Trusted Corporate Identity
Well Known DID Configuration
Transmute is excited to work with other DIF members to help link DIDs to domain names. We’ve been working on a proposal that will support linking arbitrary DID methods to a domain like example.com.
<record scratch…>
But why do businesses need to link DIDs to their domain?
One simple answer: “So that users can shop with greater privacy and security online.”
Trust in the digital era is mostly facilitated by digital signatures. You have probably seen the lock icon in front of http (if you look up at the top of your browser you should see it right now). That’s your web browser telling you that the website you are visiting is using a key that was signed by a Certificate Authority. A Certificate Authority is a trusted entity in the ecosystem, and the security credentials they issue inherit that trust.
The ability to securely access websites is what makes e-commerce possible. Without this technology, Amazon, Google, Facebook, pretty much anything that uses the internet would not exist because no one would trust a site enough to enter their credit card information. But how does it work? A SSL certificate is a signature from a trusted authority saying that a given key can be trusted for a given domain. For example:
example.com uses a key Issued by: DigiCert SHA2 Secure Server CA.
As companies embrace the security and business benefits for blockchain technology, we need a way to know which DIDs belong to companies. In doing so, we extend existing Certificate Authority trust models into the decentralized world.
Instead of reinventing Let’s Encrypt, at the DIF we’re helping create a specification for linking decentralized public key infrastructure to domains in a simple, secure, interoperable and performant manner.
Introducing `.well-known/did-configuration`
This is still an early proposal, and we are seeking feedback. We’re taking a similar approach to the method used by Let’s Encrypt, but we’re able to leverage the DPKI infrastructure provided by DIDs.
Any person at a company who controls the web server for example.com can add claims to their did configuration well known uri.
These claims are signed by DIDs, and they basically say: “did:example:123” can be trusted for domain “example.com”.
By themselves, any DID controller can create one of these. The magic happens when a domain controller adds them to their well known did configuration. Once that happens, people or devices who want to know which DIDs are safe to communicate with example.com can use this well known did configuration to find the DIDs and the associated keys. Their next step might be to report a vulnerability by encrypting it for an OpenPGP key listed in a DID Document, or to donate some crypto currency to the account of a non profit.
By having DIDs that are traceable back to a business domain, a end consumer (whether individual or business) can have greater confidence that they are engaging with a legitimate agent of an organization, and therefore feel more secure transacting with that party. By giving user’s a way to more confidently interact with businesses, businesses can collect required personal information and payments from a position of both accountability and trust.
Transmute is proud to collaborate with Microsoft, Bloom, ConsenSys, Sovrin and other DIF members to develop enterprise integrations for decentralized identity:
