Digital Identity and the Decay of Centralised Information Systems

It is quite easy to hide valuable insights in a gargantuan garbage of data. It does not matter if we call it a data deluge or a data explosion. We have witnessed this irrational immersion of information in the convoluted vaults of centralised systems over the last couple of decades. Now we are witnessing the transition from decades of data deluge to the dawn of data decay.

As data becomes more decentralised and distributed, the context and pretext of information will emerge as strong pointers to the metadata from the peripheries and obscurities. It is important to realise the role of creators and curators when we study the symbiotic relationship between content and taxonomy, data and metadata, information and narratives etc.

When centralised systems degenerate, they pave way to the emergence of decentralised systems and processes. Along with their decay, centralised systems open up the decadent vaults of information in multitude of modalities. It will be a melange of multi-modal information architectures. There will be a multitude of data and metadata formats in this information architecture.

Digital identities are one of the most valuable information architectures that will emerge prominent from this decay of centralised systems. These digital identities were fragmented and convoluted and stored in silos of segmented data stores for long time. Identity of people, things, the combination of people and things etc. all emerge from this data decay.

It is important to have meaningful and multi-modal standards to absorb and aggregate digital identities in a privacy preserving manner before we integrate them into decentralised systems and processes. We need a critical and rational approach to apply the collection of decentralisation technologies and frameworks in this pursuit.

Decentralised Identity (DID) specifications emerge as an alternate paradigm altogether. Concepts like verifiable credentials (VC) , verifiable presentations (VP), verifiable data registry, DID subjects, DID controllers, DID resolution methods etc. make this domain really rich and robust.

Verifiable credentials are an important concept in this context. It is assuming wider dimensions ever since more and more assets are getting digital identities. Credentials are important for people and assets alike. The core data model of a VC is related to the concept of claims and VP.

Claim is a statement about a DID subject. A credential is a set of one or more claims made by the same entity. A VC can include claims, proof of claims and the credential metadata such as the claim issuer, claim expiry date and time, a representative image and a public key for verification purpose etc. A VP expresses data from one or more VCs. The data in a VP is often about the same DID subject, but it might have been issued by multiple issuers.

A lot of existing VCs are built using JSON Web Tokens (JWT). They use JavaScript Object Signing and Encryption (JOSE) framework. One key challenge with these JWT based VC implementations is that it not easy to implement selective disclosure in these schemes. They must reveal all attributes for verification. VCs and VPs using JWT are also linkable via signature values.

Linked Data Proofs are emerging as an alternate paradigm for VCs. They are powered by JSON-LD formats. It is portable because it provides a standard vocabulary. JSON-LD configuration files are human readable unlike the JWT. Data schema emerge as important paradigms in this model. VCs based on Linked Data Proofs use Linked Data Signatures for security. They are more granular as they are attribute based rather than credential based.

JSON-LD based signature schemes are an essential component in this architecture. The Linked Data and Zero Knowledge Proof based VCs generate proofs of data integrity providing BBS+ based signature schemes. BBS is a digital signature scheme categorised as a short signature scheme. It supports signing multiple messages while producing a single output digital signature. The scheme was first described in the academic work of Dan Boneh, Xavier Boyen, and Hovav Schacham. BBS signatures provides additional properties such as selective disclosure, unlinkable proofs and proofs of possession making them quite suitable for constructing zero knowledge proof based VC implementation.