The Internet Identity Workshop is an “un-conference” style event that brings together the identity community from all over the world, to discuss, present, workshop, and debate the latest innovative ideas covering the field of digital identity. Held April 22-26 virtually, the 32nd meeting carried on in this tradition and provided a receptive setting for some of the first public discussions of the ADIA Specification, specifically the ADIA Directory.
Directories have been a topic of considerable interest in the identity community. Simply put, directories provide an easy way for a user to be identified, even if they don’t have, or can’t recall their digital address, or they don’t have access to a mobile device.
A directory provides a better, more scalable way to find people or services in a decentralized identity ecosystem when two people or organizations can’t interact directly, or immediately scan a QR code.
But while the idea may be simple and useful, development has lagged. This is why it was exciting to present the specification for our ADIA Directory at the recent meeting of the Internet Identity Workshop, one of the key venues for the identity community to discuss innovations in digital identity, and get feedback.
In the ADIA Specification implementation, a person or company presents a decentralized identifier, a unique identifier that they own and control, to someone else who is looking for a way to connect with them. When a service queries a directory to identify a user, it will submit a number of attributes. If these are unique, the directory will return a DID for that user. If not unique, the directory will indicate which additional attributes could provide a unique result. This facilitates the set up of peer-DID relationships.
Ultimately, the directory is an entity that helps facilitate the passing of DIDs between people and organizations. Directories not only can be used for identifying users in the ADIA Specification but they also can be used to create public or private directories for listing users or entities.
During the session in IIW, we spent a lot of time describing the different variables and options in creating a directory: How it is governed and how it works that makes different types of directories. The implementation choices include: which attributes a directory uses to find someone or business, how that directory verifies the uniqueness of a person or business upon enrollment, how the process for enrolling or un-enrolling someone or something works, and what should the governance be for who is able to access that directory. There is no right or wrong answer here, as it depends on what the directory is going to be used for. There are reasons to use any number of configurations of these options.
For example, global issuers, such as businesses, brokers, or governments that are providing a service to a customer may be well suited for plaintext attributes for easy lookup and identification. This option would be good when something requires public access and makes it easy to find that particular entity, like a business that wants to be found by their address and name. They would still be unique and use a credential to enroll in the directory, but it would easily be located.
On the other hand, if you want a more privacy-preserving directory, a regional directory would be your better option. Instead of using plain-text attributes, you would want to use hashing techniques to provide privacy and limit collisions when looking someone up who has similar attributes as someone else. It is important to be careful about how that hashing occurs and requires a complex enough system so it is safe and can’t be reverse engineered.
Some new ideas that came out of the IIW session include hashing strategies that allow intentionally limiting the directory’s access to listed information. We also had a great conversation about the role of directories in supporting decentralized social media and how attributes are used within directories.
ADI Association has designed the directory structure to support the “network of networks” ideology, where the whole ecosystem is composed of individual networks tailored to a specific region. Directory interactions are designed as DIDComm Protocols to ease integration and adoption.
Directories provide enormous benefits to participants in an identity ecosystem, and the ADIA Specification provides a range of options to meet diverse needs and different levels of privacy.
If you want to learn more about directories, incorporate them into your identity system, or review the ADIA Specification and work toward interoperability, we invite you to join the ADI Association.
Recent Comments