Decentralized identity explained

Alice controls the private key of the DID that the school signed.

@@MasterNeiXD Yes..."Alice" have the key. I meant Levels of assurance (LOA), misspell from my part. How do we know that it was Alice that collected the key. Thats the hard part. Validation of the user collecting the ID in a manner that works for everyone without losing LOA.

@@MasterNeiXD same as for the credentials we use today, add biometrics

@@karlcastor8692 oh, yeah. We need to trust the "issuers". The signers. If someone you trust, for example a big university, signed a message confirming a public key belongs to Alice, then you know it's true.

you don't like your freedom and privacy? Russian millioniares just had their yachts and townhouses taken from them - even if they were against the Russian invasion. Canadians protesting had their bank accounts frozen. This digital ID will mean the end of freedom.

The Decentralized Identity Public Key Identifier is recorded for sure, but not necessarily the Identity Attributes. Think of it similar to a torrent file which is the metadata and link to a media file, however, the actual bits are stored and distributed in a decentralized fashion.

@@GabrielRodriguezInjectedFusion I'm curious about how Microsoft has dealt with revocation. I've been studying the subject and I haven't found a clear demonstration on this. W3C specs for DIDs are defined very broadly, it's still a work in progress. I think the only way to really achieve revocability is by hosting the DID on users' device. It's the only way to wipe out the DID for sure. Blockchain is unnecessary IMHO and can be perfectly replaced by IPFS or using hypercore protocol (formally dat)

@@sprintwithcarlos It's important to note the DID address itself is what is committed to a blockchain, not the details of the identity. There really isn't any big deal about a randomized DID address existing on a distributed public ledger. That's just the lookup and points the way to more conventional datastore that actually hosts the identity details and attributes itself. So in terms of revocation, Alice with the private key controls who has access and can grant and revoke access anytime to her identity details & attributes. Lastly, it is possible for Alice to completely block all access to her identity trust stores and her mobile phone and also cloud-storage providers. Then delete her private key. This also known as cryptographic deletion.

Why would you need to store Alice's identifier/public key in a public registry anyway, and who would register it? To verify credentials, publishing the issuer's public signing key should be sufficient.

@@johannessedlmeir3045 According to W3C specs, since DID should resolve to a DID document, you need a "verifiable data registry". Beside a blockchain, it could be also a distributed ledger, decentralized file system, distributed database, peer-to-peer network, etc. The identifier does not include the public key, is just an URI that resolves to a DID document. The public key then could be included in that document. At the beginning I also thought that sharing everything with a JWT will suffice but since attributes can change after the issuance developmentdecentralizeddon't require such a huge infrastructure. For a peer DID, no blockchain should be necessary

Thanks for sharing!

That's why security systems should still leverage Multi-Factor-Authentication. For Alice to use her private keys within her digital identity wallet should only happen after multiple forms of proof are presented. In the example, something like Alice's fingerprint should be given (something Alice has) AND the pin number (something Alice knows). Additional challenge proofs requirements, e.g., one-time-passwords, hardware security tokens, etc. can be enforced depending on the security level required.

Replication is almost impossible because the pseudonym ID is cryptographically generated and secured with a biometric proof or a pin only known by the user. It's how Bitcoin uses and in 10 years nobody has broken the system. The only way a hacker would have to grant access to another account is by obtaining both the private key and the pin. Self sovereign identity users should understand this and act accordingly (handling the storage of credentials in a secure way).

While human intervention is the Block chain.

Depends if the blockchain is decentralized than it is okay.

@@mvrtgt The protocol (rules) are centralized. Only the storage and automated operation is decentralized. It doesn't give power to people. Quite the opposite.

​@@argusfestquindi è una trappola?

This isn’t microsoft's idea xD they just jump on the train because this is inevitable…
Digital id’s are coming only question is will they be decentralized, or are we going the chinese way of dictatorship (centralized)

A centralized Chinese-style all-encompassing social credit system is the goal. Everything about this was thought through thoroughly.

@@taryn2736 exactly. one world government and all of us underlings will be serfs, peons and easily controlled. The US president just signed a bill to give all new cars sold 5 years from now a kill switch. So, if a big protest is coming, your car, your ability to buy gas, or food, or a bus ticket or poster board could easily be stopped. Heck, they could do that for everyone everywhere for a few days until they could figure out where the threat was.
Covid-19 lockdowns were a small taste of what was to come.

yes. this video is crap. it just claims you can prove to someone you are not a robot if you just show them a bunch of people who agree you are human.
but how is this system supposed to trust that bunch of people? how does it know they are not all bots? do they also ask them for people who agree they are human? doesn't work, unless you have at some point some authority you can trust that just decides who is a robot and who is human. the bitcoin people have tried this every way imaginable and they can't .

@@aresgood1 that's not the problem this is trying to solve.
Just like with "sign in with google/Facebook etc" You have an identity with that provider. Other companies/or applications can leverage that identity to know who you are with out you having to repeat your information to them. None of that can prove you weren't a bot in the first place. If you do happen to be a human though it can give you more control over where you store your data, who has access, and a single company can't just delete that identity on you.
The key word is "decentralized".

@@ragnarok7976 yeah. it claims to be decentralized, and it workd by giving you multiple providers. so it's centralized around them

@@aresgood1 Not exactly. MS is providing the initial service but they don't really control much once the ball is rolling. They will post the public key to a block chain but they can't remove it once that is done. They might provide the blockchain service but most of the talk I've seen say MS won't be making their own block chain they will use one that already exists like say bitcoin. Theoretically though this method would work on any block chain.
That's the decentralization. No one really "owns" a blockchain or can mutate data that has been added to it. Not to say I implicitly trust MS but if the implementation is how they claim it is the science and math behind is sound.

@@ragnarok7976 i am suck and tired of people claiming something is decentralized just because it's on a block-chain. if the block-chain has to interact with entities outside the blockchain, and these entities are centralized, then so is the system.

Decentralized Identity is the solution.

arcblock abt@@mvrtgt

​@@mvrtgtchi ti assicura che sia realmente decentralizzato?

they must be stopped before this digital ID takes effect, before it is too late.

@Rene Elon lol yes right

@Kenzo Wilder lol yea right

why not just rob a bank if you want to live in a prison. that is what a digital ID will be - a technocracy that will imprison most people.