What is a DID? (1/3)
In 2021, XSL Labs will launch its decentralized identifier, the SDI. In order to enlighten the reader on the nature of these new tools, on their technical characteristics as well as on the numerous uses that they will have in the future, we have decided to discuss each of these different aspects in this series of articles. We hope to shed new light on one of the most innovative yet little-known tools of the Web 3.0.
First of all, it is necessary to specify that DIDs are still in their beginnings, and that their functioning as presented in this article is intended to be as general as possible. There may be DIDs that use variants of the technologies presented or that use different technologies.
The purpose of this article is to give the reader an idea of the essential principles of decentralized identifiers and not to be exhaustive in terms of the differences that exist between the different types of DIDs. This article is also not intended to be a sum of technical details, but rather a general information article, in order to be accessible to the greatest number of people.
We wanted to do this article in order to clearly explain to all the people who support XSL Labs’ project the functioning of the DID that we will develop, the Secure Digital Identity. Throughout this series of articles, we will use the generic term DID, but all the explanations concerning the DID also apply to the SDI.
In this article we will try to familiarize the reader with the notion of Decentralized Identifier and we will try to report on the different uses that these will have in tomorrow’s Internet as well as the identity solutions that they will bring.
Blockchain, decentralization and data security
According to the W3C, a Decentralized Identifier, or DID, is “a globally unique identifier that does not require a centralized registration authority because it is registered with Distributed Ledger Technology (DLT) or some other form of decentralized network.”
Existing identity management systems rely on centralized authorities that store the identity data of all users of their services in large, centralized databases that are analogous to large digital vaults. Despite the variety of security systems that protect these vaults, none of them are impervious to attacks from determined hackers.
Much like a bank vault that holds the deposits of thousands of savers in one central location, if attackers find a way to defeat the security systems that defend these vaults, they will have access to all of the savers’ deposits at once, as they are stored in one place, centrally. Similarly, on the Internet, hackers who attack centralized databases have the opportunity to appropriate all the data stored by the many users of a service in a single effort.
The blockchain, that is at the heart of DID technology, emancipates ourselves from this centralized identity management by decentralizing the identity information of identifiable entities. In this system, entities are identified by decentralized identifiers, or DIDs, and authenticated by proofs (e.g. digital signatures, privacy-protecting biometric protocols such as KYC, etc.) and this data is stored on various types of decentralized servers. Furthermore, hackers will never be able to establish a link between encrypted data on a decentralized network and a particular user. The only entity capable of decrypting this data will be the DID subject, who alone will possess the key required to decrypt this data.
In this way, a hacker who wishes to obtain a person’s identity data for the purpose of selling it or making any other illegal use of it could only do so by specifically hacking into each user’s devices. This process would result in a profit too small in relation to the complexity of the task and its execution time. It is then as if, instead of having to bypass the security system of a single centralized bank vault containing the deposits of all its clients, the thieves had to break into each saver’s home to find their personal safes and then open them one by one to obtain the same benefit as if they had only had to open a single centralized vault.
Decentralization also makes it possible to ensure information is immutable. If hackers manage to get their hands on information available in a centralized server, they can then modify it at will on the server where it is stored. This is made impossible thanks to the blockchain. As the information is available on different blocks, if one of them is modified, it will only be modified on one of the blocks and all the others will be able to challenge the integrity of the corrupted information and restore the truth.
In the following article, we will discuss the basic technological principles on which DIDs are based. In particular, we will discuss the notions of Verifiable Credentials and public-key cryptography.
For more information about XSL Labs’ SDI, you can explore the website www.xsl-labs.org where you will find a series of videos and texts presenting the ecosystem developed by XSL Labs as well as the White Paper of the project.