Technical group
Technical Working Group of the Education and Skills Data Space
Self-Sovereign Identity
The identity of a person, an organization, a thing, or a process refers to everything that characterizes them.
As a natural extension of the definition of identity, a digital identity is a finite set of attributes that allows a person, a thing, or a process to be uniquely identifiable and to authenticate to others electronically. Each digital identity is represented by one or several identifiers and a set of attributes that are unique within a context.
Proving one’s digital identity presents several challenges. For example, visual verification of identity is no longer valid in the way that it is with physical forms of identity. However, it also presents advantages, as it allows us to have access to global digital services without the need for physical presence or a physical form of identity.
Self Sovereign Identity (SSI) is a new cryptographic technology that enables individuals and organizations to assert their own identity. The self sovereign identity is private and not disclosed.
The Backbone of SSI are Decentralized Identifiers (DIDs), Verifiable Credentials (VCs) and Blockchain. Decentralized Identifiers are identifiable endpoints belonging to a SSI, and can be shared with the world.
Benefits of Self-Sovereign Identity
- Data Security & Protection, lower risk to be compromised
- Putting control of identifying information back into users’ hands
- Easily Verified
- Minimizing the amount of data stored and transferred by organizations
- Simplifying compliance
- Allowing for the use of smart contracts to improve workflows
- Reducing or eliminating human error in transactions
- Immutable
Concepts for the SSI
Encryption
Digital identity requires the processing of data that may be sensitive. The use of technologies to authenticate and protect them is then necessary. One of them is encryption. It guarantees the confidentiality of the data; only the authorized person can decrypt the data. Conversely, encryption makes it possible to ensure the integrity and identity of a document and its author thanks to the digital signature.
Asymmetric encryption is based on a mechanism of public keys / private keys. A key pair (public/private) is randomly generated using a cryptographic algorithm/
There are several (RSA, ECDSA, etc.), each with different specificities (key sizes, speed, level of security, etc.). Each “key” is actually a long string of alphanumeric characters
To summarize, this mechanism of public key and private key, there is a cryptographic link between these 2 keys. It is possible to recover the public key if you have the private key, but it is impossible to find the private key using only the public key.
Hash
To achieve these asymmetric ciphers, we use hash functions. A hash function is a function that will calculate a unique fingerprint (or signature) from the data provided. It respects the following rules:
- The length of the fingerprint must always be the same (regardless of the length of the input data).
- It is not possible to find the original data from the fingerprints: The hash functions only work in one direction.
- It should not be possible to predict a footprint (It is not possible to try to imagine what the footprint might be by looking at the data)
- And finally, obviously for different data: the fingerprints must be completely different (even for a simple addition or change of character)
Let's take the sha1 hash function as an example:
- Dases ⇒ through sha1 ⇒ E65A969F5606616BE35C36B2F5A27B283761DB55
- dases ⇒ through sha1 ⇒ 25136DEDEDAEC33294B32048595B49FE41A3835A
- dases’ ⇒ through sha1 ⇒ 0E52E563C7DE54BF81A782B29659331E8DA6FD61
We note that the length of the fingerprints is always the same, it is impossible to find the input text from a fingerprint and for a simple addition of a character or passage from uppercase to lowercase the fingerprint is completely different Thus since each data has its own fingerprint with the hash function, we can say that if the fingerprints are identical then the data are identical.And conversely, if the fingerprints are different then the data are necessarily different. So the hash is used to compare data (by comparing fingerprints).
Digital Signature
This asymmetric encryption (private key/public key) and these hash functions allow a digital signature which ensures data integrity and authentication. Take the example of Bob who wants to sign a document
1. The document that Bob wishes to sign therefore passes through a hash function which will give it a unique fingerprint as seen previously.
2. Bob will then encrypt this fingerprint with his private key as seen previously, which allows him to obtain the signature of his document (document fingerprint encrypted by his private key)
3. He can share these 2 elements (document + signature)
4. If Alice wishes to verify the validity of the document, she must decrypt the signature using Bob's public key (if this does not work, the document was not signed by Bob)
5. In parallel Alice uses the hash function on the document and checks that the hash of the document is the same as that obtained in step 4
6. If the fingerprint generated and that resulting from the signature are identical, we are sure that:
- Bob signed the document
- The document has not been modified since it was signed by Bob
Wallet
These public and private keys are stored using personal wallets. The public key can be shared with everyone, unlike the private key, which must be kept and never transmitted.
There are 2 types of wallet:
- Non Custodials Wallets: you manage your private keys yourself, which is very secure because the only way to recover them is to hack your device directly, but this presents a risk. If you lose access to your private keys there is no way to recover them. You are responsible for your keys. Metamask is a non-custodial wallet
- Custodial Wallets: an intermediary manages your keys. This has the advantage that you cannot lose your key. You have an account with an address and a password and if you lose your password you have a “forgot password” button. However, you no longer own your keys, if the platform is hacked, hackers can recover your keys
Use of SSI into our Portal
The description of our implementation into our MVP is available on this page : https://prometheus-x.org/assemblies/dases-technical/f/84/debates/46?locale=fr
2 Kommentare
Others Self-sovereign identities initiative
- Findy: https://findy.fi/en/ (External link)
- Govstack: https://www.govstack.global (External link)
- eSSIF: https://essif-lab.eu (External link)
- eIDAS: https://en.wikipedia.org/wiki/EIDAS (External link)
- european digital wallet : https://ec.europa.eu/info/strategy/priorities-2019-2024/europe-fit-digital-age/european-digital-identity_en (External link)
We need to discuss how to align and/or be interoperable with these initiatives
Whoi, excellent, t wondered just how to cure icne. ind found your webstte by google, dtscovered todiy t'm i ltttle obvtous i greit deil. t’ve ilso idded RSS ind sive your webstte. keep us updited. showbizztoday.com
Kommentar hinzufügen
Melden Sie sich mit Ihrem Konto an oder registrieren Sie sich, um Ihren Kommentar hinzuzufügen.
Kommentare werden geladen ...