DID & Verifiable Credentials
Unlock the power of Decentralized Identity (DID) and Verifiable Credentials. Learn key concepts, benefits, and implementation strategies using DICE ID.
Last updated
Unlock the power of Decentralized Identity (DID) and Verifiable Credentials. Learn key concepts, benefits, and implementation strategies using DICE ID.
Last updated
SSI is the idea that you “OWN” and “CONTROL” your identity data. You control when and how it is provided to others, and when it is shared, it is done so in a trusted way. With SSI, there is no central authority holding your data that passes it on to others upon request. And because of the underlying cryptography and blockchain technology, SSI means that you can present claims about your identity and others can verify it with cryptographic certainty.
DIDs are the base layer of decentralized identity infrastructure. DIDs can be used to identify various entities in the Verifiable Credentials ecosystem such as issuers, holders, subjects, and verifiers. More generally, DIDs can be used as identifiers for people, devices, and organizations.
A globally unique persistent identifier that does not require a centralized registration authority and is often generated and/or registered cryptographically. A DID refers to any subject (e.g., a person, organization, thing, data model, abstract entity, etc.) as determined by the controller of the DID. DIDs are URIs that associate a DID subject with a DID document allowing trustable interactions associated with that subject. A DID is a simple text string consisting of three parts:
the did URI scheme identifier
the identifier for the DID method
the DID method-specific identifier.
Each DID document can express cryptographic material, verification methods, or services, which provide a set of mechanisms enabling a DID controller to prove control of the DID. Services enable trusted interactions associated with the DID subject. The example DID above resolves to a DID document.
DID by itself doesn't have much value except for representing an issuer or verifier. For identity holder their DID is as good as the credentials associated with
In the physical world, a credential might consist of:
Information related to identifying the subject of the credential (for example, a photo, name, or identification number)
Information related to the issuing authority (for example, a city government, national agency, or certification body)
Information related to the type of credential this is (for example, a Dutch passport, an American driving license, or a health insurance card)
Information related to specific attributes or properties being asserted by the issuing authority about the subject (for example, nationality, the classes of vehicle entitled to drive, or date of birth)
Evidence related to how the credential was derived Information related to constraints on the credential (for example, expiration date, or terms of use
A verifiable credential can represent all the same information that a physical credential represents. The addition of technologies, such as digital signatures, makes verifiable credentials more tamper-evident and more trustworthy than their physical counterparts. Holders of verifiable credentials can generate verifiable presentations and then share these verifiable presentations with verifiers to prove they possess verifiable credentials with certain characteristics.
Schema is a data structure which represents the type of credential that can created and issued. The schema definition is flexible and can have any number of attributes based on the use case requirements. The identity issuer is allowed to create schemas which can be reused by other issuers in the ecosystem. The schema is the building block for credential definition which is created by a particular identity issuer. Schemas can also be used to create verification templates which are used for identity verification.
Identity Issuers create one or more credential definition based on a pre-defined schema. The credential definition which is signed by issuer gets published on blockchain. Identity holders and verifiers use the credential definition on blockchain for presenting the identity proof and verifying it.
Identity Verifiers define the data structure for the proof they need to determine if the identity holder is eligible for availing their services. The Identity Holder has to present a matching proof for the verification to succeed. The verification template provides flexibility to define any set of attributes based on the use case being implemented.
Identity holders provide their credentials as a proof or claim to the verifiers to prove their identity or their eligibility for availing a service. The proof is created based on the credentials that are available with the identity holder in their wallet and the verification template that is required by the verifier. If a matching credential is available, then the proof can be presented for verification.
Credentials issued by an issuer can be revoked based on use case requirements. This revocation is recorded on blockchain so that the verifier can determine the credential validity at any point of time.
