# Identity Research _[IPFS dynamic data and capabilities working group](https://github.com/ipfs/dynamic-data-and-capabilities)_ This doc is a work-in-progress, collecting & organizing research around identity in distributed contexts ## Articles * [A Gentle Introduction to Self-Soverign Identity](https://bitsonblocks.net/2017/05/17/a-gentle-introduction-to-self-sovereign-identity/) * ## Papers & Specs * [Soverin Whitepaper](https://sovrin.org/wp-content/uploads/2018/03/Sovrin-Protocol-and-Token-White-Paper.pdf) * [W3C Community Group Decentralized Identifier Spec Draft](https://w3c-ccg.github.io/did-spec/) * [W3C Community Group Identity Credentials](https://opencreds.org/specs/source/identity-credentials/) * [Keybase Overview](https://keybase.io/docs/server_security) * [W3C Web ID](https://www.w3.org/2005/Incubator/webid/spec/identity/) * [W3C Webn Public Key Authentication](https://www.w3.org/TR/2018/CR-webauthn-20180320/) ## Concepts ### Claims, Proofs, Attestations * **Claim**: an assertion made by the person or business. An Identity is a form of claim > “My name is Antony and my date of birth is 1 Jan 1901” * **Proof**: is some form of document that provides evidence for the claim. Proofs come in all sorts of formats. eg: > photocopies of passports, birth certificates, and utility bills. For companies it’s a bundle of incorporation and ownership structure documents. * **Attestation**: When a third party validates that according to their records, the claims are true. > For example a University may attest to the fact that someone studied there and earned a degree. An attestation from the right authority is more robust than a proof, which may be forged. However, attestations are a burden on the authority as the information can be sensitive. This means that the information needs to be maintained so that only specific people can access it. ### Issuer, Verifier * **Issuer**: an entity that generates claims * **Verifier**: an entity that confirms the validity of a ### Private & Public Signing Keys (Keypair Cryptography) * **private key** (signing key) is used to sign documents, and is kept secret by the issuer. * **public key** (verification key) used to verify the signature and ensure the document has not been tampered with, and it does not need to be kept secret. ### Verifiable Claim * **Verifiable claims** are a standard way of defining, exchanging, and verifying digital credentials. The strength of the claim depends on the degree of trust the verifier has in the issuer. For example, if a bank issues a claim saying that you have a certain credit card number, a merchant can rely on the claim if the merchant has a high degree of trust in the bank. ### Revocation * "I take back what I just said" ## Institutions _groups operating in and around this space_ * [uPort](https://www.uport.me/) * [Decentralized Identity Foundation](http://identity.foundation/) * Github: https://github.com/decentralized-identity * [Evernym](https://www.evernym.com/) * [Soverin](https://sovrin.org/) * [keybase](https://keybase.io) * [Solid](https://solid.mit.edu) * Github: https://github.com/solid/solid-spec#identity * [Centre for Internet & Society](https://cis-india.org/) _nonprofit_ > The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. * [Namecoin](https://namecoin.org/) * [LetsEncrypt](https://letsencrypt.org/)