Re: Sirraya One: DID-VC based passwordless Authentication is here from Amir Hameed on 2025-11-16 (public-credentials@w3.org from November 2025)

From: Amir Hameed <amsaalegal@gmail.com>
Date: Sun, 16 Nov 2025 13:10:48 -0800
To: Melvin Carvalho <melvincarvalho@gmail.com>
Cc: Steven Rowat <steven_rowat@sunshine.net>, public-credentials@w3.org
Message-ID: <CANGYBsz22=rm8wq24dNYqFOKSqyFPvR+h_89kZUr7T5iy3UGpQ@mail.gmail.com>

Regarding potential use cases that’s what I am here for we have a lot of
use cases where the user doesn’t want to replace the current web stack but
wants SSI based authentication and authorization so that they do not need
to store usernames and passwords in the server db, also they want to give
fine grained access to users by issuing VCs to them. Also it will enable
users to own identity and be able to access any web based services with VC
issued access and policy

On Sun, 16 Nov 2025 at 13:07, Amir Hameed <amsaalegal@gmail.com> wrote:

> There are two ways to use this platform one is Sirraya Native and other is
> External DID, if you hold a valid DID with possession of the key the user
> can sign the challenge generated with the private key and if valid it will
> lead to authentication with proper jwt web , this whole thing is achieved
> without use of password. Hope that clarifies,
>
> Regarding potential use cases that’s what I am here for we have a lot of
> use cases where is the user doesn’t want to replace the current web stack
> but wants SSI based authentication and authorization so
>
> On Mon, 17 Nov 2025 at 12:22 AM, Melvin Carvalho <melvincarvalho@gmail.com>
> wrote:
>
>>
>>
>> so 15. 11. 2025 v 23:21 odesílatel Steven Rowat <
>> steven_rowat@sunshine.net> napsal:
>>
>>> On 2025-11-14 11:50 pm, Amir Hameed wrote:
>>>
>>>
>>> I have a good news, we finally have a production grade DID & VC based
>>> passwordless authentication and authorization system which works in a zero
>>> trust environment using a challenge response mechanism for authentication
>>> and authorisation. SSI is real and it’s working here
>>>
>>> Try it : https://one.sirraya.org
>>>
>>> I did this, and found it admirably simple to create.
>>>
>>
>> It is done by password. But passwords collide.
>>
>>
>>> Leading me to: What's next? Where are you envisioning it will be used?
>>>
>>> Any general comments would be helpful.
>>>
>>> And, for example, is this a possible use case? :
>>>
>>> A publication like "The Atlantic" wishes to publish an article by
>>> someone either pseudonymously or anonymously, but also check that the
>>> person has some experience in the field they're writing about. I.e., They
>>> want to accompany the article with a statement like:
>>>
>>> "Author X has published peer-reviewed work in this field in the past."
>>>
>>> So The Atlantic also needs to know, first, that this is indeed true.
>>>
>>> Can the Sirraya DID facilitate these needs, both for the author's
>>> transfer of documents, and for the VCs required to ensure they have the
>>> relevant experience?
>>>
>>> If so, what do the parties need to do to get such a system underway —
>>> the writer of the document, and the publishers of the Atlantic?
>>>
>>>
>>> Steven Rowat
>>>
>>

Received on Sunday, 16 November 2025 19:11:07 UTC