After this last guide you will finally have enough information to explore the remaining part of our site and the web.Â
In the six previous guides we have talked about:
- The history of SSI, that is, the philosophy behind this new identity standard and the historical reason for its birth.
- Identity Management Models, the transitions from silos model to IDP to SSI.
- Decentralised Identifier (DID), or rather, the new decentralised identifiers that enable the user to fully control his own identity.
- Verifiable Credential (VC),i.e. the new form of digital credentials that can be considered as our wallet documents.
- DID Auth and DKMS, that is, the mechanism by which a user can prove that they have a DID and the digital representation of our leather wallet, in which our DID and VC are stored.
- The role of the blockchain in the SSI , which is the distributed ledger that is used to prove and/or revoke rights, credentials and attributes.Â
We have described how indeed all these pieces of the puzzle, if combined, can contribute to the realisation of a new standard digital identity , enabling users to autonomously manage all the information relating to their digital self (and not).
SSI Foreword
This last guide will be structured in two main parts.
Our aim is to tell you step by step about everyday life scenes in which one or more people use this technological standard to access online and offline services or products. This, by taking up the topics described in the previous guides in the most intuitive way possible (we still suggest reading the previous guides).
We will use the names Alice and Bob, which are the evergreens in cryptography books, and we imagine that the SSI protocol is already widespread within the imaginary society among all actors.Â
Part 1
Alice opens her own bank accountÂ
The following scenario is a perfect business case for understanding the value of verifiable credentials. Moreover, in October 2018, four companies – IBM, WorkDay, Alberta Trust Bank (ATB), and Evernym – collaborated to demonstrate how verifiable credentials work to create a bank account, which (operation) is also told in the following video called Job-Creds.
As a first step, the video shows Alice getting a government verifiable credential (driving licence from the DMV), then getting a permanent employee credential from IBM, and finally how, thanks to the two verifiable credentials, Alice opens a bank account with ATB. The whole mechanism is very simple, only QR codes and computers are needed to request connections or proof of identity.
Let’s try to describe in detail the process represented in the video through 9 steps:
- Alice goes to the DMV to get her B licence. In order to identify herself to the staff, she only needs her smartphone and an app wallet (i.e. DKMS), inside which are all her cryptographic keys associated with her DID. With a simple click on her smartphone, Alice demonstrates that she controls the DID she has indicated she wants to use to receive her B licence, and the DMV allows her to take the exam (i.e. DID Auth).
- Alice finally takes the test to obtain her driving licence. She passes it without error and then the DMV creates her licence. In this case, the licence will not be physical (no plastic one) but fully digitalised in the form of a verifiable credential (i.e. VC). Exactly as in the plastic licence, the VC will have digital references from the DMV such as expiry date, ID code, etc. This is sent from the operator’s computer to Alice’s app wallet with a simple QR code, just like an email to an address.
- Now, Alice has a VC, which allows her to work for some companies (let’s imagine that one of the requirements to work is to have a B licence to be able to move from one region to another).
- Alice goes to the IBM company for the interview. The first request of the hiring manager, Bob, is to show some credentials to work in that position, including a B licence. Alice takes her smartphone and frames the qr code on Bob’s computer: a connection is made and Alice shows that she has a DID and a VC created by the DMV associated with it. The interview continues and Alice is hired.
- A few days later, Bob sends, via the Internet, the employment contract (in the form of a VC) inside which there are the data of the company, Alice’s job position, Alice’s DID and the duration of the contract. Alice receives a notification via her smartphone and accepts the sending of this credential. This credential is added to the list of credentials in her app wallet. When the contract expires, Bob will take this VC and write it on the blockchain so as to prove its revocation (or expiration).
- Finally, Alice has all the VCs that allow her to create her own bank account. (Please note: the conditions for accessing the current account are arbitrary to make the mechanism understood). How can Alice ask the bank to open a current account? Simple, either she can go directly to the bank or she frames with her smartphone a QR code inside a marketing ad or inside the landing page of the bank. So, with a simple click, Alice can make a “formal” request to the bank that she wants to create a connection (and therefore open an account) and at the same time the bank will receive a new request from a potential new account holder.
- The bank receives the request and asks Alice for proof of some of her credentials, such as her precise identity and whether she has a steady job. Alice also shows telematically that there is a VC (i.e. the B licence) from the DMV associated with her DID and a VC (i.e. the employment contract) from the IBM company associated with her DID.
- The bank verifies the correctness of the VCs. How? By searching for example on the blockchain if there are any revocations. In this scenario, Alice is honest and the bank agrees to make her one of its account holders. Then, the bank sends Alice a verifiable credential with instructions on how to create her own account and access it securely.
- Alice, thanks to SSI, was able to obtain a service from the bank, without taking over all her data and always having control over her identity. Both the bank, the DMV and the company do not have any of Alice’s sensitive data (apart from her decentralised identifier and some verifiable credentialÂ
In this simple example, we have understood how decentralised identifiers, verifiable credentials, did auth and decentralised key management systems are used in practice. In the second part of this guide, we will present a further scenario of everyday life to settle these concepts.