DID: A new self-awareness
instructions
With the rapid development of Metaverse and Web3, DID (Decentralized Identity) has become a hot topic. Besides the metaverse and Web3, DID can be used effectively in digital cities and elsewhere. But why? What is the cost of DID compared to traditional self-regulation solutions? What are the weaknesses of technological development? Among these questions, Wang Puyu, chief economist of Wanxiang Blockchain, has done an in-depth study, and here is the full text of the research guide for you to use.
In recent years, people's interest in the privacy and security of personal information has increased greatly, this article will often address this issue by considering self-control, including four factors: first, what is self-control? self with the solution? Second, what is DID? What is the technological process? Third, what is the bottle in the development of DID technology? Fourth, what type of flame can be extinguished by a combination of blockchain technology and DID technology?
ib
self control
A personal statement has three elements: identity, proof of identity and recognition. We focus on self-regulation in two major areas: the physical world and the online world.
1. Identity system
(1) personnel
In the physical world, each person is born with personal characteristics, such as appearance, weight, age, skin color and fingers. In order to quickly describe a personality trait, we use the name as the service number for everyone. Identify others quickly. Think about anything about another person at the same time. Together it is called self.
There is also the Internet world, which corresponds to the physical world, but the notion of identity is completely different. In the Internet world, users can configure their virtual "personal" profile according to their preferences, such as name, gender, height, weight, etc., and "attributes", which can change at any time. . This period is different from the existing self due to the lack of uniqueness and authenticity.
(2) ID
In the physical world, the human body has become larger, and self-certification has arisen to support central management control. A large organization issues special identification certificates based on the characteristics of several people to prove that an organization qualifies or declares that it favors certain policies and procedures, and Be responsible when dealing with other people and organizations can be used to make decisions. Conflict monitoring and trust. A self-identification card proves that a subject is in a particular country and prefers special rules by highlighting personal characteristics, such as a government-issued card or passport. It can prove that the self is capable of leading.
In the internet world, content analysis is completely different from the real world. In the physical world, personal information is directly related to oneself, which allows them to share personal information with themselves, but in the original world, Answer Internet has no relationship between personal and personal information, only different information. The Internet itself cannot transmit the subject itself, because the need is characteristic (age, height, name, etc.) does not correspond to the actual behavior and returned to the examination application. With the development of the Internet world, anonymity and non-traceability has affected the governance and security of the global body, more and more politicians need to have a platform to do the right thing for a real username. The relationship between the Internet ID card and the global certificate is self-declared, and adds to the self-learning profile.
Interestingly, an Internet ID card user must rely on a real-world certificate to determine the difference and authenticity of an identity. However, websites around the world on the Internet are completely different and have authentication from the beginning, such as the URI (Uniform Resource Identifier) URI as shown in the form Figure 1. Each website has its own name domain name, and the domain name registration (identity certificate) is administered by the International Domain Name Management Center, and our country is administered by the China Internet Network Information Center.
Daim duab 1: Uniform Resource Identifier (UID) Architecture
(3) Certificate
In today's social process, self-assessment is the foundation of trust. Self-assessment is required in case of interactions between individuals or organizations. In other words, it aims to keep the rules simple and secure by proving that an individual or organization has or benefits from certain rights and assistance interests. The system works by self-assessment. .
① Recognition of the physical world
An exercise such as many forms or cards are long growth in humans, such as the cards, passport, driver's license. By enhancing technology, body media announced that the body is easy, and confirm the symbols cannot know the tool and the rules and results. Therefore, the certificate is that it is difficult to follow the old relationship rules and safety rules. In order to protect the self, government and organization to be improved by two things. The first this is to improve the latest authentation meter. Make a lot of recommendations such as my country card ID to increase laser paint colors and increases small pieces and light. Set of layers. These changes are increased only for illegal costs of the molecules, and is not able to remove the incorrect problem. The second aspect is to improve the proof means. The government's government office of physical activity, the first problem, the first problem, the first problem, no special issues, not a particular problem for all of the characters you come voluntary check it. The information makes proofs of proof not completed. The second problem is that marketing and other users are not allowed to the radio canceled, and the number cannot be identified in the collaboration daily.
Identification of the Internet user
In the Internet world, authentication depends only on username and password. Access to information is also defined as recognition. There are two issues with this evidence, the first is that usernames and passwords can be easily stolen by network attackers, and the second is that the root system is under control and respects the personal information of the user. We exchange users' personal information.
2. Information on security issues
Whether it is the physical world or the world on the Internet, there are problems of self-regulation and the identity of the two worlds is slowly intertwining. The problem of self-identification in the physical world is fueled by Internet use, and security issues stem from anonymous beliefs and lack of global tracking. The Internet is solved by introducing symbols into the physical world. Although we have addressed the issues of authenticity and self-confidence, they also bring new challenges: characteristics and behaviors affecting the network and the different platforms. We randomly collect personally identifiable information, behavioral data and use inaccurate information.
Figure 2: Data management is still applied to user data
As shown in Figure 2, in centralized management mode, user data is re-collected and stored in different platforms, and number 76, 2021, "Data is not a privacy issue with the realization of user portraits," pointed out the issue with the user. Data was over-collected, data was exchanged across multiple platforms, and users had no control over their own data behavior.
3. Other
The problem we present now is not only the problem of human autonomy mentioned above, but also with the development of the Internet and communication technologies, the connection to the network of all things and the creation of a digital world equal to the physical world. Participants in the digital world are not just people, but everything. What does it mean to become a member of everything in the digital world and the rights and interests of each digital product? This problem is related to managing the environment and building trust in the digital world. Although we mentioned above, "Identity-Identity-Authentication-Identification", speaking only of the human environment, in the physical world there are many interactions around the world, such as interconnected devices (RFID ), in addition to the individual ..). , number of products, QR numbers, etc.) in the future, if self-regulation of these terms is achieved, we will be able to control all terms in the digital world. Additionally, you need a tool that can streamline the authentication process, and you can complete "Identification-Identification-Proof-Authentication" for different products.
ob
DID Technical details
In W3C's "DID V1.0", Decentralized Identifiers (DID for short) define DIDs as new symbols worldwide. This type of assessment can be used not only for humans, but for everything: cars, animals and even machines.
Below, DID technology is introduced from the point of view of technology use and technology use, technology use generally describes the output features of DID technology, and the application generally describes the use of DID with "identity self-authentication verification".
1. Art Knowledge
There are three main types of DID technology output: DIDs, DID data, and auditable data.
Figure 3: Relationship between DID architecture and associated products
(Source : W3C DID Core)
(1) NON
A DID is a type of uniform resource identifier URI. It is a static, immutable string that has two meanings. A unique Doc DID can be extracted from a file by a unique symbol, or DID, associated with the file that describes it (DID Document, or DID Doc for short).
① DID identification method
The DID is divided into three sections, as shown in Figure 4. The first section is the DID scheme (similar to processes such as http, https, ftp in URLs), the second is the DID method (respectively, many are called DID methods), and the third consists of unique DID characters, which are used throughout the DID namespace. cim. The W3C only develops DID instruction models, there are no specific standards for creating the content of the three sections, and the specific terms related to the DID method, which will be described in Chapter 2 below.
Figure 4 : Un exemple simple de DID
② DID method
The DID process is an open source process which means creating, debugging, updating and deleting DIDs and registering, modifying, altering, restoring and expiring DIDs in the identification system. Currently, there is no built-in working model, each company can design themselves based on the functionality of the site, and it is governed by the W3C CCG working group. Since the release of "DID V1.0" on August 3, 2021, there are 103 DID registration systems with W3C, all with different names and specific procedures.
URL UA
DIDs use DID URLs to represent resource sources (such as paths, queries, explosives) to attach URIs in network address identification processes. The W3C defines the ABNF DID URL description as follows:
(2) Document UAS
DID Doc contains all information related to DID content, and Doc has a way to retrieve personal information (such as cryptographic public key, location, etc.). DID Doc is a general document format, and usually the DID administrator is responsible for writing and editing documents. The database contains important information about DID authentication and the authentication process, and provides the DID check process as evidence of the DID check mechanism. Here, the DID Controller managing the DID Doc can be DID Learning itself or a third-party organization. Administrative rules for DID Doc vary depending on the DID path.
As shown in Figure 5, the DID Doc (data stored in JSON-LD) relating to the DID in Figure 4 is stored in a centralized or decentralized location so that everyone can easily access it.
Figure 5: Sample DID document (Source: W3C DID white paper)
The DID document has two sections, as shown in Figure 6, the first section is called the label, and the terms that can be queried and read directly from the DID document have three sections: id, controller, authentication, etc. ), extension characters (Ethereum address, etc.) and some tags not registered in the W3C DID specification, the second is not specified in the DID form but goes in a special format such as Link URL linked to the Go ID on another platform or website to request information .Will have the most relevant and relevant information Well, the W3C implements unique DID names to help identify and identify specific points. When a new DID registration occurs, the platform or system must be registered with a unique DID registration.
Figure 6: Incoming ID function in DID form (Source: W3C DID White Paper)
There may be relationships between different files on different DIDs. As shown in Figure 7, W3C introduces the concept of design and application: the process of creating a DID document is product design, and the design document refers to the DID topic and uses another type of D.I.D. A process is created and eaten. At the time of authentication, the DID data relating to each DID is independent, which is equivalent to the separation of data for each DID. At the time of verification, the DID administrator can authorize other DIDs as needed, and the certifier can only read the DID agreement, but cannot receive the additional data, thus achieving the purpose of data protection of DID education.
Figure 7: DID design and implementation (Source: W3C DID white paper)
(3) Verification of registration information (VDR)
The main objective of DID is to provide the management of personal information to the user himself on the platform. And where can I find this information when I need proof? How to trust the data? The VDR discusses how to resolve these issues. , peer-to-peer network or other VDR directly interacts with the DID scheme, and usually each VDR entry has its own DID scheme according to the W3C DID specification. Currently, the main DID storage medium in the market is the wallet, and it is divided into wallet products (Coinbase, etc.), general wallet (imtoken, etc.) and smart wallets (Gnosis Safe, Dappe, Argent, etc. . ), and what support can we keep? It is best temporarily not to discuss DID data in detail in this sentence.
2. DID 구현: "Identity-Identity-Authentication"
In the first part of "Identity-Identity-Proof-Authentication", DID describes the use of these features.
(1) personnel
In the DID concept, everyone can register different DIDs on a trusted third-party platform for different purposes in different situations and at different times. The DID has no direct link with the global identity, and the data management of the DID is also managed by personal data or trusted third parties, guaranteeing this information security. In the case of personal data, it is necessary to keep the DID secure and at the same time to keep the personal data (DID Doc) compatible with the DID.
(2) ID
DID is just a chain of key determinants associated with a key, and for some purpose, a third party authorizes the issuance of an identification certificate to DID Doc based on the DID file and the right of third parties to write your own digital signature. in a file easily after authentication.. For example, Zhang San needs to prove that he can drive, in this case, does not need a license for Zhang San based in the usual centralized way, and does not need to store any special information. By DID technology, the data of the same code [1]: provide the DID provided by Zhang San directly to the DID, or use the DID provided by the DID, and DID collects the relevant data accordingly JSON-LD. Add files in DID file format (e.g. but not limited to ID, type, time of use, controller, authentication process, etc.) and file signature DMV xob. DID Doc can be stored in DMV, Zhang San smart wallet or other storage media. It should be noted here that the DID does not reveal Zhang San's features and there is no other proof of identity that shows the physical world. This DID is just one of many DIDs who are Zhang San. Therefore, Zhang San's privacy is protected because no one will know that this DID Doc is Zhang San unless Zhang San himself shows his DID certificate.
(3) Certificate
The primary purpose of the assessment is to prove that the training has completed or has been authorized to perform certain procedures. In the W3C "DID V1.0 White Paper", the objectives of certification are divided into five categories: Identification, Disclosure, Key Procedures, Telephony and Operational Approval. In the DID method, multiple paths can be designed based on 5 targets. The proof includes the information contained in the DID file and the data required to depend on the process or external platforms, the input file (includes only publicKeyJwk and publickeymultibase ) by W3C, easy to identify and identify. Here is an example of a "message". Personal DID. , it is sufficient to ensure that the user is at least 18 years old by means of zero-knowledge proof, without having to notify the platform of the specific age of the xeeb user. This is just one of many ways to prove it.
Three
Application et installation de DID
It has been four years since DID has been applied, and many industry organizations, internet platforms and fundamentals support and enhance DID technology. After a long research, the W3C released the free version DID version 1.0 on August 3, 2021. Compared with the original version 0.1, a new profile was created, and in the version 1.0, we initially thought about how to integrate existing audit processes in the industry. . Different organizations, organizations and companies have also developed various DID approaches according to the W3C DID specification, but there are a number of additional issues that need to be addressed before using DID technology, respectively.
1. How to meet the requirement?
Initially, the Internet only required username/password platform authentication, but global physical authentication was added to meet the requirement. The main purpose of this method is to make the behavior of network users accountable and traceable, and gradually build network trust, but the negative impact may cause a lot of personal data to dirty. DID handles these issues well, but still faces compliance issues. Although no legislation has been announced yet, in the future we will face the problem of how to map different DIDs to specific topics. At the same time, these relationship plans must be considered. Leaking data? This issue requires further investigation and investigation.
2. How to identify the relationship between DID and the host?
Anonymous DID and the current solutions provided by DID technology whether any person holding the DID is entitled to the rights and benefits concerned. This solution does not identify the DID provider like you do and cannot prevent the theft and illegal use of the DID. Somehow DID flags DIDs in the middleware and identifies if the DID provider is human through the middleware process, but there's still no question if it came back from the path to the environment. Do you want to start DID keys?
3. How do I do business with DID?
There are currently two latest power bases on the market from DID. First, no company is willing to voluntarily release user data, and user-generated data is as valuable as the platform moat. Accepting to break the gap is death. Second, who bears the cost of using DID technology? First, are other users willing to pay themselves? In other words, are consumers willing to pay for providers like smart wallets? How many people would be willing to participate when the personal information behavior has a chance in the future and enough to cover those costs, but the business model is unclear? Second, DID technology requires the removal of existing platform-side administrative files and the addition of authentication credentials, but who will bear the cost of interference? These conflicts will have a major impact on the use of DID technology, and there is still no optimal solution to balance the stakeholders.
4. There is a high risk of critical management
The trust of the DID depends largely on the technology, if the private key of the third party is stolen, it could be a declaration of the certificate. Or if some credentials lose their identity by mistake, this DID certificate will not be valid? Currently, there is no better solution to these problems, and the practical implementation can be very difficult.
5. Personally Identifiable Information Risk
Although DID has improved data security in relation to the process of managing personal data, some applications still carry certain risks. For example, if a third party writes down enough personal DID information, they can find diagrams of the DID symbol and the actual Infer you. all self in the world. The main cause of this problem is that most of the W3C based DID methods are static rather than dynamic IDs, so if you can create a future dynamic ID management system, you can change the DID regularly, even if a third party writes part of it. . . DID topics However, it is not possible to find relationships between DIDs from large files.
4
A combination of blockchain and DID
Although blockchain technology is not a viable option for DID technology, blockchain technology can facilitate the use of DID technology in the following areas, avoiding many conflicts and maintaining data reliability at low cost.
1. Reduce the cost of proof
The output of DID technology is to store DIDs and DID data on the user side. But how to ensure that the DID card is not compromised on the user side? Without blockchain, the DID certificate must keep this certificate synchronous, which incurs billing fees. When using DID, participants can identify the connection between the DID DID Doc file manager and sender information, which increases usability. However, the use of blockchain technology can reduce developer cost and increase data reliability and security because the DID Doc owner's data is not present and can be changed as long as it is closed on the chain. There is no need to increase the cost of storing and managing data, and participants do not need to increase the cost to ensure consistency between the DID Doc holder and the data entered.
2. Establish DID-Based Reliability
Most of the solutions around the current blockchain have not yet reached the ecological closing loop, and if any of the violators of the blockchain ecosystem, they still have to go back to the basic model to seek a legal solution, which will not reduce the stress of government administration. . Not. Will DID-based loan data be developed in the future to cover the inadequacy of environmentally closed construction? This question is worth considering. Behavioral data from different locations is documented in DID Doc in collaboration with DID, which will also be important for the involvement of different parties. to the right. And the basis of all this is reliable data, and the blockchain cannot be published.
To note:
[1] This is just an example of how to issue a DID certificate as the instructions work differently depending on the DID path.
Scan QR code with WeChat