diff --git a/docs/academy/part-2/decentralized-identity.mdx b/docs/academy/part-2/decentralized-identity.mdx index bb746fdf4da..383cfa694be 100644 --- a/docs/academy/part-2/decentralized-identity.mdx +++ b/docs/academy/part-2/decentralized-identity.mdx @@ -9,7 +9,7 @@ import * as quiz from './decentralised-identity-quiz.json'; Reading time: {readingTime} min -Unlike traditional identity systems, where personal identification information is centralized and often managed by a single entity (such as a company or government), **decentralized identity** enables individuals to control and manage their own identification data. This model, also known as Self-Sovereign Identity (SSI), offers several key advantages. +Unlike traditional identity systems, where personal identification information is centralized and often managed by a single entity (such as a company or government), **decentralized identity** enables individuals to control and operate their own identification data. This model, also known as Self-Sovereign Identity (SSI), offers several key advantages. It enhances security and privacy, as data is not stored in a central location vulnerable to attack or abuse. It increases transparency and trust, as users can choose how, when, and with whom to share their information without relying on intermediaries. @@ -17,6 +17,16 @@ This reduces the risk of censorship or manipulation by third parties. The importance of decentralized identity lies in its ability to give individuals back the power over their personal information in an increasingly digital world, offering a new approach to identity management that is secure, transparent, and user-centric. +:::info + +OKP4 integrates [W3C standards](https://www.w3.org/) for decentralized identity, guaranteeing compatibility and interoperability across a wide range of specifications. + +**For more information on [W3C standards](https://www.w3.org/), refer to** +[Decentralized Identifiers doc](https://www.w3.org/TR/did-core/) +[Verifiable Credentials doc](https://www.w3.org/TR/vc-data-model-2.0/) + +::: + ## Decentralized identity roles Decentralized identity allows users to manage their personal information in their own wallet. This data, called **credentials**, is created, issued, and cryptographically signed by an entity called **Issuer** to a **Holder**. The Holder can share this data with a third party, called a Verifier. @@ -57,7 +67,7 @@ Note that blockchain technologies generally support decentralized identity. Ther *Role*: Receives and holds claims (attestations). -*Action*: The graduate (Holder) receives the digital diploma and stores it in his or her digital wallet. This wallet enables him to manage his digital credentials and attestations securely. +*Action*: The graduate (Holder) receives the digital diploma and stores it in their digital wallet. This wallet enables him to manage his digital credentials and attestations securely. **Verifier - Potential Employer**: @@ -67,7 +77,7 @@ Note that blockchain technologies generally support decentralized identity. Ther **How the process works**: 1. Diploma issuance: The university creates a digital diploma and digitally signs it. -2. Diploma storage: The graduate receives and securely stores the diploma in his/her digital wallet. +2. Diploma storage: The graduate receives and securely stores the diploma in their digital wallet. 3. Sharing and verification: When applying for a job, the graduate shares the diploma with the employer. The employer then verifies the digital signature against the university's public key. This scenario illustrates how decentralized identity systems facilitate the secure and verifiable exchange of identity information while enabling individuals to control which aspects of their identity are shared and with whom. @@ -85,7 +95,7 @@ An infinite number of DIDs can be attached to the same identity, which offers se 3. **Security**: If one DID is compromised, other DIDs and associated contexts remain secure. This isolates the risk and minimizes damage. 4. **Flexibility and scalability**: Users can create new DIDs as their needs and contexts evolve without being limited by rigid identifiers. -DIDs are managed by decentralized networks, notably blockchains. This means that no single central authority controls identity information, offering greater security and resilience against single points of failure. Users have total control over their DIDs. They can create, update, or delete their identifiers without the need for a central authority. +DIDs are managed by decentralized networks, notably blockchains. This means that no single central authority controls identity information, offering greater security and resilience against single points of failure. Users have total control over their DIDs. They can create, update, or delete their identifiers without a central authority. The DID is a [W3C](https://www.w3.org/TR/did-core/) standard designed to be interoperable across different systems and networks, facilitating their use in diverse digital contexts. @@ -95,7 +105,7 @@ The DID is a [W3C](https://www.w3.org/TR/did-core/) standard designed to be inte ### Example: An Autonomous Vehicle as a DID Holder -In the near future, autonomous vehicles could be equipped with their own decentralized identity (DID). These DIDs enable the vehicle to interact autonomously with various services and infrastructures without human intervention. +Soon, autonomous vehicles could be equipped with their own decentralized identity (DID). These DIDs enable the car to interact autonomously with various services and infrastructures without human intervention. **How the process works**: 1. Identity creation: An autonomous vehicle manufacturer generates a DID for each vehicle it produces. This DID serves as a digital identifier for the vehicle. @@ -170,14 +180,14 @@ Example: } ``` -You can use this tool to resolve a DID : https://resolver.identity.foundation/ +You can use this tool to resolve a DID: https://resolver.identity.foundation/ ### A verification method: the did:key Method The **did:key method** is a specific way to create and use DIDs that is focused on simplicity and universality. Here's an overview of the main features: Direct Incorporation of Public Key: In the did:key method, the DID directly encodes the public key itself. This means the DID is self-describing and doesn't require an external resolution to a DID document. -- Simplicity: It is one of the simplest forms of DID, as it doesn't rely on a blockchain or a distributed ledger. The did:key method generates DIDs that are entirely independent of any registry, network, or company. +- Simplicity: It is one of the simplest forms of DID, as it doesn't rely on a blockchain or a distributed ledger. The did:key method generates DIDs entirely independent of any registry, network, or company. - Instantaneous Resolution: Because the public key information is embedded in the DID, resolving a did:key DID to its DID document is a straightforward, computation-only process. There is no need to interact with a ledger or network to retrieve the DID document. - Support for Multiple Cryptographic Algorithms: The did:key method supports various cryptographic algorithms, allowing for generating different types of keys (like RSA, ECDSA, Ed25519, etc.). diff --git a/docs/academy/part-2/verifiable-claims.mdx b/docs/academy/part-2/verifiable-claims.mdx index e05a45f65dc..5dea92a79ba 100644 --- a/docs/academy/part-2/verifiable-claims.mdx +++ b/docs/academy/part-2/verifiable-claims.mdx @@ -17,7 +17,7 @@ Commonly, a credential is a certificate, proof, or qualification of competence o A credential may contain several claims. For example, a diploma contains the claims "I have a degree in Biology" and "My diploma was issued on 19/06/2023". -**Verifiable Credentials** (VCs) can be digitally authenticated, meaning that the credential receiver can verify its origin and integrity without contacting the issuer directly. The holder of the Verifiable Credential can control how and to whom his or her information is shared. For example, a person holds the VC for his degree, the Issuer of which is the university where he studied. When this person applies for a job, he or she can share this VC with the company to provide proof of his or her background and skills. The company does not need to contact the university to verify the authenticity of the VC. +**Verifiable Credentials** (VCs) can be digitally authenticated, meaning that the credential receiver can verify its origin and integrity without contacting the issuer directly. The holder of the Verifiable Credential can control how and to whom their information is shared. For example, a person holds the VC for his degree, the Issuer of which is the university where he studied. When this person applies for a job, they can share this VC with the company to provide proof of their background and skills. The company does not need to contact the university to verify the authenticity of the VC. In the [W3C standard](https://www.w3.org/TR/vc-data-model/), a credential is a set of one or more **claims** made by the same entity. Credentials include an identifier and metadata describing the credential's properties, such as the issuer, the expiry date and time, a representative image, a public key to use for verification purposes, the revocation mechanism, and so on. The issuer might sign the metadata. A verifiable credential is a set of tamper-evident claims and metadata that cryptographically prove who issued it. @@ -31,7 +31,7 @@ A **claim** is an assertion made about a subject. A **credential** is a set of one or more claims made by an issuer. -A **verifiable credential** is a tamper-evident credential that has authorship that can be cryptographically verified. These verifiable credentials can be used to build verifiable presentations, which can also be cryptographically verified. +A **verifiable credential** is a tamper-evident credential with authorship that can be cryptographically verified. These verifiable credentials can be used to build verifiable presentations, which can also be cryptographically verified. A **verifiable presentation** is a tamper-evident presentation encoded in such a way that authorship of the data can be trusted after a process of cryptographic verification. @@ -47,7 +47,7 @@ A government authority issues a digital passport to a citizen. Use when traveling : -- Airport Verification: When traveling, the passport holder presents his or her digital passport at the airport. +- Airport Verification: When traveling, the passport holder presents their digital passport at the airport. - Verifier (Customs): Customs officers use a system that verifies the passport's digital signature and metadata to confirm its authenticity. The digital signature and metadata ensure enhanced security by preventing forgery and guaranteeing data integrity. Compliance with W3C standards facilitates fast, efficient data verification by verifiers. @@ -79,7 +79,7 @@ These VCs play a crucial role in regulating and managing resources. They define Except from Governance credentials, resources are considered to be under "Self-Sovereign" management according to the following two principles: -- **Free Issuance of Claims**: In this framework, any entity (individual, organization, service, etc.) can issue claims on the resource concerned, **with the exception of governance claims**, which are issued by the identities themselves. +- **Free Issuance of Claims**: In this framework, any entity (individual, organization, service, etc.) can issue claims on the resource concerned, **except for governance claims**, which are issued by the identities themselves. - **Unilateral revocation of claims**: This principle stipulates that claims can only be revoked by the entity that issued them. This means that if Entity A issues a claim on the resource, only Entity A can revoke that claim. This principle is unalterable and remains independent of any intervention or modification by governance structures. Self-sovereign governance is particularly well suited to environments where autonomy and decentralization are paramount, as is the case in the OKP4 dataverse. However, we must remain vigilant to the "gossip effect": given that any entity can issue credentials, there is a risk that unverified or inaccurate information will be disseminated. This phenomenon poses a significant challenge in balancing individual freedom and collective interest. Such dynamics need to be carefully considered when designing governance schemes in Zones.