Use-case for decentralized identifiers (DIDs) with unique identities for each relationship



  • The W3C working group is working on the standardization of Decentralized Identifiers (DIDs). I watched a video presentation about DIDs and the presenter mentioned several times the possibility of generating unique pseudonymous identities for each relationship for better privacy. This is something that is also mentioned in the W3C documents (#1).

    However, I fail to understand the use case for one DID per service/usage (e.g. online shopper with direct relationship between customer and seller). This looks like an example of direct trust where there is no need for a consistent global storage like a blockchain. To my understanding, the whole point of having DIDs is to have identities that are shared with multiple other entities.

    For one-to-one relationships between a user and a service, won't a simple proof-of-possession token provide the same security guarantees at a fraction of the cost? What are the advantages of using unique DIDs for direct relationships versus storing public keys/identities on both ends?

    This question has also been asked (and answered) on the W3C DID WG Issues page.



  • One answer (which was cross-posted to the W3C DID WG Issues page where this question was also cross-posted): There is always some correlation risk when an individual entity uses the same identifier for themselves, for interactions with multiple other entities, or even for multiple interactions with one other entity. Multiple strategies are used to minimize that risk in the universe of DIDs, but it still exists. It increases when some of the other entities merge, as in the business world, or when a governmental entity takes and combines the records of the other entities, as in some repressive regimes.

    If the individual entity mints a new DID, for each interaction with an external entity, or for each external entity they interact with, potentially using multiple DID schemes along the way, that individual is adding another layer (or more) to the correlation mitigation strategies.

    It is desirable for everything to be visible, in the universes of some entities. It is desirable for less, down to as close to nothing as possible, to be visible, in the universes of other entities. We cannot make the determination of what is best for all entities, but we can offer a range of options such that each entity can, with some effort, make their own determination -- which may change, as time goes on.

    As to "replacing your FAX number", as @ThoriumBR suggests -- sure, you can give each external entity the same FAX number, or you can give each external entity a different FAX number, at (hopefully) minimal if ay additional cost, all of which reach you, as if they were the same number, but without providing the correlation detail discussed above.

    Perhaps that helps?



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2