W3C home > Mailing lists > Public > public-credentials@w3.org > November 2017

Re: Room for government DIDs?

From: Markus Sabadello <markus@danubetech.com>
Date: Tue, 28 Nov 2017 18:23:34 +0100
To: public-credentials@w3.org
Message-ID: <9b3bd57f-29b1-9979-f399-d0fb7a38c4f5@danubetech.com>

This is an interesting topic, the relationship between the concept of a
decentralized / "self-sovereign" identity, and traditional identity
sources such as a government.

Incidentally, I had a talk about this yesterday in Vienna:

Basically, we came to the conclusion that these concepts are not
With self-sovereign identities, there will still be strong demand for
traditional authorities such as state institutions.

The way to model this technically would however be different from what
you are proposing.

The DID - by definition - is meant to be decentralized, and its creation
must be done by the identity owner and not involve any central authority
or intermediary.
For more about these requirements of registration of identifiers, see
section 4.1 of the original paper on "Decentralized Public Key
Infrastructure" (DPKI):

So you would model your natural, "self-sovereign" identity by creating
DIDs, and you would model "legal identity" not by issuing new DIDs, but
by issuing verifiable claims that make assertions about your DID.

E.g. the government could issue claims for you about citizenship, date
of birth, national identifier (such as the Peruvian DNI you mentioned),
driver's license, and everything else that constitutes the "legal self"
you are talking about.

I think this topic on "legal ID" and "self-sovereign ID" is a great
example where we can align our technological tools with "how identity
works in the real world".


On 11/28/2017 02:52 AM, David E. Ammouial wrote:
> Hello,
> I recently joined the few identity-related workgroups, out of interest
> for the general subject of decentralised digital identity. I like the
> idea of DIDs a lot because I find it refreshingly realistic to
> acknowledge the existence of multiple identity "worlds" rather than
> trying to create one meant to be the only one. I'm using the world
> "refreshingly" because it really brings back the original spirit of an
> internet that is diverse at all levels.
> Back to the subject of this email. Governments' attempted monopoly of
> the concept of people's identity is something I personally dislike.
> You are not defined by what a government accepts or says about you,
> but by what you say and accept about yourself, and maybe by what the
> people you care about say and accept about you. However, in some
> situations those "people you care about" do include governmental
> entities, for practical definitions of "caring". :)
> To give a concrete example, you might want to allow your "legal self"
> to act upon your Sovrin/uPort/V1/X identity through an institution or
> a company. For example if a government entity provides a facial
> recognition API to authenticate people, that would correspond in
> practice to a service of a "did:gov" method. Proving that you are who
> you say you are (in legal terms) can be something desirable.
> What would be the practical steps of introducing a "did:gov" method?
> I'm thinking of a schema like:
>     did:gov:XX:xxxxxxx
> Such an identity would be issued by the government of country XX (e.g.
> US, FR, PE, etc.). The last bit would depend on the rules of each
> particular country. For example Peru has different types of identity
> documents: DNI (documento nacional de identidad) for nationals, CE
> (carné de extranjería) for residents that are not nationals, and a few
> others. In that context, Peru would perhaps define DIDs around the
> lines of "did:gov:pe:dni:1234345", but that would obviously be up to
> the Peruvian government to define those rules.
> What do you think? There are probably technical aspects, legal
> aspects, practical aspects... I apologise if this topic has already be
> brought up in the past and I didn't read about it before posting. I
> did some basic research on the list's archive and couldn't find anything.
Received on Tuesday, 28 November 2017 17:24:05 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:42 UTC