DID(Decentralized Identifier)s for Knowledge Gardens
What is a DID? Explained from First Principals
DID is a Decentralized Identifier. Decentralization and Identifiers will be explained separately as two distinct concepts.
What is an Identifier?
People use computers to communicate with each other. Identifiers are used to identify specific people on computer networks. Examples of identifiers include computer login username, email address, social media handles such as Instagram or Discord, and a website domain name, those things that end in .com, .net, or .org. An Identifier is used to identify a specific person or organization, group of people, on a computer network.
There are computers and there are people. People use computers. More than one person can use a single computer over its lifetime. People communicate with one another via computers over networks. A network is a bunch of computers connected together. Networks allow computers that are not directly connected to one another to communicate. Computers that are not directly connected to one another can communicate by sending data through other computers on the network.
--- Explain a Concept then give it a label for example Provenance·
--- The goal to explain from first principals does not path the mom read test, the quest must be redefined
Identifier's exist to transfer data via computers to specific people and organizations, groups of people, with "provenance of identity". Concepts/List/Provenance means to track what someone did or who owned an object like a painting, car, or house. Provenance in the context of identifiers means to track who had or has access to what data and when. Via Identifiers you own the words you speak, data you send, and the fact --- Explain a Concept then give it a label for example Provenance·you said them is verifiable and can't be forged without hacking. Identifiers allow people to send data to other people securely without the other computers on networks reading the data. Identifier's make up the essence of Social Media, Cloud Storage, email, and the World Wide Web in general.
All the accounts and ways of digitally communicating with people and organizations, groups of people, count as Identifiers. Examples of identifiers include accounts on Instagram or Discord, email addresses, phone numbers, and Domain Names(Websites). If you friend someone on Discord, follow someone on Instagram, send an email, or call via a Phone Number you are using an "identifier" to contact a person or organization.
When communicating digitally through the internet with identifiers, ones data moves through many different computers owned by many different organizations on its way to an identifier. All of the organizations routing your data to an identifier can see what data you are transmitting as well as where are are sending it. The name for organizations that transmit data via the Internet are ISP(Internet Service Provider)s and include AT&T, Rogers Communications, and Starlink.
The Foundation of the Internet, IP Addresses and DNS
An example of an identifier people use every day is an IP(Internet Protocol) Address. Every device with access to the internet has an IP address. The internet, a network of networks, can really complicated. For example houses only get a single IP address and it is shared via a private network. Private IP Address networks are the ones that start with 10, 172, or 192. The single IP addresses can have up to 65536 or 2**16 connections simultaneously.
IP Addresses are based on where people are physically on earth are connecting to the internet. Identifying people and organizations via IP addresses is very hard, especially because computers people and organizations use change, get moved, and switched around all the time. DNS(Domain Name Services) helps solve this. Domain Names are those things that end with .com, .org, or .net etc.. etc..
Domain Names are like digital real estate, homes, people and organizations can buy from private companies to store small bits of very important data. Once someone or an organization own's a Domain Name they can set it's records. There are all sorts of DNS Records someone can set and they can get pretty complicated. The primary use case of a Domain Name is to point computers on the internet to an IP address, using A or AAA records, so that people and organizations can connect their website. Domain Names can also be configured to receive and send email, that requires setting MX, SPF, DKIM, and DMARC records.
Explaining What a Centralized Identifier is
Instagram, Discord, email, and DNS are examples of Identifiers that operate via a centralized authority. The difference between centralized and decentralized identifiers comes down to Sovereignty. Sovereignty is generally defined as supreme, independent control and lawmaking authority over a territory. Sovereignty, in the case of digital identities, comes down to the question, "Do you have independent control over your digital identity?". Let's think through Sovereignty of Digital Identity with an example.
Let's use gmail email addresses as an example of digital identity. A gmail email address can be used to message people and organization as well as receive messages from people and organizations. People do not own their gmail email address, Google own's all gmail email addresses. At any point in time Google has the authority and capacity to lock people out of their gmail email accounts. Additionally at any point in time Google can decide to stop sending and receiving any person or organizations gmail email. At any Google can decide to delete all email in an individuals gmail account. Since Google has the capacity to take away anyone's gmail account at anytime therefore people with gmail accounts do not have "independent control" over their gmail account.
gmail is an example of Centralized Identifier's that people use. gmail is centralized because Google can take away access and act as any gmail account whenever they so decide. People do now own their gmail account, Google just lets them use their account. Nearly all internet accounts are Centralized Identifiers just like gmail. Instagram, centralized, Discord centralized, Domain Names centralized, Phone Numbers centralized. Each type of identifier previously listed are identifiers that organizations allow other people to use.
What Decentralization means
Now let's articulate what Decentralization means within the context of Decentralized Identifiers. As previously articulated, Sovereignty means to have independent control over something. As previously articulated, Google can not only read all your emails but can send emails pretending to be you. Other digital platforms like Instagram and Discord can do the same thing. Sovereignty of digital identity requires two things,
- Authenticity of Identifier, Nobody besides myself can send messages using my identifier
- Privacy, Nobody can intercept and read messages I send to people and organizations(Group of People)
Cryptography, the technology of Sovereignty
The only way to have Sovereignty over an identifier, beyond running your own ISP(Internet Service Provider) with internet cables going for dozens if not hundreds of kilometres connecting discrete networks, is to use Cryptography. Cryptography is the key technology that allows DID(Decentralized Identifier)s to be decentralized. let's articulate what Cryptography is and how people use use it in their daily lives.
Explaining Cryptography, Keys, Signatures, and Encryption
Cryptography helps solve two problems. First, authenticity of an identifier, second Privacy of communication with an identifier. Cryptography is all about managing and sharing secrets.
Cryptography allows for Sovereignty via a special technology called Public Key Cryptography. Public Key Cryptography requires people and organizations to manage two things, a private key, which is like a really long special password, and a public key generated from the private key, which is like a really special username attached to the password, that "public Key" username thing is an identifier. The key thing to realize about Public Key Cryptography is that each Private Key maps to a single Public Key, change a single byte of a private key and you get a completely different public key.
When dealing with Public Key Cryptography there is a special feature called Digital Signature which solves the problem of authenticity of an identifier. The public key, a special username people can use to identify you on networks, when paid with it's private key, which is like a very special very long password, works like a hand written signature or a personal wax seal. People on the networks can be identified by their public key and send messages to people with Digital Signatures attached to them. Digital Signatures take the content of a message, feed it through some special math, and output a special set of numbers which mathematically works similar to a hand written signature or a personal wax seal.
When dealing with Public Key Cryptography, there is also a special feature called Encryption used to maintain privacy. When people and or organizations communicate through the internet their data has to go through other people and or organizations' computers. The other people's and organizations' computers can read all the messages going through them. Using Public Key Cryptography Digital Signature's paired with Encryption which also uses Public Private key any two people and or organizations can share secrets while maintaining the authenticity of an identifier. This process of sharing signed encrypted signatures for privacy is completed every time you connect to a website or use a internet connected app. That technology is called SSL(Secure Socket Layer).
Everyday Cryptography Apps, Websites, and Email via DNS and SSL
Today, functionally all websites, emails, and apps already use some Cryptography to communicate with people to their electronic devices. Phone Calls don't use any Cryptography. All app, email, and website servers on the internet uses a Domain Name.
Domain Names are those things that end with .com, .org, or .net. The .com, .org, or .net part of a Domain Name is called a TLD(Top Level Domain). TLD(Top Level Domain)s are all centrally controlled by organizations that rent out sub domains for money. The "Google" in google.com is a subdomain to the TLD(Top Level Domain) .com. The company that owns all .com TLD(Top Level Domain)s is verisign. Resellers where you can buy Domain Names include hover.com, namecheap, tld-list.com, and my favorite Namesilo.