributed ledgers.

  • I&D WG Charter
    • Specifications, implementations, test suites, etc. related to creation, derivation, resolution, management, use of all forms of decentralized identifiers (i.e. including, but not limited to W3C DIDs)
    • Relationship between identifier systems (e.g. DID and domain names)
    • Relationship between identifiers and other decentralized identity building blocks (e.g. EDV)
    • Discovery protocols (e.g. for hubs, agents)
    • Establishment and maintenance of control authority over an identifier (e.g. KERI)
    • Security and trust in identifier infrastructure (e.g. Linked Data Security)
    • Work on concrete DID methods
  • Mailing list

    A key piece of the decentralized identity equation is how people, organizations, and devices can be identified and located without centralized systems of identifiers (e.g. email addresses). DIF members are actively working on protocols and implementations that enable creation, resolution, and discovery of decentralized identifiers and names across decentralized systems, like blockchains and distributed ledgers.

  • Meeting page

    For this call, you are encouraged to turn your video on. This is a good way to build rapport given we are a large, disparate group experiencing a lot of churn.

    This document is live-edited DURING each call, and stable/authoritative copies live on our github repo under /agenda.md . Please note that we might not notice a pullrequest in time, but you are free to propose agenda items for future meetings via hackmd.

Specs & Projects

Universal Resolver

Spec and implementation of a driver-based framework that enables resolution of DIDs.

  • Universal Resolver - resolve practically any DID 2022-09-01 Identity Foundation

    The Universal Resolver can now resolve 45 DID methods, and more are being added regularly. Visit https://dev.uniresolver.io/ to see the full list of supported methods, and visit this github page to contribute a driver for a DID method.

  • jolocom/ddoresolver-rs 2022-05-13 Jolocom

    Universal, multy-method, feature gated DID Document resolver

  • Mission Accomplished: Universal Resolver Calls coming to an end 2021-11-04 Identity Foundation

    Considering that the group has accomplished these goals, there is currently no more need for dedicated calls. Work on the Universal Resolver work item will continue on Github (under the Universal Resolver and Identifiers &Discovery and on DIF Slack in the Identifiers & Discovery Working Group channel, #wg-id.

  • DID Resolution: Given a DID how do I retrieve its document? – Markus Sabadello 2018-11-27 SSI-Meetup

    Markus Sabadello, CEO of Danube Tech, will talk about DID Resolution and how to retrieve a DID document. As we know, Decentralized Identifiers (DIDs) are a key component in SSI architecture. They are used as building blocks for verifiable credentials, wallets, agents, and data exchange protocols. To make all this work, we need to be able to “resolve” DIDs to their associated DID Documents. This process fulfills a similar purpose as DNS does in the classic web. And while DID Resolution is not a very complicated topic, it is still important to understand how it works and how it relates to other topics. In this webinar, we will give a general introduction to DID Resolution, discuss a few in-depth topics, and also demo concrete tools that are available today.

    Most DID Resolution implementations envision an architecture where a common base component invokes a set of “drivers” or “plugins” or “modules” to implement method-specific functionality, e.g. see the DIF Universal Resolver, Digital Bazaar’s did-client, or the uPort JavaScript DID Resolver. We envision such “DID Resolver” tools to become as central to SSI infrastructure as DNS is for the web today.

  • A Universal Resolver for self-sovereign identifiers 2017-11-01 (Markus Sabadello)

    This is a first step in fulfilling DIF’s mission to help individuals and organizations to control their digital identity, without being dependent on any intermediary party.

    This tool fulfills a similar purpose as Bind does in the DNS system: resolution of identifiers. However, instead of working with domain names, we work with self-sovereign identifiers that can be created and registered directly by the entities they refer to.

Resolver Drivers

Universal Registrar

Spec and implementation of a driver-based framework that enables creation/updates/deactivation of DIDs.

  • decentralized-identity/universal-registrar

    A Universal Registrar is an identifier registrar that works with any decentralized identifier system, including Decentralized Identifiers (DIDs).

    • Driver Development

      The Universal Registrar’s function is wrapping an API around a number of co-located Docker containers running DID-method-specific drivers. The Universal Registrar is designed to support additional DID methods as they are developed by the community. The contribution for a new DID method driver consists of a Docker image which exposes an HTTP interface for creating/updating/deactivating DIDs. New contributions are submitted as Pull Requests to the Universal Registrar (this) repository.

  • decentralized-identity/universal-registrar-frontend - Frontend web UI for Universal Registrar.

Registrar Drivers

.well-known DID configuration

Spec, docs, and implementations for discovering DIDs from .well-known HTTP(S) URIs.

  • Link your domain to your Decentralized Identifier (DID) (preview)

    We make a link between a domain and a DID by implementing an open standard written by the Decentralized Identity Foundation called Well-Known DID configuration. The verifiable credentials service in Azure Active Directory (Azure AD) helps your organization make the link between the DID and domain by including the domain information that you provided in your DID, and generating the well-known config file:

  • decentralized-identity/.well-known/
    • Repo Webpage

      Making it possible to connect existing systems and Decentralized Identifiers (DIDs) is an important undertaking that can aid in bootstrapping adoption and usefulness of DIDs. One such form of connection is the ability of a DID controller to prove they are the same entity that controls an origin.

      The DID Configuration resource provides proof of a bi-directional relationship between the controller of an origin and a DID via cryptographically verifiable signatures that are linked to a DID’s key material. This document describes the data format of the resource and the resource location at which origin controllers can publish their DID Configuration.

  • Spec

    Making it possible to connect existing systems and Decentralized Identifiers (DIDs) is an important undertaking that can aid in bootstrapping adoption and usefulness of DIDs. One such form of connection is the ability of a DID controller to prove they are the same entity that controls an Internet domain.

    The DID Configuration resource provides proof of a bi-directional relationship between the controller of an Internet domain and a DID via cryptographically verifiable signatures that are linked to a DID’s key material. This document describes the data format of the resource and the resource location at which Internet domain controllers can publish their DID Configuration.

    Due to the location of the DID Configuration resource, discovery of associated Decentralized Identifiers against a domain is trivial. However, the inverse (i.e given a DID-URI discover the associated domains) is deemed out of scope.

Peer DID Method Specification

A rich DID method that has no blockchain dependencies. The verifiable data registry is a synchronization protocol between peers.

  • decentralized-identity/peer-did-method-spec
  • Spec

    This document defines a “peer” DID Method that conforms to the DID Spec. The method can be used independent of any central source of truth, and is intended to be cheap, fast, scalable, and secure. It is suitable for most private relationships between people, organizations, and things. We expect that peer-to-peer relationships in every blockchain ecosystem can benefit by offloading pairwise and n-wise relationships to peer DIDs.

DID Spec Extensions

Extension parameters, properties, and values for the DID spec registries.

Other Repositories

See Also


Ecosystem Overview

This page includes a breakdown of the Web Standards, Protocols,Open Source Projects, Organizations, Companies, Regions, Government and Policy surrounding Verifiable Credentials and Self Sovereign Identity.

Updated: 2024-02-26 4 minute read

Tags:

Verifiable Credentials with JSON-LD and BBS+ Signatures

BBS signatures were implicitly proposed by Boneh, Boyen, and Shacham (CRYPTO ’04) as part of their group signature scheme, and explicitly cast as stand-alone signatures by Camenisch and Lysyanskaya (CRYPTO ’04). A provably secure version, called BBS+, was then devised by Au, Susilo, and Mu (SCN ’...

Updated: 2023-09-29 8 minute read

Tags:
BBS
Data Integrity
JSON-LD
Verifiable Credentials
W3C

Verifiable Credentials with JOSE (JWT) / COSE (CBOR)

Digital proof mechanisms, a subset of which are digital signatures, are required to ensure the protection of a verifiable credential. Having and validating proofs, which may be dependent on the syntax of the proof (for example, using the JSON Web Signature of a JSON Web Token for proofing a key h...

Updated: 2023-09-09 12 minute read

Tags:
COSE
IANA
JOSE
JWT
Verifiable Credentials
W3C

Verifiable Credentials (ZKP-CL) Anoncreds

This credential format was created specifically to leverage the CL Signatures. JSON-JWT and JSON-LD Signatures each have their own way of representing the meaning of the attributes within a VC. JSON-JWT references an IANA registry and assumes a “closed world” authority model based on that authori...

Updated: 2023-09-29 6 minute read

Tags:
Anoncreds
Evernym
Hyperledger Foundation
IBM
IDEMIX
Sovrin Foundation
Verifiable Credentials
W3C
ZKP-CL