Terminology is used for blockchain-based identity management.

Spread the love

Specialized terminology is used for blockchain-based identity management schemes. Unfortunately, the terminology is not always consistent among the various projects and standards. Further complicating matters is that some domain-specific terms are related to identity management in general while others are specific to blockchain identity management.

Claim: A characteristic or statement about a subject made by an issuer as part of a credential.
Credential: A set of one or more claims made by an issuer. A credential is associated with an identifier.
Custodian: An entity acting on behalf of another entity with respect to their identifiers and/or credentials.
Entity: A person, organization, or thing.
Holder: A custodian holding a credential on behalf of a subject.
Identifier: A blockchain address or other pseudonym that is associated with an entity.
Issuer: An entity that issues a credential about a subject on behalf of a requester and owns one or more identifiers.
Presentation: Information derived from one or more credentials that a subject discloses to a verifier (working on behalf of some relying party) to communicate some quality about a subject.
Relying Party: An entity that receives information about a subject from a verifier.
Requester: An entity that makes a request to an issuer to issue a credential about a subject.
Subject: An entity that acts as a regular participant in a given identity management system and owns one or more identifiers.
System Owner: An entity that owns a given identity management system.
Verifier: An entity that verifies the validity of a presentation on behalf of a relying party.

Blockchain-based Identity Management Roles and Object Relationships:

With this terminology, we can identify the common roles that occur in blockchain-based IDMSs and the relationships between these roles. We can also identify common objects found in these systems and the relationships between those objects.

Below Figure provides a high-level overview of the identity management roles.

identity management roles

Requesters, Issuers, and Subjects are involved in credential issuance.
Subjects, Verifiers, and Relying Parties are involved in presentation disclosure.
Requesters ask for the issuance of a credential from Issuers. Issuers provide credentials to Subjects.
Subjects reveal presentations to Verifiers.
Verifiers verify presentations on behalf of Relying Parties.

Note that these roles are not exclusive. For instance, a subject and an issuer can both take the requester role or a subject and a verifier can both be a relying party. Depending on the IDMS, the approval of a subject may be required to issue a new credential to that subject.

The next figure provides a high-level overview of the objects that entities interact with in a blockchain IDMS. The figure shows that entities can have one or more identifiers, that identifiers are associated with one or more credentials, and that presentations are derived from credentials.

Spread the love

Anonymous says:

November 11, 2019 at 7:23 am

The examples so far have shown that it is easy to extend the decentralized identifiers data model in a permissionless and decentralized way. The mechanism also ensures that decentralized identifiers created in this way prevent namespace conflicts and semantic ambiguity. An extensibility model that is this dynamic does increase implementation burden. Software written for such a system will have to determine if accepting DID document s with extensions is acceptable based on the risk profile of the application. Some applications may choose to accept but ignore extensions, others may choose to only accept certain extensions, while highly secure environments may disallow extensions. These decisions are up to the application developers and are specifically not the domain of this specification.

November 21, 2019 at 1:36 pm

Conventional identity management systems are based on centralized authorities such as corporate directory services, certificate authorities, or domain name registries. From the standpoint of cryptographic trust verification, each of these centralized authorities serves as its own root of trust. To make identity management work across these systems requires implementing federated identity management . The emergence of distributed ledger technology (DLT), sometimes referred to as blockchain technology, provides the opportunity for fully decentralized identity management. In a decentralized identity system, entities (in the sense of discrete identifiable units such as — but not limited to — people, organizations, and things) are free to use any shared root of trust. Globally distributed ledgers, decentralized P2P networks, or other systems with similar capabilities, provide the means for managing a root of trust without introducing a centralized authority or a single point of failure. In combination, DLTs and decentralized identity management systems enable any entity to create and manage their own identifiers on any number of distributed, independent roots of trust.