Ok I was in the zone for some learning, so a few hours of YouTube lectures later here I am. I probably should have done this first, sorry. I’ll place my findings here for anyone else.
Since Atala Prism isn’t released yet this is speculatory. I’m basing this off the current state of the W3C specification document, Microsoft’s explanation of it’s implementation and guessing it will be similar. Also this is my first few hours of diving into DIDs, hence please correct me if applicable.
- You use the Atala Prism SDK to create a DID (e.g. did:prism:xxxx) on the Cardano blockchain, using my private key. This DID and signing will be on the Cardano blockchain.
- I now need to go to the issuer, say the university in this case. I can scan a QR code (like in the DEMO), which asks me to accept a credential.
- I accept which now creates a new DID. I assume some kind of co-signing happens here to prove both issuer and personal DID acceptance. This would then be stored on the blockchain, with DID Document details.
- This DID is specific to a type of credential. You will have did:, that is just a W3C identifier to says its a DID. prism is the method name, which tells you the DID can be verified via Atala Prism, hence i suppose the Cardano blockchain, and xxxxx is going to be the method name, which is the actual credential associated with the DID.
- Because you created the DID and signed using your private key, you, the user have ownership over that DID and can cryptographically prove it.
- The details to generate a DID Document are likely to be stored on the blockchain too. Note sure if there will be a secondary chain link, but I hope not.
- The DID Document is just going to contain public keys and a service endpoint, so you can verify information. Not sure what the limit of the information for the DID Document will be.
- DID Documents usually have a service endpoint that can then be reached to find out more information about that credential.
This is where I assume Atala PRISM comes in. Where there will be an endpoint that can answer further questions and prove identity and validity of the credential. But since its on the Cardano blockchain and the service endpoint is up to the issuer, it could be anywhere.
Hence at this point the Service Endpoint could reject its validity. You would still own and control the identity, but the service endpoint could give more information.
So to sum it up, you can prove you own a credential, and the service endpoint can communicate more information regarding the credential. I suppose if the service endpoint goes down in the future you are no longer able to do anything other than just verify you have a credential from that issuer, but with little to no more information provided.
Unless you need to provide a static DID that just dictates ownership, and you can sign it to someone else. If I am right the service endpoint is optional, or could even point to another distributed ledger for more information.
Though on some credentials and information you don’t want public information stored on there, so you will need to communicate peer to peer for that information. Plenty of variations to think about.