Decentralized and interconnected web of trust
As reported in Forbes, ‘blockchain enables direct exchange of value between A and B without the need for the middlemen — be it a central authority, broker or notary’. Yet identity is complicated. The encoding of identity information into DLT is more than a technical endeavor. The technology is still changing, which means that there’s still the potential to shift the control points of identity from centralized but disconnected hubs to a decentralized and interconnected web of trust.
Self-sovereign identity (SSI)
Self-Sovereign Identity (SSI) intends to give the user an alternative to conventional digital identities where the user is in full control and other services need to request access to this identity information.
The center of SSI is the Decentralized Identifier (DID) standard. A DID is a representation of an identity and links to a DID document that contains information about authorized public keys to this DID and service endpoints that are necessary to establish a connection. A DID Method describes how a DID is generated on a specific blockchain. Despite the potential for SSI, some higher-risk enterprise use cases — for example, in healthcare or financial services — may always require an external authority to validate identity claims.
Decentralized identifiers (DIDs)
Decentralized identifiers are the components of SSI, designed to be user-controlled, unable to be reassigned, and resolvable. This means they contain documentation of public keys, authentication protocols, and verifiability via cryptography or an issuing authority’s signature.
• They allow for the creation of unique, private, and secure peer-to-peer connections between two parties.
• Their decentralized nature makes credentials always available for verification.
• Each party — an individual or organization — can create as many different DIDs as they wish. Using separate DIDs for different digital relationships and contexts prevents data correlation.
• They are entirely controlled by the identity owner. DIDs are independent of centralized registries, authorities, or identity providers.