Wallet private and public keys | DIDs Decentralized Identifiers


The verifiers just have to check the DIDs of holder and issuer using whatever DID methods and registries they used. No need to contact the issuer.

If this is the case, what would happen if I obtain a DID with my documentation and then send that DID document to your wallet? Wouldn’t that enable you to act as me?

IAMX wants to use telecommunication providers and machine-readable government identity documents for that purpose, which seems a little less spooky than credit bureaus.

This is a better sales pitch from what I’m saying although we are talking about the same technology. Credit bureaus use machine-readable government documents like drivers license and passports to verify the documentation with a selfie. The user flow usually goes like this: a person takes a picture of the front and back of the DL, then takes a selfie and its sent for verification. These companies use OCR, facial recognition technology to verify you and give you a score. The old PASS, RETRY or FAIL type of response.

I still fail to see what purpose the integration with a blockchain or specifically the Cardano blockchain shall serve.

A blockchain, in this case Cardano, works as the “Verificable Data Registry”.

That’s not how DIDs work. It’s more something like a URL that is dereferenced to a DID document as the specific DID method defines it. And in the DID document are one or more public keys to identify signatures of the holder of that DID. They could be on any blockchain or not on a blockchain at all. Verifiers can then use resolvers like https://dev.uniresolver.io/ to get the DID document. They probably don’t want to care how wallets on Ethereum, Solana, some other strange chain, and Cardano work.

…, but, sure, if you give me the private key for the public key in that DID document, I can act as you (as long as the verifier doesn’t also check biometrics, in the simplest case a picture, which may also be in VCs). But how should that be prevented even if there would be an online check with the issuer which there is not?


That’s not how DIDs work

Well let me rephrase what I said. You’re right, not the DID document per se but the token that points to the DID document. Technically the DID lives in IPFS unrestricted. Following our discussion, the holder in this case holds a native token that points to the DID document in IPFS

  "<DID_metadatum_label>": {
    "subject": <CBORHEX_paymentaddress>,
    "document": "ipfs://QmPPrHGV5UeG7YB9YJ1sVMhvb3NCtjPPFg8ksCtHWzuFVh"

But how should that be prevented even if there would be an online check with the issuer which there is not?

Well that’s part of the consensus and I guess the whole point of this conversation lol :joy: We could require the user to provide the spending password of the wallet to enable decryption of the picture used for biometric (These services provide the specific section of the document used for biometric by the way) and therefore the verifier can quickly check the ownership without the owner having to provide the entire documentation.

The DID is already coming as a verified certificate (We could include the type of document and expiration date), and as you said, the verifier can check with the issuer the veracity of the DID. That could be enough for certain applications although other applications like “car rentals” for example may require that you actually show the picture to verify that is you, in that case you may be prompt for the spending password, decrypt the payload of the DID and show the biometric for them to confirm that is you.