Decentralised identity (SPEC-458)

[matrixbot]

Submitted by @​matthew:matrix.org
Somehow we've got this far without a bug tracking replacing sydent and the Identity Service with a decentralised equivalent. There's been lots of discussion about this, talking about using existing decentralised identity systems or ledgers ranging from keybase, blockstack (onename), webfist, stellar.org, evernym, uport.me, namecoin, WebAuthn, WebID, Alpenhorn's anytrust model, etc. We haven't yet found a good solution for simply replacing the email->mxid mapping system of the current ISes with a decentralised one, given the problem of validating an email address in a decentralised manner, when emails themselves are inherently centralised to the SMTP servers responsible for that domain, and existing SMTP have very limited hooks for validating the identity of its users.

(Imported from https://matrix.org/jira/browse/SPEC-458)

[ara4n]

tarcus in HQ suggested https://openalias.org/ after my fosdem talk (https://fosdem.org/2017/schedule/event/matrix_future/) which certainly sounds quite interesting...

[ara4n]

someone in the audience also suggested indieauth during the talk.

there's also a new persona-like service called https://portier.github.io/ which might be relevant

[uniconstructor]

@ara4n I checked out OpenAlias project website and their repositories and discovered several major problems:

1. Almost zero developer activity in all OpenAlias repositories: https://github.com/openalias?tab=repositories
2. They have no solution or naming standard for blockchain apps: "...For other applications, Bitcoin for example, that prefix would be oa1:btc or whatever the developers choose. OpenAlias does not maintain a repository of prefixes at this stage, but may do so in future."
3. No clearly defined specification for project
4. OpenAlias is a side-project of Monero developers. it's not as open standard or protocol of any kind

If you need an open, reliable and well-designed solution for decentralized identity system - consider to use an existing open source p2p ecosystem: libp2p.io. It is a toolset developed by Protocol Labs team.

Now the main part: what parts of this this toolset you can use, and how can it help you with you goals:

1. You need "a good solution for simply replacing the email->mxid mapping system" - it is about naming and addresing.
   Check out multiaddr: https://github.com/multiformats/multiaddr
   Multiaddr is a part of more global Multiformats project: https://multiformats.io/
   It can help you to create a protocol/application/format agnostic identity storage and allow you to use any persistance technology that you like (DNS-record/blockchain transaction/IPFS ond so on)
2. "There's been lots of discussion about this, talking about using existing decentralised identity systems or ledgers ranging from keybase, blockstack (onename), webfist, stellar.org, evernym, uport.me, namecoin, WebAuthn, WebID, Alpenhorn's anytrust model, etc" - you don't have to choose - use all of them, and convert identity data between any formats. Multicodec can be useful for this: https://github.com/multiformats/multicodec . Multicodec provides public registry of existing encoding formats sou you are not have to reinvent the wheel: https://github.com/multiformats/multicodec/blob/master/table.csv. If we talking about implementing logic of conversion identity data between different formats - GraphQL is a good choice for this too.
3. You need an ability to request, issue and verify claims of any kind. W3C have a working draft for this, named "Verifiable Claims": https://www.w3.org/TR/verifiable-claims-data-model/
   As a developer you often need a detailed instruction about how to implement something (like "zero knowlenge proof") using "the right way". I think w3c standards - is a best thing that we have for this.
4. globally accessible, up-to-date public registry of public identity information: IPFS is a perfect solution for this: https://ipfs.io
   IPFS + (Any popular blockchain) = absolutely immutable storage for any important file.
5. Finaly, and most important - you need a common way to link several identity accounts together. IPLD will be perfect solution here: https://ipld.io/

That's all for now - I hope you that some of this projects/ideas will be useful for building decentralized Matrix-based identity system.

You doing a great project. Have fun.

[jh72de]

To quote @xuhcc'comment on #246:
"There is a draft of W3C standard for decentralized identifiers: https://w3c.github.io/did-core/"

[AdamEunson]

It may be worth getting in touch with the team at the IOTA Foundation. They're working on their open source Digital Identity protocols that are built based on the W3C standards for DIDs and VCs. They're working on DIDComms as well, pretty sure auth is in the roadmap somewhere, if not already being implemented.
https://github.com/iotaledger/identity.rs