Specialized terminology is used for blockchain-based identity management schemes. Unfortunately, the terminology is not always consistent among the various projects and standards. Further complicating matters is that some domain-specific terms are related to identity management in general while others are specific to blockchain identity management.
- Claim: A characteristic or statement about a subject made by an issuer as part of a credential.
- Credential: A set of one or more claims made by an issuer. A credential is associated with an identifier.
- Custodian: An entity acting on behalf of another entity with respect to their identifiers and/or credentials.
- Entity: A person, organization, or thing.
- Holder: A custodian holding a credential on behalf of a subject.
- Identifier: A blockchain address or other pseudonym that is associated with an entity.
- Issuer: An entity that issues a credential about a subject on behalf of a requester and owns one or more identifiers.
- Presentation: Information derived from one or more credentials that a subject discloses to a verifier (working on behalf of some relying party) to communicate some quality about a subject.
- Relying Party: An entity that receives information about a subject from a verifier.
- Requester: An entity that makes a request to an issuer to issue a credential about a subject.
- Subject: An entity that acts as a regular participant in a given identity management system and owns one or more identifiers.
- System Owner: An entity that owns a given identity management system.
- Verifier: An entity that verifies the validity of a presentation on behalf of a relying party.
Blockchain-based Identity Management Roles and Object Relationships:
With this terminology, we can identify the common roles that occur in blockchain-based IDMSs and the relationships between these roles. We can also identify common objects found in these systems and the relationships between those objects.
Below Figure provides a high-level overview of the identity management roles.
identity management roles
- Requesters, Issuers, and Subjects are involved in credential issuance.
- Subjects, Verifiers, and Relying Parties are involved in presentation disclosure.
- Requesters ask for the issuance of a credential from Issuers. Issuers provide credentials to Subjects.
- Subjects reveal presentations to Verifiers.
- Verifiers verify presentations on behalf of Relying Parties.
Note that these roles are not exclusive. For instance, a subject and an issuer can both take the requester role or a subject and a verifier can both be a relying party. Depending on the IDMS, the approval of a subject may be required to issue a new credential to that subject.
The next figure provides a high-level overview of the objects that entities interact with in a blockchain IDMS. The figure shows that entities can have one or more identifiers, that identifiers are associated with one or more credentials, and that presentations are derived from credentials.