Send in your ideas. Deadline February 1, 2025
Grant
Theme fund: NGI Assure
Period: 2022-06 — 2024-08

Securing Internet protocols with DIDs

Bridge Decentralized Identifiers with standardised authorisation mechanisms

Many Internet protocols require authentication, e.g. when we check our email account with a username and password, when we authenticate to SSH hosts with public keys, or when we log in to websites using OpenID Connect.

Decentralized Identifiers (DIDs) are a new type of identifier that have associated private keys and can be used for authentication purposes. DIDs are in practice mostly used for exchanging Verifiable Credentials (VCs) between Issuers, Holders, and Verifiers. However, on a more basic level, DIDs can also simply be used as a replacement for usernames/passwords or static public keys, to authenticate by proving control over one's DID. Unlike other identifiers such as usernames or domain names, DIDs do not require a central authority for creating and using them.

In this project, we will work on integrating DIDs with existing Internet protocols that require authentication by developing a new SASL mechanism. The idea is that for example you could log in to your SSH host, email account, IRC server, XMPP server, etc. using your DID, which can improve both usability and security.

Run by Danube Tech GmbH

Logo NLnet: abstract logo of four people seen from above Logo NGI Assure: letterlogo shaped like a tag

This project was funded through the NGI Assure Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 957073.