Planning for DIF ID WG

https://github.com/decentralized-identity/identifiers-discovery/blob/main/agenda.md

  • Are DIDs are considered personal data? [Get latest update from Nacho?]
  • Peer DIDs are not a GDPR problem..? [Invite DanielH]
  • Discussion: Can you use anywise DIDs and still be GDPR compliant?
  • If link between person and identifier is minimized, it's acceptable?
  • What is n "ephemeral identifier" (see discussion in OIDC SIOP) [DavidCh, NatSa]

DIDs and Personally Identifiable Information

  • Privacy is one of the pillars of SSI
  • DIDs and public keys, when used with Verifiable Credentials, become PII
  • Some DID methods store DIDs and DID Documents on-chain

Meeting goals:

  • Define when and why DID becomes PII (pseudonym)
  • Examples of PII (public key, hash of public key, )
  • Summarise ways to mitigate the issue (user consent, private settings (blockchain with limited access), zero-knowledge proofs, other ideas?)
  • What to keep in mind when designing DID methods.

Potential discussion topics

DID method vs DID profile

DID method today, is a generic term describing any DID method or instance/fork of a DID method. However, we could split the DID methods in (at least) two broad categories:

  • DID method - did:ethr, did:peer, did:web,
  • DID method profiles: instance/implementations of DID methods

DID methods should be profiled (TODO: which properties?)

  • anywise, pair-wise, N-wise
  • Full DID Document updates, event based (KERI), did document diffs

Same DID method, can be implemented in several ways. Such DID methods should be called "DID method profiles". DID method profile should only define:

  • user authentication (none, oidc/saml, 2fa, )
  • identification and identity binding (none, basic, substantial, high)
  • DID registration (full did documents, diffs, )
  • DID resolution
  • DID storage (distributed, local; blockchain, ipfs, combined, )
  • Supported verification methods

Context: KERI in the context of existing DID methods, as opposed to KERI being its own DID method.

DIDs in substantial/high-assurance use cases

DID, blockchain, KERI - importance of knowing the exact last state of the DID Document (so user cannot "hide" the last state)

Resolution of the previous versions of the DID Document - in several cases, I need to know that a given DID key belonged to a specific DID with a certain assurance.

DIDs and identity binding

Some DID methods don't require any identification/authentication.
In these cases, DIDs only be used for authentication with low assurance level.

Select a repo