Self-sovereign identity : decentralized digital identity and verifiable credentials

Self-sovereign identity decentralized digital identity and verifiable credentials

Detalles Bibliográficos
Otros Autores: Preukschat, Alex, author (author), Reed, Drummond, author (writer of foreword), Searls, Doc, writer of foreword
Formato: Libro electrónico
Idioma:Inglés
Publicado: Shelter Island, NY : Manning [2021]
Materias:
Blockchains (Databases)
Database security.
Online identities.
Ver en Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009633579406719
Tabla de Contenidos:
  • Intro
  • Self-Sovereign Identity
  • Copyright
  • dedication
  • contents
  • front matter
  • preface
  • acknowledgments
  • about this book
  • Who should read this book
  • About the code
  • liveBook discussion forum
  • Other online resources
  • about the authors
  • about the cover illustration
  • Part 1 An introduction to SSI
  • 1 Why the internet is missing an identity layer-and why SSI can finally provide one
  • 1.1 How bad has the problem become?
  • 1.2 Enter blockchain technology and decentralization
  • 1.3 The three models of digital identity
  • 1.3.1 The centralized identity model
  • 1.3.2 The federated identity model
  • 1.3.3 The decentralized identity model
  • 1.4 Why "self-sovereign"?
  • 1.5 Why is SSI so important?
  • 1.6 Market drivers for SSI
  • 1.6.1 E-commerce
  • 1.6.2 Banking and finance
  • 1.6.3 Healthcare
  • 1.6.4 Travel
  • 1.7 Major challenges to SSI adoption
  • 1.7.1 Building out the new SSI ecosystem
  • 1.7.2 Decentralized key management
  • 1.7.3 Offline access
  • References
  • 2 The basic building blocks of SSI
  • 2.1 Verifiable credentials
  • 2.2 Issuers, holders, and verifiers
  • 2.3 Digital wallets
  • 2.4 Digital agents
  • 2.5 Decentralized identifiers (DIDs)
  • 2.6 Blockchains and other verifiable data registries
  • 2.7 Governance frameworks
  • 2.8 Summarizing the building blocks
  • References
  • 3 Example scenarios showing how SSI works
  • 3.1 A simple notation for SSI scenario diagrams
  • 3.2 Scenario 1: Bob meets Alice at a conference
  • 3.3 Scenario 2: Bob meets Alice through her online blog
  • 3.4 Scenario 3: Bob logs in to Alice's blog to leave a comment
  • 3.5 Scenario 4: Bob meets Alice through an online dating site
  • 3.6 Scenario 5: Alice applies for a new bank account
  • 3.7 Scenario 6: Alice buys a car
  • 3.8 Scenario 7: Alice sells the car to Bob
  • 3.9 Scenario summary
  • Reference.
  • 4 SSI Scorecard: Major features and benefits of SSI
  • 4.1 Feature/benefit category 1: Bottom line
  • 4.1.1 Fraud reduction
  • 4.1.2 Reduced customer onboarding costs
  • 4.1.3 Improved e-commerce sales
  • 4.1.4 Reduced customer service costs
  • 4.1.5 New credential issuer revenue
  • 4.2 Feature/benefit category 2: Business efficiencies
  • 4.2.1 Auto-authentication
  • 4.2.2 Auto-authorization
  • 4.2.3 Workflow automation
  • 4.2.4 Delegation and guardianship
  • 4.2.5 Payment and value exchange
  • 4.3 Feature/benefit category 3: User experience and convenience
  • 4.3.1 Auto-authentication
  • 4.3.2 Auto-authorization
  • 4.3.3 Workflow automation
  • 4.3.4 Delegation and guardianship
  • 4.3.5 Payment and value exchange
  • 4.4 Feature/benefit category 4: Relationship management
  • 4.4.1 Mutual authentication
  • 4.4.2 Permanent connections
  • 4.4.3 Premium private channels
  • 4.4.4 Reputation management
  • 4.4.5 Loyalty and rewards programs
  • 4.5 Feature/benefit category 5: Regulatory compliance
  • 4.5.1 Data security
  • 4.5.2 Data privacy
  • 4.5.3 Data protection
  • 4.5.4 Data portability
  • 4.5.5 RegTech (Regulation Technology)
  • References
  • Part 2 SSI technology
  • 5 SSI architecture: The big picture
  • 5.1 The SSI stack
  • 5.2 Layer 1: Identifiers and public keys
  • 5.2.1 Blockchains as DID registries
  • 5.2.2 Adapting general-purpose public blockchains for SSI
  • 5.2.3 Special-purpose blockchains designed for SSI
  • 5.2.4 Conventional databases as DID registries
  • 5.2.5 Peer-to-peer protocols as DID registries
  • 5.3 Layer 2: Secure communication and interfaces
  • 5.3.1 Protocol design options
  • 5.3.2 Web-based protocol design using TLS
  • 5.3.3 Message-based protocol design using DIDComm
  • 5.3.4 Interface design options
  • 5.3.5 API-oriented interface design using wallet Dapps.
  • 5.3.6 Data-oriented interface design using identity hubs (encrypted data vaults)
  • 5.3.7 Message-oriented interface design using agents
  • 5.4 Layer 3: Credentials
  • 5.4.1 JSON Web Token (JWT) format
  • 5.4.2 Blockcerts format
  • 5.4.3 W3C verifiable credential formats
  • 5.4.4 Credential exchange protocols
  • 5.5 Layer 4: Governance frameworks
  • 5.6 Potential for convergence
  • References
  • 6 Basic cryptography techniques for SSI
  • 6.1 Hash functions
  • 6.1.1 Types of hash functions
  • 6.1.2 Using hash functions in SSI
  • 6.2 Encryption
  • 6.2.1 Symmetric-key cryptography
  • 6.2.2 Asymmetric-key cryptography
  • 6.3 Digital signatures
  • 6.4 Verifiable data structures
  • 6.4.1 Cryptographic accumulators
  • 6.4.2 Merkle trees
  • 6.4.3 Patricia tries
  • 6.4.4 Merkle-Patricia trie: A hybrid approach
  • 6.5 Proofs
  • 6.5.1 Zero-knowledge proofs
  • 6.5.2 ZKP applications for SSI
  • 6.5.3 A final note about proofs and veracity
  • References
  • 7 Verifiable credentials
  • 7.1 Example uses of VCs
  • 7.1.1 Opening a bank account
  • 7.1.2 Receiving a free local access pass
  • 7.1.3 Using an electronic prescription
  • 7.2 The VC ecosystem
  • 7.3 The VC trust model
  • 7.3.1 Federated identity management vs. VCs
  • 7.3.2 Specific trust relationships in the VC trust model
  • 7.3.3 Bottom-up trust
  • 7.4 W3C and the VC standardization process
  • 7.5 Syntactic representations
  • 7.5.1 JSON
  • 7.5.2 Beyond JSON: Adding standardized properties
  • 7.5.3 JSON-LD
  • 7.5.4 JWT
  • 7.6 Basic VC properties
  • 7.7 Verifiable presentations
  • 7.8 More advanced VC properties
  • 7.8.1 Refresh service
  • 7.8.2 Disputes
  • 7.8.3 Terms of use
  • 7.8.4 Evidence
  • 7.8.5 When the holder is not the subject
  • 7.9 Extensibility and schemas
  • 7.10 Zero-knowledge proofs
  • 7.11 Protocols and deployments
  • 7.12 Security and privacy evaluation
  • 7.13 Hurdles to adoption.
  • References
  • 8 Decentralized identifiers
  • 8.1 The conceptual level: What is a DID?
  • 8.1.1 URIs
  • 8.1.2 URLs
  • 8.1.3 URNs
  • 8.1.4 DIDs
  • 8.2 The functional level: How DIDs work
  • 8.2.1 DID documents
  • 8.2.2 DID methods
  • 8.2.3 DID resolution
  • 8.2.4 DID URLs
  • 8.2.5 Comparison with the Domain Name System (DNS)
  • 8.2.6 Comparison with URNs and other persistent Identifiers
  • 8.2.7 Types of DIDs
  • 8.3 The architectural level: Why DIDs work
  • 8.3.1 The core problem of Public Key Infrastructure (PKI)
  • 8.3.2 Solution 1: The conventional PKI model
  • 8.3.3 Solution 2: The web-of-trust model
  • 8.3.4 Solution 3: Public key-based identifiers
  • 8.3.5 Solution 4: DIDs and DID documents
  • 8.4 Four benefits of DIDs that go beyond PKI
  • 8.4.1 Beyond PKI benefit 1: Guardianship and controllership
  • 8.4.2 Beyond PKI benefit 2: Service endpoint discovery
  • 8.4.3 Beyond PKI benefit 3: DID-to-DID connections
  • 8.4.4 Beyond PKI benefit 4: Privacy by design at scale
  • 8.5 The semantic level: What DIDs mean
  • 8.5.1 The meaning of an address
  • 8.5.2 DID networks and digital trust ecosystems
  • 8.5.3 Why isn't a DID human-meaningful?
  • 8.5.4 What does a DID identify?
  • 9 Digital wallets and digital agents
  • 9.1 What is a digital wallet, and what does it typically contain?
  • 9.2 What is a digital agent, and how does it typically work with a digital wallet?
  • 9.3 An example scenario
  • 9.4 Design principles for SSI digital wallets and agents
  • 9.4.1 Portable and Open-By-Default
  • 9.4.2 Consent-driven
  • 9.4.3 Privacy by design
  • 9.4.4 Security by design
  • 9.5 Basic anatomy of an SSI digital wallet and agent
  • 9.6 Standard features of end-user digital wallets and agents
  • 9.6.1 Notifications and user experience
  • 9.6.2 Connecting: Establishing new digital trust relationships.
  • 9.6.3 Receiving, offering, and presenting digital credentials
  • 9.6.4 Revoking and expiring digital credentials
  • 9.6.5 Authenticating: Logging you in
  • 9.6.6 Applying digital signatures
  • 9.7 Backup and recovery
  • 9.7.1 Automatic encrypted backup
  • 9.7.2 Offline recovery
  • 9.7.3 Social recovery
  • 9.7.4 Multi-device recovery
  • 9.8 Advanced features of wallets and agents
  • 9.8.1 Multiple-device support and wallet synchronization
  • 9.8.2 Offline operations
  • 9.8.3 Verifying the verifier
  • 9.8.4 Compliance and monitoring
  • 9.8.5 Secure data storage (vault) support
  • 9.8.6 Schemas and overlays
  • 9.8.7 Emergencies
  • 9.8.8 Insurance
  • 9.9 Enterprise wallets
  • 9.9.1 Delegation (rights, roles, permissions)
  • 9.9.2 Scale
  • 9.9.3 Specialized wallets and agents
  • 9.9.4 Credential revocation
  • 9.9.5 Special security considerations
  • 9.10 Guardianship and delegation
  • 9.10.1 Guardian wallets
  • 9.10.2 Guardian delegates and guardian credentials
  • 9.11 Certification and accreditation
  • 9.12 The Wallet Wars: The evolving digital wallet/agent marketplace
  • 9.12.1 Who
  • 9.12.2 What
  • 9.12.3 How
  • Reference
  • 10 Decentralized key management
  • 10.1 Why any form of digital key management is hard
  • 10.2 Standards and best practices for conventional key management
  • 10.3 The starting point for key management architecture: Roots of trust
  • 10.4 The special challenges of decentralized key management
  • 10.5 The new tools that VCs, DIDs, and SSI bring to decentralized key management
  • 10.5.1 Separating identity verification from public key verification
  • 10.5.2 Using VCs for proof of identity
  • 10.5.3 Automatic key rotation
  • 10.5.4 Automatic encrypted backup with both offline and social recovery methods
  • 10.5.5 Digital guardianship
  • 10.6 Key management with ledger-based DID methods (algorithmic roots of trust).
  • 10.7 Key management with peer-based DID methods (self-certifying roots of trust).

Ejemplares similares