DID Messaging: A Batphone for Everyone
Summary: DID Messaging can provide a secure, authenticated, and verified channel for every relationship you have.
In my last post, I wrote about a demo given by BCGov, Spark NZ, and Streetcred ID at the last Internet Identity Workshop. That demo caused a lot of people to download and try out Streetcred ID’s digital wallet. One of the features that Streetcred ID built into their wallet was peer-to-peer messaging based on DID Messaging and that led to some interesting insights.
A Brief Primer on DIDs
If you’re not familiar with DIDs, take a minute to go read my article on Decentralized Identifiers from earlier this year. I’ll summarize the relevant parts here:
- DIDs are a new type of cryptographic identifier that are resolvable, non-reassignable, and decentralized (not under the control of a single authority).
- DIDs have at least one associated public/private key pair.
- The public key(s) and endpoints associated with a DID can be retrieved by resolving the DID and getting them from the resulting DID Document.
DIDs are inexpensive to create, so best practice is to create a new DID for everyone with whom you create a digital relationship. The exchange of these so-called “peer DIDs” thus creates a mutually-authenticated relationship between the participants, where each can use the public key associated with the other’s DID to authenticate them.
The wide use of peer DID exchange creates a network of peer-to-peer relationships that are not only mutually authenticated but can exchange encrypted messages with each other. This capability requires the use of a DID Messaging protocol like the one found in the open-source Hyperledger Aries codebase [1] that forms the basis for peer-to-peer interactions in the Sovrin network. The software that exchanges these messages for each party is called an “agent”.
DID Messaging
As I mentioned, the Streetcred ID digital wallet supports peer-to-peer messaging through Sovrin P2P agents. This is something any wallet based on Aries and Sovrin could do, but as far as I know, Streetcred ID’s wallet is the first to explore this capability.
After IIW, a friend of mine, Tim Bouma, was talking about the P2P messaging in the Streetcred wallet. He hadn’t been at IIW, but I opened my wallet and created an invitation for Tim and sent it to him in a Twitter DM.
Tim accepted the invitation, but how could I be sure it was him — that Malory hadn’t intercepted the invitation I sent Tim and inserted himself in the middle of the communication? Fortunately, the wallet had a solution. I was able to ask Tim to prove things about himself based on credentials he had in his wallet.
Once Tim has proven his email address to me from a credential, I was more sure I was really connected to Tim. For a higher value exchange, I could have asked for other information from Tim until I was sure that it was really him on the other end. With that, we were able to exchange messages. The software took care of encrypting our communication and ensuring that my discussion with Tim was both protected and to him alone.
The Batphone
After this exchange, Vic Cooper likened DID-based P2P messaging to the Batphone. When Batman picks up the Batphone to talk with Commissioner Gordon, Commissioner Gordon doesn’t start off the conversation with “Who am I speaking to?”, “Can you give me your account number?”, “What’s your date of birth?”, or “What street did you live on in Junior High?” When Commissioner Gordon picks up the Batphone, he knows it’s Batman on the other end. Only Batman can call on the Batphone.
So DID Messaging is like having a Batphone for every digital relationship you have. You and they know they’re communicating with the right party [2]. All the messages are protected from eavesdroppers.
DID Messaging could revolutionize how we talk to each other and how we communicate with businesses.
- We no longer have to rely on a correlatable identifier like an email or phone number, to identify the other party.
- We no longer have to use centralized systems to talk to other parties with the attendant risk of the system being down or the conversation not being private.
- We save time and money using frictionless communications with companies we need to work with. We might even get better service.
- We can verify who’s at the other end by asking them to prove things to us.
- We can sever one relationship without affecting others since everyone has a different identifier for us.
DID Messaging is the foundation for verifiable credential exchange, but is more general purpose and can be used to reliably and securely exchange messages with anyone else who has a digital wallet that supports DIDs [3].
Notes
- The Aries project was recently split off from the Hyperledger Indy project.
- If you’re concerned about losing your phone and having all those relationships exposed, see What If I Lose My Phone.
- Not all digital wallets currently expose the DID messaging functionality, but any that do will be compatible with each other.
Originally published at http://www.windley.com.