14D/ @ Address - Fingerprints

From IIW

@ Address - Fingerprints #Tags a discussion of identifier classes


Session Convener: Aaron D Goldman

Notes-taker(s):

Tags / links to resources / technology discussed, related to this session:


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


@Addresses ~Fingerprints #Tags

We started with the discussion of Zooko’s triangle AKA the CAP theorem A name is Local, Unique, or Chosen but you can only pick two. In order to build the systems we want we need to bind together identifiers from two or more categories.


DIAGRAM


One might want to bind a public key (~fingerprint) with a verifiable credential(@address) to get an ID that can be generated Locally but that can have its Secure assertions added later.


NOTE PICTURE


pID (Power scaled IDentifier )

We also proposed a power scaled identifier pID that would allow a “short” identifier that is both secure and typeable by a human with a low error rate.

We start by generating a certificate with keys and tags as desired.


{

"type":"https://schema.org/pid",

"public key": public_key,

"public salt": public_key_salt,

"name": "Alice",

"revocation authority": "{pid}",

"rotation authority": "{pid}",

"salt": salt,

"...": "...",

}


We also include a salt that is a random number. By varying the salt we can generate many versions of the certificate. We hash each version and keep the one with the lowest hash.

The pID is a encoding of the hash where we run length encode the leading 0s and the the next 75 bits of the hash.

e.g.

~vbazpoyabpjpebvn

Is a representation of the hash

2222bazpoyabpjpebvnxrrpq7bv6lls5pubxmpvgoxmr4gwmka72====

The four ‘2’s are represented as a single ‘v’ and the next 15 chars of b32 are quoted to get

Vbazpoyabpjpebvn

This pID is short enough for a business card and can be read over a phone if needed.

~vbazpoyabpjpebvn

Lookup path:

  • Know the pID
  • Pull the origin cert using the pid as a key
  • Use the links in the cert to pull the updates to the pID
  • Validate the updates are signed by keys in the origin cert or an already validated update.
  • Apply the updates to build the current state of the pID doc.
  • Return the pID doc

The group proposed that this might be better served by making a did:pid:vbazpoyabpjpebvn instead of the ~vbazpoyabpjpebvn form and that the doc could be made compatible with the did doc spec to support pID in the existing did ecosystem.

Also a long form could also be supported for items where we expect more than 2^40 objects to exist.

Vbazpoyabpjpebvn pID-80

Vbazpoyabpjpebvnxrrpq7bv pID-120

Vbazpoyabpjpebvn

Vbaz poya bpjp ebvn on a business card some spacing chunks of four will improve readability

Vbaz-poya-bpjp-ebvn


See image(s) for these notes in the IIWXXXIV Book of Proceedings here:

https://internetidentityworkshop.com/past-workshops/