Detailed Glossary
The identity domain has a lot of complex terms and definitions, so here is a non-exhaustive list of key terms, acronyms, and phrases to help aid your learning journey. Keep in mind this is Disco's interpretation!
Identity
SSI (Self-Sovereign Identity)
Self-sovereign identities (SSI) are digital identities that are managed by users themselves. This technology allows users to self-manage their digital identities without depending on third-party providers to store and centrally manage the data.
Identifier
An identifier is a string of numbers and/or letters that can be used to refer to a person, account, object, profile, etc.
An identifier is a name that you can use to refer to a party โ Evin, 0x12348593383, User1, @provenauthority on Twitter, etc.
An identifier does not have any signing keys, it is just the name/username
Identity
An identity is 3 things together:
a name (an identifier)
a list of things that identifier has done (metadata)
the ability to exercise control over both
example: Evinโs twitter identity
name: @provenauthority (Twitter username)
metadata: all Evinโs tweets & likes
control: Evin can confirm tweets from this account and grant access to its control
example: Evinโs email identity
name: evin@disco.xyz
metadata: all of Evinโs contacts, calendar invites, emails
control: Evin can send emails from this account and grant access to its control ****
Decentralized Identifier or DID
A decentralized identifier uses a standard method of enabling a public identifier (e.g. ETH address, SOL address, email address) and retrofitting it to send and receive private data from other public identifiers. It's like an alias for our existing addresses. For more, see here.
Verifiable Credentials
Verifiable Credentials are signed attestations, written by one party about another party or itself.
VCs are:
Signed
A statement that is signed by the person who said/wrote it
Attestations
Statement written by one party about another party or itself that attesting to a piece of information, for example, a diploma is an attestation by a university that Evin graduated from Hawken School
An attestation from another party means that someone else made a statement about you
A self-attestation means that youโve written a signed attestation about yourself
Encrypted
Verifiable Credentials are encrypted, meaning their content is encoded in a series of numbers and letters, like translating a private note into a secret code.
If anyone tries to change the Verifiable Credential, the secret code will be broken no human-readable message can be derived or resolved anymore
Private by default
Verifiable Credentials are issued or sent to the subject they are written about, and so the receiver can choose how publicly to share that piece of data.
Can be generated manually
An issuer can decide to create a Verifiable Credential and issue or send it to someone else.
Can be generated programmatically
A Verifiable Credential can be automatically generated and issued to a subject based on pre-determined requirements in an app
For example, an app might issue a โsuccessful purchase!โ credential to all users who purchase within the app
This proof would attest that a particular user has made a purchase within the app before, and can be used as a future reference to prove their status as a customer
Timestamped
A Verifiable Credential can be defined to carry a timestamp of when it was generated
Can be set to expire
A Verifiable Credential can be issued with an expiration date so that the credential will no longer be valid after a certain date
You can hang onto an expired credential like you can hang onto expired milk, but you canโt expect that everyone will treat it the same as they did when it was valid
Revocable
Verifiable Credentials can be revoked, meaning that the issuer can keep a list of all of the credentials theyโve issued and then later revoked
Often, that list (called a revocation registry) is stored on the blockchain
This means that anyone verifying a credential from that issuer needs to do three things to validate the credential:
Check the cryptography/resolve the credential to learn what it says and to ensure that no one has tried to tamper with the data it contains
Check to see whether the credential had an expiration date, and if so, whether itโs expired
Check the revocation registry, to see whether that particular credential has been revoked
Issuer
An issuer is a party that writes a Verifiable Credential and attests to the statement contained within it
The issuer also signs the credentials they create and sends or issues them to their subject/intended recipient
Issuers can be individual people or organizations
Anybody can be an issuer of any kind of credential
Individual users and apps need to decide how much they trust an individual issuer to make a statement about that particular topic โ the trustworthiness of the issuerโs opinion on the content
Verifier
A verifier is a party who wants to check out a Verifiable Credential to determine:
Who said the attestation?
What did they attest?
When did it happen?
Has the attestation been tampered with?
Has the attestation expired or is it still valid?
Has the attestation been revoked or is it still valid (this one is kind of tricky)?
A verifier is sometimes called a relying party because they are relying upon the contents of the credential to execute some logic or make a decision for example, does this user have the right credential to enter the website or party or secure room? Anyone can verify a credential, so anyone can be a verifier
DID Methods
A DID method is a specification that specifies the operations by which DIDs and DID documents are created, resolved, updated, and deactivated.
Examples: did:ethr, did:3. Disco uses 3id which you can learn more about here.
DID Document
Recall that each DID resolves to a DID document. This is like a key-value lookup. This document serves to describe additional information like public keys, protocols, and endpoints about the cryptography of this entity. It is usually a valid JSON-LD object. Here's an example:
Data
JSON (Javascript Object Notation)
JavaScript Object Notation, aka the acronym JSON, is an open data format that is both human and machine-readable. JSON is independent of any programming language and is commonly represented as key-value pairs, defined within left and right opening braces(โ{}โ). Hereโs an example:
JSON-LD
A sub-specific format of JSON is JSON-LD, which stands for Linked Data format. Created for an easy way for humans to read and write data interoperably. It uses hyperlinks and certain data keys to represent references. An example of this is:
Schema
A schema is a data template that helps organize and interpret information. We use various VC schemas to define a type of credential that contains a set of fields and certain metadata to be included. Each schema may serve one or many different use cases, like Membership, Attendance, and GM! Hereโs an example in our schemas repository.
Selective Disclosure
Selective disclosure is one of the key pillars of SSI and is the ability for individuals to share minimal data with a recipient or verifier and take actions based on it.
Hereโs an example: Vince walks into a bar and the bouncer would like to request proof that Vince is over 21 to gain entry. However, Vince wants to prove that he is over 21 years old but doesnโt want to disclose any other information such as his name or address. How can he do that? With selective disclosure, Vince can generate a Verifiable Presentation that aggregates data from a claim and answers the question, โIs this person 21 or over?โ Without having to share any other details!
Wallet
Crypto wallets store your private keys, keeping your crypto safe and accessible. They also allow you to send, receive, and spend cryptocurrencies like Bitcoin and Ethereum. See more here: https://docs.disco.xyz/learn/what-is-a-wallet
Last updated