14D/ @ Address - Fingerprints
@ Address - Fingerprints #Tags a discussion of identifier classes
Session Convener: Aaron D Goldman
Notes-taker(s):
Tags / links to resources / technology discussed, related to this session:
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
@Addresses ~Fingerprints #Tags
We started with the discussion of Zooko’s triangle AKA the CAP theorem A name is Local, Unique, or Chosen but you can only pick two. In order to build the systems we want we need to bind together identifiers from two or more categories.
DIAGRAM
One might want to bind a public key (~fingerprint) with a verifiable credential(@address) to get an ID that can be generated Locally but that can have its Secure assertions added later.
NOTE PICTURE
pID (Power scaled IDentifier )
We also proposed a power scaled identifier pID that would allow a “short” identifier that is both secure and typeable by a human with a low error rate.
We start by generating a certificate with keys and tags as desired.
{
"type":"https://schema.org/pid",
"public key": public_key,
"public salt": public_key_salt,
"name": "Alice",
"revocation authority": "{pid}",
"rotation authority": "{pid}",
"salt": salt,
"...": "...",
}
We also include a salt that is a random number. By varying the salt we can generate many versions of the certificate. We hash each version and keep the one with the lowest hash.
The pID is a encoding of the hash where we run length encode the leading 0s and the the next 75 bits of the hash.
e.g.
~vbazpoyabpjpebvn
Is a representation of the hash
2222bazpoyabpjpebvnxrrpq7bv6lls5pubxmpvgoxmr4gwmka72====
The four ‘2’s are represented as a single ‘v’ and the next 15 chars of b32 are quoted to get
Vbazpoyabpjpebvn
This pID is short enough for a business card and can be read over a phone if needed.
~vbazpoyabpjpebvn
Lookup path:
- Know the pID
- Pull the origin cert using the pid as a key
- Use the links in the cert to pull the updates to the pID
- Validate the updates are signed by keys in the origin cert or an already validated update.
- Apply the updates to build the current state of the pID doc.
- Return the pID doc
The group proposed that this might be better served by making a did:pid:vbazpoyabpjpebvn instead of the ~vbazpoyabpjpebvn form and that the doc could be made compatible with the did doc spec to support pID in the existing did ecosystem.
Also a long form could also be supported for items where we expect more than 2^40 objects to exist.
Vbazpoyabpjpebvn pID-80
Vbazpoyabpjpebvnxrrpq7bv pID-120
Vbazpoyabpjpebvn
Vbaz poya bpjp ebvn on a business card some spacing chunks of four will improve readability
Vbaz-poya-bpjp-ebvn
See image(s) for these notes in the IIWXXXIV Book of Proceedings here: