Miro Lecture SSI Flashcards
Types of Identity Paradigms
Centralized
Federated
Decentralized
What is the centralized identity paradigm?
- every internet service requires a separate account that the service administrates
What is federated identity paradigm?
- ID Zones or social logins (Google, Apple)
What is decentralized identity paradigm?
- everyone keeps their own identity data and presents it
Motivation behind decentralized identity?
Today’s identity providers have immense amounts of power over us and metadata about us
What can you do in SSI with the account?
- create an account (identifier)
- no one can shut it down
- the account is accepted by every online service
What is the trust triangle?
- issuer, holde, and verifier form the trust triangle
What does the holder request from the issuer?
Verifiable Credentials (VCs) that the holder can keep in a wallet and present when requested
What is the job of the issuer?
- source of the VCs
- could be a university
What does the verifier do?
- relies on claims of VCs
- signature allows for verification
Definition of SSI
- entities are represented by digital identities and every entity has sole ownership over the ability to control their identity data
- an identity can be seen as an account. The account has pseudonymous identifiers and and attributes that can be confirmed.
Two core specifications for SSI
- Decentralized Identifier (DID)
- Verifiable Credentials (VC)
DID
- an identifier for every entity in the SSI ecosystem
- global unique identification
What is a VC?
Verifiable Credentials:
- means of making verifiable claims about an identity. Like a university stating that a diploma belongs to them.
What form do VCs have?
JSON
Things that VC contain
- Context
- Issuer
- Timestamp
- Subject
- Cryptographic proof
What is a VP?
Verifiable Presentation
- data from a VC (or several VCs) that can be generated by holders of the VC and be shared with a verifier. Holders do this to prove claims regarding their identity.
What is selective disclosure?
- enables individuals to share no more of their private data than is strictly necessary
- if a VC supports selective disclosure, holders can create a VP containing only parts of the VC
Why is there a need for publicly accessible data storage for an SSI ecosystem?
It allows:
- Logging
- Revocation
What does logging provide?
- auditability (to detect fraudulent activity)
What is stored in a publicly readable Verifiable Data Registry?
- only serial numbers or hashes of credentials
- not private information
What does blockchain enable when used as a verifiable data registry?
- eliminates the need for participants to run server infrastructure
- transparency
- timestamping
What does DID mainly define?
How to
- create an identifier
- retrieve information about identifier
- update information about the identifier
Structure of a DID?
Scheme (static) = did, method (short, publicly documented DID method), method-specific identifier (arbitrarily long)
What is a DID document?
- accessible by anyone who resolves a DID
What is DID resolution?
- DID resolver is a piece of software resolving a DID into a DID document
Advantage of DID compared to blockchain acccounts?
- flexibility to update keys, and add meta information
What is the governance challenge?
- Which issuers are trusted?
- revocation
What can be a solution to the governance challenge?
- trusted issuer registry
- but there are no good implementations
- revocation is also unsolved
SSI Criticism
- many different DID methods might limit interoperability
- environmental concerns of DID
