Miro Lecture SSI

Question 1

Types of Identity Paradigms

Answer 1

Centralized
Federated
Decentralized

Question 2

What is the centralized identity paradigm?

Answer 2

• every internet service requires a separate account that the service administrates

Question 3

What is federated identity paradigm?

Answer 3

• ID Zones or social logins (Google, Apple)

Question 4

What is decentralized identity paradigm?

Answer 4

• everyone keeps their own identity data and presents it

Question 5

Motivation behind decentralized identity?

Answer 5

Today’s identity providers have immense amounts of power over us and metadata about us

Question 6

What can you do in SSI with the account?

Answer 6

• create an account (identifier)
• no one can shut it down
• the account is accepted by every online service

Question 7

What is the trust triangle?

Answer 7

• issuer, holde, and verifier form the trust triangle

Question 8

What does the holder request from the issuer?

Answer 8

Verifiable Credentials (VCs) that the holder can keep in a wallet and present when requested

Question 9

What is the job of the issuer?

Answer 9

• source of the VCs

- could be a university

Question 10

What does the verifier do?

Answer 10

• relies on claims of VCs

- signature allows for verification

Question 11

Definition of SSI

Answer 11

• entities are represented by digital identities and every entity has sole ownership over the ability to control their identity data
• an identity can be seen as an account. The account has pseudonymous identifiers and and attributes that can be confirmed.

Question 12

Two core specifications for SSI

Answer 12

• Decentralized Identifier (DID)

- Verifiable Credentials (VC)

Question 13

DID

Answer 13

• an identifier for every entity in the SSI ecosystem

- global unique identification

Question 14

What is a VC?

Answer 14

Verifiable Credentials:

- means of making verifiable claims about an identity. Like a university stating that a diploma belongs to them.

Question 15

What form do VCs have?

Answer 15

JSON

Question 16

Things that VC contain

Answer 16

• Context
• Issuer
• Timestamp
• Subject
• Cryptographic proof

Question 17

What is a VP?

Answer 17

Verifiable Presentation
- data from a VC (or several VCs) that can be generated by holders of the VC and be shared with a verifier. Holders do this to prove claims regarding their identity.

Question 18

What is selective disclosure?

Answer 18

• enables individuals to share no more of their private data than is strictly necessary
• if a VC supports selective disclosure, holders can create a VP containing only parts of the VC

Question 19

Why is there a need for publicly accessible data storage for an SSI ecosystem?

Answer 19

It allows:

1. Logging
2. Revocation

Question 20

What does logging provide?

Answer 20

• auditability (to detect fraudulent activity)

Question 21

What is stored in a publicly readable Verifiable Data Registry?

Answer 21

• only serial numbers or hashes of credentials

- not private information

Question 22

What does blockchain enable when used as a verifiable data registry?

Answer 22

• eliminates the need for participants to run server infrastructure
• transparency
• timestamping

Question 23

What does DID mainly define?

Answer 23

How to

• create an identifier
• retrieve information about identifier
• update information about the identifier

Question 24

Structure of a DID?

Answer 24

Scheme (static) = did, method (short, publicly documented DID method), method-specific identifier (arbitrarily long)

Question 25

What is a DID document?

Answer 25

• accessible by anyone who resolves a DID

Question 26

What is DID resolution?

Answer 26

• DID resolver is a piece of software resolving a DID into a DID document

Question 27

Advantage of DID compared to blockchain acccounts?

Answer 27

• flexibility to update keys, and add meta information

Question 28

What is the governance challenge?

Answer 28

• Which issuers are trusted?

- revocation

Question 29

What can be a solution to the governance challenge?

Answer 29

• trusted issuer registry
• but there are no good implementations
• revocation is also unsolved

Question 30

SSI Criticism

Answer 30

• many different DID methods might limit interoperability

- environmental concerns of DID