To the center of identity (Decentralized ID, DID) Introduction
DID can be said that the field of a block chain partial upset direction, but in fact it appears to have no small value.
1 Background and Status
1.1 digital authentication background
Centralized identity => Alliance identity => Center of identity (DID)
digital certificates beginning of the beginning is centralized, such as domain names and IP address assignment ICANN management, as well as PKI (Public Key Infrastructure) CA ( Certificate Authority System ) digital certificate authority certificate management.
Centralized nature of identity systems is that the centralization of authority holds the identity of the data, because the authentication, authorization, also by the decentralized agencies around the data to decide. Who is not controlled by the user's own.
And different centers of the site (such as Taobao, know almost, watercress, etc.) will have its own identity on the system, so you will need to re-register an account. And between the different website identity systems (and the corresponding account data) own use are not interoperable.
To solve this problem, different sites, jointly launched himself up the league identities (this concept was first put forward by Microsoft in 1999). In alliance identity system, the online identity of a certain user portability. Many websites now support third-party registration can log in, such as micro letter, QQ, Sina microblogging.
After the league made identity, the identity of the system will begin to move towards the center of the. There are many standards during the decentralized program appear, such as OpenID. In fact, even some of the site supports micro letter, QQ login third party, that the user experience is not very good, and often you still need to use code + phone number to register.
In summary, the main problem is the center of the identity of two, one is the individual not to have their own identity in the true sense, and second, the identity can not communicate.
1.2 Decentralized IDentity (DID) Status
Prospects for development, project standards have been proposed, there have been the
DID can be said that the field of a block chain partial upset direction. At present, only a few teams in the DID research, development projects are not many, only a handful of studies on DID and industry are almost no (only found one). DID heat and expansion, cross chain, DeFi popular these concepts can not be compared. But in fact, it appears to have no small value, Microsoft layout DID perhaps illustrates this point from the side.
The block-based chain or DID is distributed books (DLT) technology is expected to solve the problems mentioned above (but will also introduce new problems, new problems will be mentioned in item 3 uPort section).
(1) Standard
Currently (2019) standards have been proposed are:
DID the W3C standard: A Primer for Decentralized Identifiers for
the DIF (Foundation for Decentralized the Identity) of DID Auth: DIF official website
next to the actual item on Ethernet standards and the W3C DID Square ETH uPort brief analysis.
(2) Item
Now some more well-known DID projects: MicrosoftDID, Sovrin, uPort, Evernym, Civic, ShoCard.
Project Name general content
MicrosoftDID Microsoft DID
Sovrin located HyperLedger
UPort located ETH
Evernym for trading purposes
Civic the biometric multi-factor authentication, identity of the mobile platform
ShoCard mobile platform identity, protection of privacy
2 W3C DID Standard
Identity to the center (Decentralized Identifier, DID) is a new type of identifier is globally unique, high availability can be resolved and verifiable encryption. DIDs generally cryptographic material (e.g., a public key) associated with a service endpoint and, to establish a secure communication channel. DIDs any benefit from self-management, encryption verifiable identifiers (such as a personal identifier, the organization identifier and things scene identifier) applications are very useful. For example, to verify the credentials of the current W3C commercial deployment extensive use of DIDs to identify people, organizations and things, and to achieve a number of security and privacy protection guarantee.
--W3C documents
DID DID system under the W3C standard elements include the following levels:
Base layer: DID specification
DID Identifier (Identifier)
DID Document (Document)
Application Layer: verifiable statement
verifiable statement (Verifiable Claims or Verifiable Credentials, referred to herein are the next VC)
2.1 specification DID
DID identifier is a globally unique representation of what your identity, just like your ID number. Form as follows:
DID example: did: eth: 123456789abcdefg
DID identifier is not easy to remember. The Zooko triangle theory, can be achieved easily without any identifier memory, security, to the center at the same time. Here, W3C taken DID of the latter.
DID Infrastructure is key to a global database, which is either a DID compatible block chain, either a DID compatible distributed books, or some DID compatible to the center of the network (in fact, this database location is DID identifier field example, there are already a lot of legal address). In this database, DID identifier is the key and the document is DID value.
DID document is a JSON-LD Object, comprising six parts (all optional) is:
DID identifier.
A set of cryptographic material. Such as public key.
A set of cryptographic protocols.
A set of service endpoints.
Timestamp.
An optional JSON-LD signature. DID documents to prove this is legitimate.
Document content Example:
{
"@context": "https://w3id.org/did/v1",
"id": "did:example:123456789abcdefghi",
"authentication": [{
// used to authenticate as did:...fghi
"id": "did:example:123456789abcdefghi#keys-1",
"type": "RsaVerificationKey2018",
"controller": "did:example:123456789abcdefghi",
"publicKeyPem": "-----BEGIN PUBLIC KEY...END PUBLIC KEY-----\r\n"
}],
"service": [{
// used to retrieve Verifiable Credentials associated with the DID
"id":"did:example:123456789abcdefghi#vcs",
"type": "VerifiableCredentialService",
"serviceEndpoint": "https://example.com/vc/"
}]
}
It should be noted that, DID documents without any real content and your personal information relating to, such as your real name, address, phone number and so on. Therefore DID specification alone is unable to verify a person's identity, it must rely on VC DID application layer.
2.2 verifiable statement
W3C believes DID previous specification is the foundation, while the verifiable statements seen as next higher layer, and that this one is worth DID build the whole system lies. Because in the application layer, DID may be used to identify the identity of the individual, it can also be used to identity the organization, or even to identify the identity of the article (The implication is that not only can change the current Internet, you can also change things?).
Next I will verify the statement referred to the VC. VC is somewhat similar to a digital signature, if the digital signature, the need for PKI system. To achieve VC here, too, we needed a system to support it. In this system VC, there are several participants (a list of its features):
Issuer (Issuer): the user who owns the data and can be issued VC entities, such as government, banks, universities and other institutions and organizations.
Verifier (Inspector-Verifier, IV): VC accepted and validated, which can be provided to show some type of VC's service.
Holder (Holder): Issuer to request, receive, hold VC entities. VC presented to the IV. VC VC can be issued on the wallet, easy to use again later.
Identifier Registry (Identifier Registry): maintenance of DIDs database, such as a strip block chain, distributed books (DID is almost in the example previously mentioned fields).
The reason why the need for Identifier Registry, because IV to verify the VC, but also to authenticate the user. Verify that the VC by VC and VC is issued Issuer, DID and stored by the user authentication database of DID.
Because DID DID corresponding documentation no real information about the user, when the user performs an action, the site requires users to show proof. For example, ask you to prove "I am XXX age is greater than 18 years of age." This time you need to help you Issuer issued (and signed) VC to such a site, the site can do as an Inspector for verification. After you have verified that you can operate the.
Here it must be noted that Issuer gives you only need to be 18 years or older VC, without giving your birthday VC how much of the former reveal your less information. Ideally VC should be an answer to whether the response, rather than answering how many and what reply. This can disclose the minimum information to IV.
JSON format is VC's. Examples are as follows:
{
// set the context, which establishes the special terms we will be using
// such as 'issuer' and 'alumniOf'.
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://www.w3.org/2018/credentials/examples/v1"
],
// specify the identifier for the credential
"id": "http://example.edu/credentials/1872",
// the credential types, which declare what data to expect in the credential
"type": ["VerifiableCredential", "AlumniCredential"],
// the entity that issued the credential
"issuer": "https://example.edu/issuers/565049",
// when the credential was issued
"issuanceDate": "2010-01-01T19:73:24Z",
// claims about the subjects of the credential
"credentialSubject": {
// identifier for the only subject of the credential
"id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
// assertion about the only subject of the credential
"alumniOf": {
"id": "did:example:c276e12ec21ebfeb1f712ebc6f1",
"name": [{
"value": "Example University",
"lang": "en"
}, {
"value": "Exemple d'Université",
"lang": "fr"
}]
}
},
// digital proof that makes the credential tamper-evident
// see the NOTE at end of this section for more detail
"proof": {
// the cryptographic signature suite that was used to generate the signature
"type": "RsaSignature2018",
// the date the signature was created
"created": "2017-06-18T21:19:10Z",
// purpose of this proof
"proofPurpose": "assertionMethod",
// the identifier of the public key that can verify the signature
"verificationMethod": "https://example.edu/issuers/keys/1",
// the digital signature value
"jws": "eyJhbGciOiJSUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..TCYt5X
sITJX1CxPCT8yAV-TVkIEq_PbChOMqsLfRoPsnsgw5WEuts01mq-pQy7UJiN5mgRxD-WUc
X16dUEMGlv50aqzpqh4Qktb3rk-BuQy72IFLOqV0G_zS245-kronKb78cPN25DGlcTwLtj
PAYuNzVBAh4vGHSrQyHUdBBPM"
}
}
IV here talk about how to verify VC. Because VC is no public key of the Issuer (should not have, because even with, IV still have to personally verify that the public key is true). Here VC id of a URI, and the Issuer field of the VC is also a URI. The Issuer may also be using the DID as its identity. So get it DID VC by the Issuer field --URI address, then you can get it DID corresponding public key from the DID documentation. With the public key to verify the signature of the VC will be able to verify that the VC Issuer issued.
Of course, verify the user's method IV is also true: with Holder (ie user) of DID DID documentation corresponding public key to verify the legitimacy of its digital signature.
3 uPort project
uPort is used to build a collection of tools and protocols to a user-centered to the center of application. It is built on open standards and open source libraries. --UPort official website
uPort project party believes that general DApp with it has many limitations, the higher the user's threshold:
You must download a wallet
understanding and wallet, key concepts related to
your account on the need to apply a corresponding block chain
you have money to buy some platforms, such as to pay for the transaction must buy gas on the ETH ETH, you must buy the EOS EOS to mortgage CPU, RAM, NET resources. Buying platform means that at least two coins to improve the user cost of things:
the need for a currency exchange to buy encryption, it is necessary to register an Exchange account, you also need to understand the encrypted exchange of currency and stock exchanges are in fact somewhat different
need to pay for. Unlike other Internet service is free of charge as
understanding the block chain concepts P2P networks
actually is above disadvantages compared to the center in the heart of the identity of identity (in front of the advantages already talked about Kazakhstan). So uPort goal is to solve these problems, to solve these problems, decentralized identity will really convenient to the user.
It is worth mentioning that, uPort is as far as possible in line with the standard of the W3C on DID's. It should be noted here is the DID or completely block chain industry, or is something Web3 ecology nascent, W3C standards only v0.13, is still in the improvement in the standard. Therefore, as uPort has been developing products in fact in some cases the use of the DID, W3C DID standards may be no corresponding Spec, or is inconsistent with the actual situation. Therefore uPort must now come up with their own solutions.
3.1 uPort App
uPort now has a mobile end products, and also named uPort. As shown in the picture.
uPort App encryption is similar to a purse of money, you need to register on this App now look, after you have registered over a uPort ID, this uPort ID (leftmost figure) is actually a DID + Ethernet Square account the composition. And look at the back of the mountain is boneless and several DID numbers you square your Ethernet account the same (I can not see all I DID identifier, do not know the App's bug ...).
A uPort account associated with the following content, which are displayed in the uPort App:
A uPort ID: includes a DID and a ETH Mainnet Address
Basic personal information: Optional fill in Name, Email, Country, Phone four fields, where Name is required at the time you apply for an account, own either take
Credentials: Credentials that is, W3C standards mentioned in the Claims, is the VC. Said earlier VC was made after the Issuer, Holder may have its own purse, so when the next show with directly, and eliminates the need to make cost Issuer reopened. uPort App can help you to store natural VC.
Other supplementary information: two-dimensional code, such as account number, account avatar, etc.
3.2 uPort is how things work
When you start using uPort App after (that is, you already have an account uPort a), when you use one of the supported uPort DApp, you can then log in using uPort account. If you need to show some of this DApp prove that you can use to help you uPort presence uPort account corresponding VC issued DApp. That and you have to be encrypted currency trading is here to help you pull the purse signature similar transactions. A VC is like a digital signature for the transaction.
Of course, VC requires prior preparation in your uPort account. UPort account to get VC process is: the user to upload evidence to uPort account, such as proof of a driver's license photo. Then uPort as a proxy to the Issuer show proof material, get VC to your account uPort associate.
Therefore uPort running the most important of course is to have the Issuer's support. Issuer must support and cooperation of uPort. Imagine a website asks Holder to produce proof of a driver's license. Even if the user is really the driving license upload pictures to uPort account as the VC, as the IV can not be verified through photos, VC is issued by the Issuer, the Issuer must be told how to properly validate IV VC.
3.3 of doubt about uPort App
1) uPort account data is present on the presence or block chain on uPort of centralized servers?
To be honest, there seems to be no relevant documents stated. However, it is certain that some of the data link, while other data not on the chain.
uPort ID and the DID ETH account is certainly to the chain, on the main network ETH. But the user avatar, two-dimensional code assistance data server it should exist (personal speculation, this irrelevant data is not necessary on the chain).
The most crucial VC whether the chain of it? Should not the chain. VC is not a chain, as a user's privacy, if it is equivalent to a chain disclosed. In fact, VC and private key encryption currency wallet as should all exist locally, that is, there is only on your phone. From the use uPort App practical point of view, it should also exist locally. Because uPort App there is an option to help you backup VC, only a backup solution that is backed up to (as shown below) on uPort server. By default, the VC is not backed up, it is apparent that VC is the existence of local (of course, I have not seen uPort App source code).
2) IV (Inspector-Verifier) is uPort still need the VC DApp?
uPort App this App to help you get there from the Issuer VC, it naturally has the ability to help you verify (VC talked about how to verify at the W3C DID wailing in the system, but there is an article claiming uPort out by electronic records database data to compare this to be the ... verification, validation VC is being considered uPort and W3C DID standard in the same). In fact, I do not know in the end is uPort verify or DApp verification. This issue also for myself, to find out later.
How to use uPort 3.4 DApp
First talk about the current situation uPort DApp support, uPort provided as one who DID service on ETH, general service is definitely on the DApp of ETH. The use of DID DApp very small, and the DID is not the popular thing ETH - did not mention anything DID in the year 2018 are summarized in the Ethernet Square. So actually support DApp uPort should be very small.
In uPort App in about a VC Demo - through an application uPort official website: to get VC uPortlandia. But when and uPort App interaction bug seems to have led to VC show no reaction, it should be a bug.
So should now be no DApp use uPort come forward, and it feels uPort software itself is not very mature.
Its development document here.
4 questions
Accounts on the block chain, such as ETH, on the main network account whether the EOS DID?
First, DID and block the chain account, there are many similar places: the account data exists on the block chain, both by public and private key to control.
However, there are different places: DID have a globally unique identifier, meet certain criteria, we are talking about the W3C standards. And the chain is on account data in JSON format some files.
Because the block chain can only say that the main network account DID have thought in it, but can not say that it is DID. Because the main-line block chain native accounts are not interoperable.
Use the DID, users control of their own account whether the problem is solved?
First of all, there is still the center of their information technology organizations, such as the government, banks, educational institutions. This seems to be no way to change.
Secondly, if you signed up for an account at a center of the site, the account that you use in the production of data on this site are owned by natural or all of this site.
But your most critical information - there is information that the government, as long as you do not want to disclose, they will not be disclosed to the center of the site, you can use the VC way to show proof.
So, in summary, it DID does have a role in the protection of personal privacy. And public and private key DID by the similar control, and the block chain account system. Your private key only you know. DID it is for the user to control live. But as I also said, DID is not included in real personal information. You control only the DID it.
The most important question: DID catch on it?
If you DID not popular, how to talk about it all that talk. DID ability to implement them,
a depends on the participants in the DID system --Issuer, Holder, IV, IR (block chain here can be seen as service providers) are willing to use. There is no doubt, Holder definitely want to DID, this way Issuer and IR should not be reluctant. But I hope we can get the user information will not want the IV estimates.
The second depends on whether companies are willing to develop DID technology. In general there is a demand, someone will certainly willing to develop. But there are also a number of technology companies feel the need to use Blockchain + VC to achieve DID? The use of mature technologies such as PKI + JWTs (JSON Web Tokens) + OpenID seems not depend on.
5 Conclusion
In most uses the block chain solutions, often can use relatively mature technology of another program (in addition to digital currency itself). And block chain often does no particular advantage. So long as, due to the presence of inert, block chain on the floor difficult.
In fact, I think the applications may block chain is indeed relatively small minority, it is a distributed database of books, not all applications have to use such a database. The reason why the block chain is also popular because Bitcoin rose up, and does not seem to technology itself. Those who need to use the application itself distributed systems, since the use of block chain block chain popular, in fact, they direct the use of distributed systems on it. It should not adapt the world to block chain, but should be block chain adapt to the world.
I personally present the most promising or DeFi. After the block chain to expand into all areas of attempts, it is time to converge back to the most likely landing a few scenes, and anyway, the industry generally believe that the most likely landing financial and games.
references:
[1] Decentralized Identifiers (DIDs) v0.13 - the Data Model and syntaxes
.. [2] Understanding Decentralized IDs (DIDs) Adam Powers
. [3] to the center of the capital when the stamp status report.
[4] UPort overview. UPort official website
[5] uPort book Brief Explanation 1.
[5] uPort Interpretation 2.medium
----------------
Disclaimer: This article is CSDN blogger "treaser 'original article, follow the CC 4.0 BY-SA copyright agreement, reproduced, please attach the original source link and this statement. .
Original link: https: //blog.csdn.net/treaser/article/details/99004355
