Table of Contents
Decentralized identity is a technology that uses cryptography to allow individuals to create and control their own unique identifiers. They can use these identifiers to obtain Verifiable Credentials from trusted organisations and, subsequently, present elements of these credentials as proof of claims about themselves. In this model, the individual takes ownership of their own identity and need not cede control to centralized service providers or companies.
In its simplest instance, decentralized identity can be used to eliminate the need for service providers to authenticate users through usernames and passwords. This benefits the user by keeping their information private, secure, and easy to access. For the service provider, it eliminates the need to hold private personal information in a 'honeypot' for bad actors, which has become a liability in recent years.
In the more general model, a transaction typically involves three parties: the issuer of a credential, the holder of the credential, and a relying party (also known as a verifier) that needs proof of a fact about the holder.
Let's take the example of a driver's license: a trusted government agency (the issuer) issues a digital driver license to an individual (the holder). The individual must of course prove beyond doubt that they are the person that the license belongs to. There are many ways the government agency can perform this verification, perhaps using an out of band process or exchanging additional credentials. When the credential is issued, the individual holds it in a wallet that only they have access to, secured by their own biometric identification.
Later, the individual uses the digital driver license to prove to a bank (the relying party) a claim about themselves (such as their date of birth). To do this, the bank sends a challenge to the individual to present their date of birth and prove it is genuine. The individual unlocks their wallet, accepts the challenge, and authorizes the disclosure of their date of birth along with a cryptographic proof that it is part of a credential that has been issued to them by a trusted government agency. The bank determines the integrity of the presentation and checks that it has not been tampered with in any way. If the bank trusts the source of that data as reputable, then they will accept the information and proceed to offer services to the individual.
In order to be effective, distributed sources of information and decentralized identities must be generally accepted and universally interoperable. This is motivating much of the work going on at standards organizations such as the World Wide Web Consortium (W3C), which is defining a formal data model for the protection and exchange of digital identity information on the internet.
The core of these emerging W3C standards is the concept of Decentralized Identifier (DID) which each person, group, or organization can directly control and use to identify themselves. Through a specified process known as DID Resolution, a decentralized identifier is used to obtain a related piece of information called a DID Document. A DID Document contains public keys and service information associated with the DID, providing the information necessary to make a secure connection with the owner of the identifier.
For DIDs to be fully trusted, they must be consistently bound to an owner in a provably tamperproof way. For this reason, DIDs are commonly anchored to a distributed ledger, though the instance or type of ledger can vary.
To perform transactions between two or more entities, a reliable connection is typically established between the respective DIDs. This is achieved by exchanging secure messages and mutually verifying each other’s identities through cryptographic signatures and Verifiable Credentials.
The MATTR Platform coordinates and orchestrates all of these important capabilities to ensure that our users always receive the latest in standards-based decentralized identity solutions.