A lot has been said about blockchain over the past couple years. The community discussion has focused on a variety of topics including distributed ledger, decentralization, and cryptocurrencies. These specific topics around blockchains seem to have sucked much of the oxygen out of the room. At Ockam we believe that “the lead has been buried” — the most exciting thing about blockchain is identity! More specifically, self-sovereign identity. Fortunately there is an entire subset of the blockchain community who have zeroed-in on identity as blockchain’s killer feature. Most focus on person-to-person identity, whereas at Ockam we focus on immutable device identity and the trust it can create among the billions of devices that make up the Internet of Things.
A new and open standard has emerged over the past year called Decentralized Identity (DID). Ockam is fully embracing this standard as a key part of our system architecture. We will get to the specifics of how and why we use DIDs in the Ockam Network and in our SDK later in this post. First, It’s important to dive into where this standard came from…
A little over a year ago, a small group of visionary individuals and enterprises got together to build an identity standard that could be compatible across applications and blockchain systems. They formed the Decentralized Identity Foundation (DIF) and the seminal work began on the DID standard in the World Wide Web Consortium (W3C). The design of a DID embraces the new paradigm that blockchain enables for a self-sovereign identity. No longer is a centralized certificate authority needed to handle PKI (public key infrastructure). With blockchain, each individual, or in Ockam’s case, each device, is able to both create an identity for themselves and to, also, serve as its own root authority.
The DIF community is a diverse group of teams all working to shape the future of this technology. In addition to innovative startups like Ockam, there are also some tech industry heavyweights that are leading the innovation, enablement, and deployment of DIDs. One key enabler to DID is the Microsoft Identity team. Check out their white paper. Microsoft launched an initiative that would allow individuals to create a self-sovereign identity and to take control of their own personal data. Microsoft is also leveraging DIDs as part of their solution with the ID2020 Alliance — a global public-private partnership dedicated to aiding the billion+ people in the world who lack a legal form of identity. This is an exceptionally noble humanitarian initiative that we applaud among the Ockam team.
Ockam chose to embrace the DID standard for several reasons:
- We needed to normalize and to standardize the unique identifier of each device and entity in the Ockam network. By standardizing the type of identity structure in the Ockam Network, a device can use any suitable cryptographic method and still be compatible with Ockam. Not only does this simplify public key infrastructure across billions of devices in the IoT ecosystem, but it also allows low power and simple devices to participate in the Ockam Network as a first class citizen.
- Interoperability across several decentralized systems and applications is a key enablement feature in the DID standard. The DID Resolver allows applications to reference DIDs among completely separate decentralized systems. This makes the Ockam Network identity structure compatible with any application on the internet that can resolve to a DID.
- The Ockam DID is structurally compliant with the semantic web, where code is structured in a self-described way. This is important in Ockam’s view of the future where self-sovereign devices are enabled to interact autonomously through code. The Ockam DID will be a key component in Ockam Verified Claims, which we will describe in a later blog series.
In a previous blog post, Introduction to Ockam DX, we mention the Ockam Registry as a key component in the Ockam Network data structure. The ockam.register function in the Ockam SDK creates a Registry entry when it sends a digital identity in the Ockam DID format, along with developer defined metadata, to the network. The Ockam DID is in the format did:ockam: followed by a unique string of characters with a specific length. The metadata is a Ockam DID Document. You can read the entire Ockam DID specification here.
An example Ockam DID that could be used as a universal, unique, immutable and secure self-sovereign identity for an IoT device:
Example code that would create an Ockam DID Document:
We also created a Golang package to work with any of the Decentralized Identifiers, in addition to Ockam’s. This package is Open Source and available on GitHub. This package is early in its development and we welcome all contributions from the DID community. Please open issues and send pull requests.
Below is an example of the did.Parse method.
Line 15 in this code above would print:
Finally, you can learn more about the W3C Credentials Community Group, the DID Method Registry, track DID’s progress, and learn about other DID use cases here.