Cardano lets you own your identity

The new Lace wallet allows you to create your own digital identity. Lace will be integrated with a self-sovereign identity (SSI) platform called Atala PRISM, which uses the Cardano blockchain to function. Come explore the innovative Web3 concept which is built on the W3C standard.

This article was prepared by Cardanians with support from Cexplorer.

Read the article: Cardano lets you own your identity | Cardano Explorer

The article claims that Atala Prism uses the W3C DID Recommendation, but in the registry of DID methods in development Atala Prism or IOHK is nowhere to be found. (The only Cardano-related DID method to be found there is the one of IAMX, although it is really unspecific on what actually happens on the blockchain with their idea.)

As always, when DID/SSI is shilled:

  • What is the benefit? Really? What measures are there in place that I don’t just register three DIDs and issue myself a “verifiable” credential that I am Jeff Bezos and hold a PhD in quantum mechanics? The DIDs are on the chain! It has to be true!
  • How decentralised and interoperable is it? Really? Will clients – like Lace – work with DIDs issued with any of the hundreds of DID methods already claimed to be in development (or already implemented) – https://www.w3.org/TR/did-spec-registries/#did-methods? Can I get a VC for my “official” identity and my degree if my government uses the web DID method and my university the sol DID method and I am on Atala Prism? And can other Lace users do the verification on them?

If that really wants to live up to the idea of “decentralisation”, it has to be interoperable! It would not be acceptable for me (and probably a lot of others) if I am forced to use the Solana or Ethereum network, just because my government, school, or employer chose that one. So, it should also not be acceptable if a siloed Cardano-only interpretation of DID/SSI emerges.

Also: Longevity is an issue. The standard does include some methods to update and deactivate DIDs in cases like compromised keys. But: What happens if the blockchain I foolishly chose to put my DID on doesn’t survive the next crypto crash? Worse: What happens if the blockchain my government, school, or employer foolishly chose to put their DID on seizes operation?

Until those questions are answered, I will probably just put a DID on my web server – using https://w3c-ccg.github.io/did-method-web/ – and happily reject all fake-decentralised solutions that cannot interact with that.

2 Likes

@HeptaSean Love the cynicism.

1 Like

Oh, it is hard.

It should be decentralised, permissionless, chain-agnostic. But if it really were, there would be a lot less of a business case. They could just sell some consulting and development services, but anyone else could do also competitively. As it should be.

And there would be a lot less to hope for in terms of pumping ADA, because people, organisations, governments could freely choose another method, another chain, or no chain at all, but good old web, or a permissioned government or NGO chain, or …. But that is again how it should be.

1 Like

I think other chains will produce competitor versions and I think organisations will be able to issue verifiable credentials for multiple competitors.

…, but … that is not really what web standards are for. These standards are written to enable services to work together. If I or an organisation need to ensure to be present on all relevant, competitive SSI solutions, that is a usability nightmare.

Quite comparable to the siloed social networks we already have. As a business, I have to make sure to be on all more or less relevant of them to not miss the one my possible customers are on.

If the standard does not enable interoperability – e.g., because every client would have to implement checking DID documents on ten different blockchains with a hundred different methods – then the standard is maybe a really bad one? Or just written to give those ideas some “It’s from the W3C!” legitimacy?

Yes, I do hope the standard is not that bad.

1 Like

Hi HeptaSean,
I tried to answer the big questions you had clearly and concisely. I hope this helps!

but in the registry of DID methods in development Atala Prism or IOHK is nowhere to be found

Indeed, the Atala PRISM DID method is not published. Public registration is only required when Mainnet switches on - which is coming soon. I can assure you that DIDs and VCs are being issued on TestNet by Atala PRISM Pioneers and multiple companies.

What is the benefit? Really?

Privacy, security, data portability, convenience, time and cost saving, and agency are just a few.

What measures are there in place that I don’t just register three DIDs and issue myself a “verifiable” credential that I am Jeff Bezos and hold a PhD in quantum mechanics?

This question is challenging to answer in a forum setting. In essence, what you are saying is possible. However, as a verifier, I would only accept trusted or verifiable issuers of VCs. I have an article coming soon about trust on the Atala PRISM blog.

The DIDs are on the chain! It has to be true!

Interestingly enough, Atala PRISM DIDs don’t have to be on-chain. Only the DIDs that issue credentials have to be on-chain.

How decentralised and interoperable is it?

The only centralized portions that I can spot are in governance frameworks and the trust registries they create. Again, this touches on the trust issue that is quite complex to explain in a forum setting.

Interoperable? Having a universal resolver (being able to resolve other DID methods) is a high priority.

If that really wants to live up to the idea of “decentralisation”, it has to be interoperable!

The Atala PRISM team agrees.

What happens if the blockchain I foolishly chose to put my DID on doesn’t survive the next crypto crash?
What happens if the blockchain my government, school, or employer foolishly chose to put their DID on seizes operation?

This problem is resolvable by creating a new DID on another platform and performing a key rotation from the defunct DID method to the new one, which also covers issuers. However, with full transparency, the issued credentials would still be verifiable in a limited capacity, depending on the assurance required. There may be a solution to this, but I’ll admit, I’m not technical enough to explain it thoroughly.

4 Likes

This could be considered a bit late. Other projects on other chains also publish their work in progress, there. In fact, there are some (IMO quite embarrassing) threads on here asking for technical details of Prism for years:

Sorry, those are just buzzwords, but also that was a bit of a hidden back-reference to:

I really do not see any advantage that a blockchain-based or specifically Atala-Prism-based solution would have over, e.g., simply using https://en.wikipedia.org/wiki/X.509.

How do you know if an issuer is “trusted and verifiable”? This information has to either be provided by some means off-chain (raising the question if I still need the chain when this off-chain infrastructure is needed anyway – and, in fact, is the only means by which trust is generated, the recording on the chain is basically worthless here) or you somehow have to gatekeep that only “trusted and verifiable” issuers’ DIDs go onto the chain (raising the question if the chain’s verification in this regard is sufficient and also obviously making it quite centralised).

So, you are using a technique akin to https://w3c-ccg.github.io/did-method-key/? Where the DID document can be generated from the DID itself without the need of it being provided somewhere? But why do issuer’s DIDs then have to be on-chain? What information is conveyed by it being on-chain? Other than that someone has put it on the chain?

So, the specifications will be published and then I will be able to create my own DID, also DIDs for issuing credentials, create VCs, … and all that without any help from IOHK or a central service of Atala Prism and then Lace will accept all that in exactly the same way as it is accepted if I use your tools? Yes, then it is decentralised.

But that would also be needed. Getting the whole world to use the Cardano SSI solution in preference to any of the Ethereum or other chain solutions would be phantasmal. For interoperability, it would of course also be needed that the Prism method is also present in the resolvers they use.

3 Likes

Hi, this is an interesting dialogue. I am happy to have a chat to discuss some of the points raised as I think that a conversation may be more suitable than lots of messaging to and fro. You can book time in my calendar: Calendly - Anushka Soma-Patel IOHK

I look forward to meeting you.

3 Likes

I need more time to read through the technicals but the lawyer and crypto ‘toddler’ in me is thrilled. This is one of the greater concepts I’d hoped crypto would deliver! And, regardless of whether this is The One, it’s exciting to know that brilliant minds exploring, inventing, and developing this revolutionary tech

( … exciting and oddly reassuring in a world where faith and functioning of traditional institutions seem to evaporating in real time. I’d be pro-decentralization anyway, but also a wee relieved we have a back up :flushed:)

2 Likes

Here is some information info from a highly respected person in SSI : Trust Registries - Beyond the Basics - Continuum Loop Inc.

Please feel free to join the SSI / Atala PRISM weekly ATH room. Register here: Meeting Registration - Zoom

2 Likes