The Future of Digital Identity: Decentralised Identifiers and Verifiable Credentials Explained
Decentralised Identity has been gaining traction as the future of digital identity management, with terms like Decentralised Identifiers (DIDs) and Verifiable Credentials (VCs) garnering attention as the building blocks of Decentralised, or Self-Sovereign Identity.
However, as this paradigm shift in digital identity is still building momentum and remains a nascent technology (for now!), it is not yet as well-understood as it should be.
In this blogpost, we’ll go beyond the buzzwords and explore DIDs and VCs in greater detail. We’ll investigate the relationship between DIDs and VCs, the potential applications of DIDs and VCs, and actually, what does blockchain have to do with all of this anyway?
- What are Decentralised Identifiers (DID)?
DIDs are a new type of globally unique identifier that enable individuals and organizations to generate their own identifiers. Individuals and organisations can prove control over these identifiers using cryptographic techniques.
To illustrate the difference between DIDs and conventional identifiers, consider the personal identifiers that we acquire as we journey through the world today — communications addresses such as email addresses and social media usernames and government-issued identification numbers like identification card numbers, passport numbers and driver’s license numbers.
The majority of these identifiers are by default issued by external authorities and controlled by centralised identity management systems, whereas DIDs are created by individuals / organizations and controlled by themselves, without relying on a third party to manage their data.
Let’s get into the nuts and bolts and learn more about how DIDs work:
The form of a DID is simple. It consists of three parts: 1) the did unique resource identifier (URI) that tells us we are looking at a DID, 2) the identifier for the DID method (as of this writing, there are 170 DID methods in development!), and 3) the DID method-specific identifier. The DID identifies its subject (which can be a person, group, organization, thing or concept).
This gets more complicated, so hang in there! With this DID (did:example:123456789abcdefghi), we can obtain a DID document which contains information about the DID. The process of DID resolution is intermediated by a Verifiable Data Registry, where both the DID and DID document are recorded. Examples of Verifiable Data Registries include distributed ledgers, decentralized file systems, databases, peer-to-peer networks, and any forms of trusted data storage. The DID is controlled by a DID controller (who can be the DID subject), who can make changes to the DID document.
Each DID comes with one or many public-private key pairs. The private key(s) are controlled by the DID controller while the public key(s) are stored in the DID document and enable the DID controller to prove that they control the DID.
Using the public-private key pairs, DIDs can be used for a variety of purposes, including online authentication, secure messaging, and digital document signing.
2. What are Verifiable Credentials (VCs)?
At its core, a credential is a set of claims made by an issuer about a subject. Everyday examples include driver’s licenses, educational certificates, and passports. For many people around the world, these credentials are issued on paper. Unfortunately, such traditional credentials like paper-based certificates and ID cards are prone to fraud and can be easily counterfeited or tampered with. They are also difficult to manage and share, requiring individuals to carry multiple credentials and rely on central authorities to verify their authenticity.
VCs are digital credentials that can represent everything paper credentials can, but offer several advantages over traditional credentials. First, they are more secure, using cryptographic technology to ensure that they cannot be altered or forged. Second, they are easier to manage and share, allowing individuals to store their credentials in a digital wallet and share them with third parties as needed. Finally, VCs give individuals greater control over their personal information, allowing them to choose which credentials to share and with whom.
At this point, it is important to clarify that VCs are different from electronic representations of credentials (e.g. a scan of a paper credential or a PDF), which do not have additional protections against fraudulent modifications by default.
3. What is the relationship between decentralised identifiers (DIDs) and verifiable credentials (VCs)?
DIDs and VCs are not the same thing. DIDs provide a unique identifier that can be used to verify an individual’s identity, while VCs provide information about their subject, such as an individual’s qualifications, skills, and attributes.
That being said, while DIDs do not depend on VCs and vice versa, they can be very powerful when used in combination. For example, a VC can use a DID to identify its issuer and/or subject, which then ties the information contained within the VC with a verifiable digital identity. Together, they can empower individuals to create a secure and decentralised digital identity that can be used across different systems and platforms.
4. What does blockchain technology have to do with DIDs and VCs anyway?
DIDs and VCs do not require the use of blockchain technology. However, they are often associated, as public blockchains provide a transparent, immutable and decentralised way to store and manage data. Blockchains can be used to register and verify DIDs (playing the role of the Verifiable Data Registry in the diagram above), and to store and verify VCs. However, they are by no means the only option. Other Verifiable Data Registries utilised by DID methods include secure databases, the Interplanetary File System (IPFS), and the Domain Name System (DNS).
5. What are some of the use cases for VCs and DIDs?
Education Qualifications
VCs can be used to issue tamper-proof academic certificates that can be easily shared and verified online. This was the impetus behind OpenCerts, which is used by institutes of higher learning in Singapore to issue academic certificates and transcripts digitally to students. With OpenCerts, the authenticity of each digital certificate can be trusted, thus reducing costs, time and effort to verify. Such verifiable credentials can also be viewed, shared and verified internationally, which is especially relevant in our globalised world where it is common foru s to move for work and education
Health Records
As VCs can be transmitted rapidly over the Internet, they are more convenient than their physical counterparts when trying to establish trust at a distance. This was especially true during the COVID-19 pandemic which saw the unprecedented closure of several borders around the world. As borders reopened, travellers were required to show proof of pre-departure tests or vaccination status, while immigration authorities needed a way to easily verify these assertions.
In response, HealthCerts was developed to provide travellers with easily verifiable digital certificates. Immigration authorities were able to easily verify these certificates online by scanning a QR code on the digital certificate.
Cross-Border Trade
VCs and DIDs are not limited to use by individuals. Companies, products and objects can also be the subject of a DID and/or VC. With TradeTrust, verifiable credentials are used to issue digital trade documents that can be easily verified and processed. By moving from paper to machine-readable digital credentials, many possibilities for automation of tedious processes are opened up.
The examples above are powered by the OpenAttestation framework, which is an open-source framework to issue and endorse verifiable documents developed by GovTech Singapore. Interested? Get in touch with us to explore collaborations in this exciting new area of VCs and DIDs!
While VCs and DIDs hold great potential for transforming the way we approach digital identity, they are still a work in progress. One of the forums where this important work takes place is at the World Wide Web Consortium (W3C), an international standards organisation for the World Wide Web. W3C creates technical standards and guidelines for web technologies worldwide, including VCs and DIDs.
The OpenAttestation team from GDS will be attending the W3C Technical Plenary and Advisory Committee (TPAC) in Seville, Spain from 11–15 September and presenting a break-out session on TradeTrust and OpenAttestation. To our fellow techies, we look forward to meeting and interacting with you at TPAC!
