Decentralized Identifier is a key component for Web3: Here’s why.

What are Decentralized Identifiers?

A decentralized identifier (DID) is a pseudo-anonymous identifier for a person, company or entity. It’s secured by public-private key cryptography. The private key is stored securely by the individual, while the public key is stored on the blockchain. Only the private key owner can prove or control their identity. Also, an individual can choose to create multiple DIDs and have independent identifiers across different platforms.

Decentralized identity gives individuals control over their own identity so that they can decide how their personal information is shared and accessed, enabling trusted interaction while preserving privacy.
The four core properties of DID (according to W3C):

1. It’s a persistent identifier: It never needs to change.
2. It’s a resolvable identifier: The DID contains a reference to the public key on the blockchain, which can be used to resolve the DID document.
3. It’s a digitally verifiable identifier: The user can prove its identity cryptographically.
4. It’s decentralized: No central authority is required.

Some of the existing digital identity systems fulfil a few of these four properties, but they don’t fulfil all four of these.

Need for Self-Sovereign Identity and Digital Identifiers

• Security Concerns: Centralized identity solutions store all the user credentials in a centralized database, which creates single-point high-value targets for hackers. In this, a user is required to have hundreds of different passwords for different sites, creating additional complexity. In order to solve this, a user might re-use the password across different platforms. But that creates even more security problems: a security breach at one site can result in account hijacking at different sites.
• Privacy Concerns: In existing centralized identity solutions, the user data and credentials can be misused by the website or the platform itself. This is seen in situations like Cambridge Analytica.
• Identity Ownership: A user who owns the private key, truly owns and controls their identity. In centralized identity solutions, this is controlled by the platform itself.
• High Availability: Decentralized identity leverages the blockchain to store the public keys, which is far more reliable and has a higher uptime than centralized databases, because of the inherent redundancy and decentralized nature of blockchains.
• Zero-Knowledge Proofs: Zero-knowledge proofs can tremendously improve the efficiency and security of DID. For example:
• A user can prove that they are above 18 years of age without revealing their date of birth.
• A user can definitively prove that their CIBIL score is above 750, without revealing their actual CIBIL score.

How DIDs work: Systemic Overview

In traditional identity management solutions, the identity is provided by a third party, say, Google or Facebook. In this scenario, users can create an account on these platforms, called Identity Providers (IDP) and then use Single Sign-On to sign in to various online services like Medium or LinkedIn. This online service is called “Relying Party”, as it relies on the IDP to provide identity. Both the user and the relying party enter a trust relationship with this IDP.
In decentralized Identity, the role of IDP is replaced by the user itself. The user is essentially able to present its own identity. To achieve this, we need a decentralized ledger (blockchain), a public-private key infrastructure, and a system of standardized protocols so that all the parties can communicate effectively.

Let’s look at a real-world use case of decentralized identity. In this example, we will see how people, systems and software interact to facilitate decentralized identification for digital passports.

INTERACTION BETWEEN PEOPLE, SYSTEMS AND SOFTWARE IN A DID

In this example, there are three parties, the user (Alice), the issuer of the passport (United States Government) and the verifier of the credential, the airline.
Firstly, Alice installs the identity wallet on her phone and generates a public-private key pair, and the wallet publishes the public key to the ledger. This way, Alice can generate and hold her “own” identity in the decentralized identity ecosystem.

As a next step, the United States issues a credential, i.e., a passport to Alice. This passport is digitally signed by the United States, and it contains the public key of Alice’s digital identity, which she generated in the previous step.
In the final step, Alice then digitally signs this passport and then presents it to the airline. The airline then verifies if the passport was signed by the US government, and after that, it verifies if it was signed by Alice herself. This can be verified cryptographically since the public keys of both Alice and the US government are hosted on the ledger.
In essence, decentralized identity enables the users to be an important link between the issuers and the verifiers, and it prevents issuers and verifiers from bypassing the user. It enables the user to present and control their own identity, and make a cryptographically verifiable assertion about themselves.

“In a centralized system, identity is what others say about you. In a decentralized system, identity is what you say about yourself.”

In fact, in a decentralized identity system, all parties are equal and each party can assume the role of identity issuer, verifier and holder. Theoretically, Alice can issue a credential to the US government or Alice can even verify the passport of any other US citizen.

How DIDs Work: Technical Overview

A digital identifier is a globally unique identifier, that doesn’t need centralized registries for creation.

SKELETAL STRUCTURE OF A DID, ACCORDING TO W3C STANDARD

All DIDs start with the keyword DID, followed by the DID method. This is then followed by a unique identifier.

DID Methods specify the ledger the identifier resides on. It also specifies how to resolve the identifier to its public key on the ledger. Here is an example of a DID on the Bitcoin blockchain: did:btcr:xkyt-fzzq-q4wq-f2d
Likewise, there are DID methods associated with various blockchains and ledgers:

A DID method also specifies how to publish, update and deactivate an identifier on the ledger. An issuer/provider typically carries out DID resolution, while the publish/update/deactivate operation is carried by the identity holder.

ROLE OF ENTITIES AND SIGNIFICANCE OF DID METHOD

It’s important to reiterate that, in decentralized systems, all entities can take the role of an identity holder, issuer and provider. It’s not necessary for an individual citizen to be the holder and a company to be an issuer/provider.
Now, let us see in detail how does DID resolution work.

DID Resolution

DID resolution form the core of the working of Decentralized Identification. DID resolution can be thought of as a function that takes DID as input and retrieves and outputs the DID document.

“For digital identifiers, the usefulness comes just not from the identifier itself, but from how it can be used by applications designed to consume that particular type of identifier.”

When a DID is resolved, it is resolved to a DID document. The DID document contains the basic data in order to interact with the subject.

DID RESOLUTION

A DID subject is identified by a DID, and the DID is resolvable to the DID document. Also, the DID subject is also the controller of the DID document.

DID Document

It defines a way to issue and sign a set of claims as well as present those claims in a verifiable manner. A claim is just a statement about an individual or entity.
It’s a public document, which resides on the blockchain. Theoretically, it can contain any arbitrary information, like even a name or email. Although that is discouraged due to privacy concerns.
The technical community has converged on a specification from W3C, called Verifiable Credentials for DID documents.
The DID document contains:

• One or more public keys, for user authentication
• One or more services are associated with the DID subject. It specifies the available protocols for service endpoints.
• Additional metadata like timestamps.

A TYPICAL DID DOCUMENT, ACCORDING TO THE W3C STANDARD

Challenges Faced in Decentralized Identity

Technical Fragmentation
While there exist prominent standards for DID documents, there is no universally accepted, interoperable standard for credential exchange. There is also a lot of technical fragmentation in DID methods. There are over 100 DID methods, each of them having its own decentralized identity ecosystems, its own wallets, and its own ledgers with little to no interoperability between them.

Zooko’s Triangle Trilemma
According to Zooko’s Trilemma, a naming system in any network cannot fulfil more than two of the following three
properties:

1. Human-meaningful: Meaningful and memorable
2. Secure: The network is secure from malicious entities as its peers.
3. Decentralized: The names are resolved without any decentralized authority.

This trilemma is important in decentralized systems because we want to have a system that is not only decentralized and secure but also has human-readable addresses. Centralized systems don’t have this problem because their identities are created centrally.
This problem can be solved by having an accompanying, decentralized naming service that maps the complex addresses to human-readable names.

Adoption of Decentralized Identities
Widespread adoption of DIDs has numerous challenges involved. A prominent one is the “circular causality dilemma” of adoption and development. Adoption of DIDs requires investments, developer involvement and decentralized infrastructure. But again, investments and developer involvement themselves require widespread adoption, for the investments to give any sizeable returns.
This is a problem for a lot of emerging tech. There are many proposed solutions for the problem:

• It’s not necessary to implement DID on its own, it can be deployed alongside federated/centralized identity solutions so that the adoption is incremental and gradual. Organizations and businesses can start by storing the public key on a central database, and then gradually move towards completely decentralized solutions.
• GitHub authentication uses the public key infrastructure for user authentication, but the ledger is centralized.
• Digitally signing PDF, but in this case, the public key resides in Adobe’s centralized database: AATL (Adobe Approved Trust List).
• Decentralized Identification can be implemented in systems where issuers and verifiers are the same entity. For instance, in an airline’s loyalty program or within a company or university.

Sources

https://consensys.net/blockchain-use-cases/digital-identity/
https://ssimeetup.org/decentralized-identifiers-dids-fundamentals-identitybook-info-drummond-reed-markus-sabadello-webinar-46/
https://w3c.github.io/did-core
https://w3c-ccg.github.io/did-primer/
https://medium.com/uport/ens-names-are-decentralized-identifiers-dids-724f0c317e4b
https://www.okta.com/blog/2021/01/what-is-decentralized-identity/
https://stackoverflow.com/questions/454048/what-is-the-difference-between-encrypting-and-signing-in-asymmetric-encryption

Join Coinmonks Telegram Channel and Youtube Channel learn about crypto trading and investing

Also, Read

• How to trade Futures on FTX Exchange | OKEx vs Binance
• OKEx vs KuCoin | Celsius Alternatives | How to Buy VeChain
• ProfitFarmers Review | How to use Cornix Trading Bot
• How to buy Bitcoin Anonymously | Bitcoin Cash Wallets
• WazirX NFT Review | Bitsgap vs Pionex | Tangem Review
• How to Create a DApp on Ethereum using Solidity?
• Binance vs FTX | Best (SOL) Solana Wallets