Send in your ideas. Deadline June 1, 2024
More info available :
Theme fund: NGI0 PET
Start: 2019-04
End: 2019-04
More projects like this
Middleware and identity

Universal DID Resolver and Registrar

Tooling for decentralized identifiers

The Universal DID Resolver and Registrar are open-source software components that implement Decentralized Identifiers (DIDs). DIDs lie at the heart of an emerging technical and social paradigm known as "self-sovereign identity" (SSI), which allows individuals, organizations, and things to create and manage their digital identities without dependence on any central authority or intermediary. This technology is highly aligned with Next Generation Internet values such as human-centricity, openness, trust, and reliability. DIDs as a building block for protocols are of similar importance to Internet infrastructure as other identifiers such as domain names or e-mail addresses. The Universal DID Resolver and Registrar are aligned with corresponding W3C community group specification efforts. Development and maintainance of the code takes place in close collaboration with relevant community and industry stakeholders such as the Decentralized Identity Foundation, uPort, Jolocom, Sovrin, Civic, Veres One, Blockstack, ERC725 Alliance, etc.

Why does this actually matter to end users?

One of the oldest questions on the internet is: how do you adequately prove you are you? Or perhaps the reverse formulation offers a better mental model: how do you prevent others from succeeding in pretending they are you? Now lets flip this question around once more: how would you like to see this managed yourself, if you could? How heavy-weight or convenient do you want to be proven that you are you, to allow you to get into your own environment or have something done on your behalf? And what is it worth to you in terms of effort? Would you be willing to spend a minute to have some clever secure device you have in your pocket involved? Authenticate via your mobile phone? And what if you are in a rush, or on the go? Are you happy with some company like your email provider or a large social network having the ability to make that judgement, based on a user login a few hours ago? And what if that company is based in some other jurisdiction, and could be forced to let others in as well? Or would you rather choose your own identity, and formulate direct rules to have complete control at any given point?

As could be guessed, individual people have a need for different levels of confidence and security in different contexts. A security breach matters perhaps less if you just want to login to a music service to change a playlist. After all, the worst that can happen is that someone messes things up and you have to create a new one. It matters a great deal more if you want to do a significant financial transaction at work, or open the door of your house remotely to let the babysitter in while you are delayed in traffic. Perhaps you can think of scenarios where you want even more control.

So what proof to use as the basis of your trust, and the subsequent actions taken? Historically people rely on some authority they collectively trust. Such an authority has typically taken high tech countermeasures to make the channel through which that trust is conveyed hard to fraud. A passport or banknote are quite tricky to fabricate due to the use of special techniques. Online we have only a very limited amount of trust "anchors" of varying quality. The domain name system is such an anchor, digital certificates or customer relationships are another. Today, having access to a certain mail account or phone which is known to be yours is the most common proof used. Email is often called the "poor man's solution" to identity management, and it is what most organisations and businesses fall back on. Can't log in? We will send you an email to reset your login. Just click on the link. And of course, email was never designed to be safe. It kind of works, but really we can do better.

Perhaps your use cases require more strict proof than that of normal consumers, or less strict proof. Even for a single large service provider, it would hard to figure this out satisfactorily for all users. For the same reason people write their own testament to document what should happen with things they own or control after they die, you want to document what should happen with things you own or control what happens when you are physically absent. There is no universal will that is acceptable to all, nor is there a universal policy that satisfies all use cases.

So what if you yourself would be able to create and control your own identity, and determine your own proofs and methods? In order to function in a global internet, you would need to be able to convey your requirements and demands in a portable way. There would be no central authority dictating you what to do here. That would mean you you yourself would have to make things explicit upfront in a foolproof way - so that elsewhere on the internet people and services would know what you expect them to do to distinguish the real you from fraudsters.

This is the starting point of the DID Resolver and Registrar project. These two applications are being designed to help you create a machine processable travel document for identity management tied to your data and the services you use or provide. They are part of an initiative within the web standards community to create suitable standards for handling decentralised identities. The software will help to tell others exactly how you want to see things handled. The outcome is expected to contribute both to the standard, and to an actually working solution where users can design and manage their own decentralised identities. The project is led by one of the authors of the W3C specification.

Logo NLnet: abstract logo of four people seen from above Logo NGI Zero: letterlogo shaped like a tag

This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.