Decentralized Identity for a Decentralized World€¦ · Design Principles Users can have one, or...
Transcript of Decentralized Identity for a Decentralized World€¦ · Design Principles Users can have one, or...
![Page 1: Decentralized Identity for a Decentralized World€¦ · Design Principles Users can have one, or more, DIDs—based on open standards. DIDs can be resolved across chains: public,](https://reader033.fdocuments.in/reader033/viewer/2022060418/5f15b6b451a6d618c27b9602/html5/thumbnails/1.jpg)
Decentralized Identityfor a Decentralized World
Alex SimonsPartner Director Program Management, Identity Division
Microsoft
![Page 2: Decentralized Identity for a Decentralized World€¦ · Design Principles Users can have one, or more, DIDs—based on open standards. DIDs can be resolved across chains: public,](https://reader033.fdocuments.in/reader033/viewer/2022060418/5f15b6b451a6d618c27b9602/html5/thumbnails/2.jpg)
Today
Your Identity == App(username, password)
![Page 3: Decentralized Identity for a Decentralized World€¦ · Design Principles Users can have one, or more, DIDs—based on open standards. DIDs can be resolved across chains: public,](https://reader033.fdocuments.in/reader033/viewer/2022060418/5f15b6b451a6d618c27b9602/html5/thumbnails/3.jpg)
u s e r n a m e
l l l l l l l l
However
Your Identity > App(username, password)
![Page 4: Decentralized Identity for a Decentralized World€¦ · Design Principles Users can have one, or more, DIDs—based on open standards. DIDs can be resolved across chains: public,](https://reader033.fdocuments.in/reader033/viewer/2022060418/5f15b6b451a6d618c27b9602/html5/thumbnails/4.jpg)
Identity is everything you do
Your Identity > App(username, password)
play
purchaseseducation
achievements
interests
work citizenship
u s e r n a m e
l l l l l l l l
![Page 5: Decentralized Identity for a Decentralized World€¦ · Design Principles Users can have one, or more, DIDs—based on open standards. DIDs can be resolved across chains: public,](https://reader033.fdocuments.in/reader033/viewer/2022060418/5f15b6b451a6d618c27b9602/html5/thumbnails/5.jpg)
But our identities are strewn across apps and services
Your Identity > App(username, password)
u s e r n a m e
l l l l l l l l
play
purchases education
achievements
interests
work citizenship
![Page 6: Decentralized Identity for a Decentralized World€¦ · Design Principles Users can have one, or more, DIDs—based on open standards. DIDs can be resolved across chains: public,](https://reader033.fdocuments.in/reader033/viewer/2022060418/5f15b6b451a6d618c27b9602/html5/thumbnails/6.jpg)
As a result, our identities are at risk
Your Identity App(username, password)
Endless breaches
of personal data
Billions spent
on audits
Unauthorized use
or personal data
!
![Page 7: Decentralized Identity for a Decentralized World€¦ · Design Principles Users can have one, or more, DIDs—based on open standards. DIDs can be resolved across chains: public,](https://reader033.fdocuments.in/reader033/viewer/2022060418/5f15b6b451a6d618c27b9602/html5/thumbnails/7.jpg)
Customer needs and asks
• Privacy and control of my identity and data
• Protection from hacks
• Protection from breaches
Individuals
• Trust, but Verify
• Collaborate with everyone
• Reduce risk for GDPR, KYC/AML
Organizations
• ID for cross border & agency
• Digital ID for refugees
• Social and financial inclusion for everyone
Governments
![Page 8: Decentralized Identity for a Decentralized World€¦ · Design Principles Users can have one, or more, DIDs—based on open standards. DIDs can be resolved across chains: public,](https://reader033.fdocuments.in/reader033/viewer/2022060418/5f15b6b451a6d618c27b9602/html5/thumbnails/8.jpg)
User in control
u s e r n a m e
l l l l l l l l
play
purchases education
achievements
interests
work citizenship
![Page 9: Decentralized Identity for a Decentralized World€¦ · Design Principles Users can have one, or more, DIDs—based on open standards. DIDs can be resolved across chains: public,](https://reader033.fdocuments.in/reader033/viewer/2022060418/5f15b6b451a6d618c27b9602/html5/thumbnails/9.jpg)
User in control
u s e r n a m e
l l l l l l l l
![Page 10: Decentralized Identity for a Decentralized World€¦ · Design Principles Users can have one, or more, DIDs—based on open standards. DIDs can be resolved across chains: public,](https://reader033.fdocuments.in/reader033/viewer/2022060418/5f15b6b451a6d618c27b9602/html5/thumbnails/10.jpg)
Incubation Hypothesis for Decentralized ID
Each of us needs a digital identity we own, one
which securely and privately stores all elements of
our digital identity.
This self-owned identity must seamlessly integrate
into our lives and give us complete control over
how our identity data is accessed and used.
![Page 11: Decentralized Identity for a Decentralized World€¦ · Design Principles Users can have one, or more, DIDs—based on open standards. DIDs can be resolved across chains: public,](https://reader033.fdocuments.in/reader033/viewer/2022060418/5f15b6b451a6d618c27b9602/html5/thumbnails/11.jpg)
Own and control your Identity
Proof of Concept
![Page 12: Decentralized Identity for a Decentralized World€¦ · Design Principles Users can have one, or more, DIDs—based on open standards. DIDs can be resolved across chains: public,](https://reader033.fdocuments.in/reader033/viewer/2022060418/5f15b6b451a6d618c27b9602/html5/thumbnails/12.jpg)
The User Agent generates keys
User
Identity Hub
Universal Resolver
User Agent
Bitcoin via Blockstack Sovrin via Sovrin ledger Ethereum via uPortcoming soon
![Page 13: Decentralized Identity for a Decentralized World€¦ · Design Principles Users can have one, or more, DIDs—based on open standards. DIDs can be resolved across chains: public,](https://reader033.fdocuments.in/reader033/viewer/2022060418/5f15b6b451a6d618c27b9602/html5/thumbnails/13.jpg)
Alice creates a Digital ID on the blockchain
User
Identity Hub
Universal Resolver
User Agent
Bitcoin via Blockstack Sovrin via Sovrin ledger Ethereum via uPortcoming soon
![Page 14: Decentralized Identity for a Decentralized World€¦ · Design Principles Users can have one, or more, DIDs—based on open standards. DIDs can be resolved across chains: public,](https://reader033.fdocuments.in/reader033/viewer/2022060418/5f15b6b451a6d618c27b9602/html5/thumbnails/14.jpg)
The Blockchain returns Alice’s Decentralized ID (DID) identifier
User
Identity Hub
Universal Resolver
User Agent
DID://<string>
Bitcoin via Blockstack Sovrin via Sovrin ledger Ethereum via uPortcoming soon
![Page 15: Decentralized Identity for a Decentralized World€¦ · Design Principles Users can have one, or more, DIDs—based on open standards. DIDs can be resolved across chains: public,](https://reader033.fdocuments.in/reader033/viewer/2022060418/5f15b6b451a6d618c27b9602/html5/thumbnails/15.jpg)
user@edu
l l l l l l l l
Alice signs in using her student credentials
User
Universal Resolver
University
User Agent
Identity Hub
Bitcoin via Blockstack Sovrin via Sovrin ledger Ethereum via uPortcoming soon
![Page 16: Decentralized Identity for a Decentralized World€¦ · Design Principles Users can have one, or more, DIDs—based on open standards. DIDs can be resolved across chains: public,](https://reader033.fdocuments.in/reader033/viewer/2022060418/5f15b6b451a6d618c27b9602/html5/thumbnails/16.jpg)
and requests a digital diploma
User
Universal Resolver
University
Please send a
Digital Diploma
User Agent
Identity Hub
Bitcoin via Blockstack Sovrin via Sovrin ledger Ethereum via uPortcoming soon
![Page 17: Decentralized Identity for a Decentralized World€¦ · Design Principles Users can have one, or more, DIDs—based on open standards. DIDs can be resolved across chains: public,](https://reader033.fdocuments.in/reader033/viewer/2022060418/5f15b6b451a6d618c27b9602/html5/thumbnails/17.jpg)
The University requests Alice’s Digital ID
User
Universal Resolver
University
Please send your
Digital ID
User Agent
Identity Hub
Bitcoin via Blockstack Sovrin via Sovrin ledger Ethereum via uPortcoming soon
![Page 18: Decentralized Identity for a Decentralized World€¦ · Design Principles Users can have one, or more, DIDs—based on open standards. DIDs can be resolved across chains: public,](https://reader033.fdocuments.in/reader033/viewer/2022060418/5f15b6b451a6d618c27b9602/html5/thumbnails/18.jpg)
The User Agent discloses the Digital ID to the University
User
Universal Resolver
DID://<string>
User Agent
University
Identity Hub
Bitcoin via Blockstack Sovrin via Sovrin ledger Ethereum via uPortcoming soon
![Page 19: Decentralized Identity for a Decentralized World€¦ · Design Principles Users can have one, or more, DIDs—based on open standards. DIDs can be resolved across chains: public,](https://reader033.fdocuments.in/reader033/viewer/2022060418/5f15b6b451a6d618c27b9602/html5/thumbnails/19.jpg)
User
Universal Resolver
User Agent
University
The University sends a digital diploma signed with it’s digital ID
Identity Hub
Bitcoin via Blockstack Sovrin via Sovrin ledger Ethereum via uPortcoming soon
Allow
Deny
Signed Diploma from University.
Accept attestation?
1 item has been received
Accept or discard attestation
![Page 20: Decentralized Identity for a Decentralized World€¦ · Design Principles Users can have one, or more, DIDs—based on open standards. DIDs can be resolved across chains: public,](https://reader033.fdocuments.in/reader033/viewer/2022060418/5f15b6b451a6d618c27b9602/html5/thumbnails/20.jpg)
The User Agent signs and stores it in Alice’s identity hub
User
Universal Resolver
University
Identity Hub
User Agent
Bitcoin via Blockstack Sovrin via Sovrin ledger Ethereum via uPortcoming soon
![Page 21: Decentralized Identity for a Decentralized World€¦ · Design Principles Users can have one, or more, DIDs—based on open standards. DIDs can be resolved across chains: public,](https://reader033.fdocuments.in/reader033/viewer/2022060418/5f15b6b451a6d618c27b9602/html5/thumbnails/21.jpg)
Now Alice can present her digital diplomato potential employers and other organizations Potential
Employers & Professional
network
Users
Universal Resolver
Identity Hub Present signed
diploma
User Agent
Bitcoin via Blockstack Sovrin via Sovrin ledger Ethereum via uPortcoming soon
![Page 22: Decentralized Identity for a Decentralized World€¦ · Design Principles Users can have one, or more, DIDs—based on open standards. DIDs can be resolved across chains: public,](https://reader033.fdocuments.in/reader033/viewer/2022060418/5f15b6b451a6d618c27b9602/html5/thumbnails/22.jpg)
In Summary…
![Page 23: Decentralized Identity for a Decentralized World€¦ · Design Principles Users can have one, or more, DIDs—based on open standards. DIDs can be resolved across chains: public,](https://reader033.fdocuments.in/reader033/viewer/2022060418/5f15b6b451a6d618c27b9602/html5/thumbnails/23.jpg)
Users
People, Apps, and Devices
Join, Collaborate, ContributeCCG
In Summary…
Universal Resolver
Identity Hub
User Agent
Stage: Working Implementations
Stage: Designs & Prototypes
Stage: Alpha Implementation
Stage: Designs in progress
DID Authentication
W3C Decentralized Identifiers
Distributed SystemsBlockchains and Ledgers
Stage: Working Implementations
Bitcoin via Blockstack Sovrin via Sovrin ledger Ethereum via uPortcoming soon
![Page 24: Decentralized Identity for a Decentralized World€¦ · Design Principles Users can have one, or more, DIDs—based on open standards. DIDs can be resolved across chains: public,](https://reader033.fdocuments.in/reader033/viewer/2022060418/5f15b6b451a6d618c27b9602/html5/thumbnails/24.jpg)
Design Principles
Users can have one, or more, DIDs—based on open standards.
DIDs can be resolved across chains: public, private, etc.
DID permissions are managed using keys that are accessible only to the user.
Identity attributes (or claims) are stored in an off-chain, standards-based Identity Hub.
Users can have one, or more, Identity Hubs, stored locally on devices or in the Clouds.
User consent is required to access Identity claims—supports granular access controls.
Claims are compatible with existing standards (Oauth2.0/OIDC).
![Page 26: Decentralized Identity for a Decentralized World€¦ · Design Principles Users can have one, or more, DIDs—based on open standards. DIDs can be resolved across chains: public,](https://reader033.fdocuments.in/reader033/viewer/2022060418/5f15b6b451a6d618c27b9602/html5/thumbnails/26.jpg)
The next 3 steps to making the ecosystem real
1. Ease of useRegistration
Key management
Zero-knowledge-proof
Compatibility
Recovery and revocation
![Page 27: Decentralized Identity for a Decentralized World€¦ · Design Principles Users can have one, or more, DIDs—based on open standards. DIDs can be resolved across chains: public,](https://reader033.fdocuments.in/reader033/viewer/2022060418/5f15b6b451a6d618c27b9602/html5/thumbnails/27.jpg)
The next 3 steps to making the ecosystem real
1. Ease of useConsistent experience
that scales globally from
10s to 100s of thousands
per second.
2. Performance & Scale
![Page 28: Decentralized Identity for a Decentralized World€¦ · Design Principles Users can have one, or more, DIDs—based on open standards. DIDs can be resolved across chains: public,](https://reader033.fdocuments.in/reader033/viewer/2022060418/5f15b6b451a6d618c27b9602/html5/thumbnails/28.jpg)
The next 3 steps to making the ecosystem real
1. Ease of use 2. Performance & Scale 3. Join, collaborate,and contribute
![Page 29: Decentralized Identity for a Decentralized World€¦ · Design Principles Users can have one, or more, DIDs—based on open standards. DIDs can be resolved across chains: public,](https://reader033.fdocuments.in/reader033/viewer/2022060418/5f15b6b451a6d618c27b9602/html5/thumbnails/29.jpg)
The next 3 steps to making the ecosystem real
1. Ease of use 2. Performance & Scale 3. Join, collaborate,and contribute
Thank [email protected]
© Copyright Microsoft Corporation. All rights reserved.
![Page 30: Decentralized Identity for a Decentralized World€¦ · Design Principles Users can have one, or more, DIDs—based on open standards. DIDs can be resolved across chains: public,](https://reader033.fdocuments.in/reader033/viewer/2022060418/5f15b6b451a6d618c27b9602/html5/thumbnails/30.jpg)
Distributed SystemsBlockchains and Ledgers
Users
Universal Resolver
Identity Hub
People, Apps, and Devices
In Summary…
Bitcoin via Blockstack Ethereum via uPort Sovrin via Sovrin ledgercoming soon
W3C Decentralized Identifiers
User Agent
Data off-chain
Instances across devices & clouds
Schema-based
For a variety of chains
Registration
Resolution
DID Authentication
Id + service end-point on-chain
Keys generated & stored locally
Data encrypted at edge