@@mvrtgt The protocol (rules) are centralized. Only the storage and automated operation is decentralized. It doesn't give power to people. Quite the opposite.
@@MasterNeiXD Yes..."Alice" have the key. I meant Levels of assurance (LOA), misspell from my part. How do we know that it was Alice that collected the key. Thats the hard part. Validation of the user collecting the ID in a manner that works for everyone without losing LOA.
@@karlcastor8692 oh, yeah. We need to trust the "issuers". The signers. If someone you trust, for example a big university, signed a message confirming a public key belongs to Alice, then you know it's true.
you don't like your freedom and privacy? Russian millioniares just had their yachts and townhouses taken from them - even if they were against the Russian invasion. Canadians protesting had their bank accounts frozen. This digital ID will mean the end of freedom.
Credit cards today are very much traceable indeed. This offers the same. It's even more centralized identity. Don't think Microsoft thought that one through,
This isn’t microsoft's idea xD they just jump on the train because this is inevitable… Digital id’s are coming only question is will they be decentralized, or are we going the chinese way of dictatorship (centralized)
@@taryn2736 exactly. one world government and all of us underlings will be serfs, peons and easily controlled. The US president just signed a bill to give all new cars sold 5 years from now a kill switch. So, if a big protest is coming, your car, your ability to buy gas, or food, or a bus ticket or poster board could easily be stopped. Heck, they could do that for everyone everywhere for a few days until they could figure out where the threat was. Covid-19 lockdowns were a small taste of what was to come.
The Decentralized Identity Public Key Identifier is recorded for sure, but not necessarily the Identity Attributes. Think of it similar to a torrent file which is the metadata and link to a media file, however, the actual bits are stored and distributed in a decentralized fashion.
@@GabrielRodriguezInjectedFusion I'm curious about how Microsoft has dealt with revocation. I've been studying the subject and I haven't found a clear demonstration on this. W3C specs for DIDs are defined very broadly, it's still a work in progress. I think the only way to really achieve revocability is by hosting the DID on users' device. It's the only way to wipe out the DID for sure. Blockchain is unnecessary IMHO and can be perfectly replaced by IPFS or using hypercore protocol (formally dat)
@@sprintwithcarlos It's important to note the DID address itself is what is committed to a blockchain, not the details of the identity. There really isn't any big deal about a randomized DID address existing on a distributed public ledger. That's just the lookup and points the way to more conventional datastore that actually hosts the identity details and attributes itself. So in terms of revocation, Alice with the private key controls who has access and can grant and revoke access anytime to her identity details & attributes. Lastly, it is possible for Alice to completely block all access to her identity trust stores and her mobile phone and also cloud-storage providers. Then delete her private key. This also known as cryptographic deletion.
Why would you need to store Alice's identifier/public key in a public registry anyway, and who would register it? To verify credentials, publishing the issuer's public signing key should be sufficient.
@@johannessedlmeir3045 According to W3C specs, since DID should resolve to a DID document, you need a "verifiable data registry". Beside a blockchain, it could be also a distributed ledger, decentralized file system, distributed database, peer-to-peer network, etc. The identifier does not include the public key, is just an URI that resolves to a DID document. The public key then could be included in that document. At the beginning I also thought that sharing everything with a JWT will suffice but since attributes can change after the issuance developmentdecentralizeddon't require such a huge infrastructure. For a peer DID, no blockchain should be necessary
yes. this video is crap. it just claims you can prove to someone you are not a robot if you just show them a bunch of people who agree you are human. but how is this system supposed to trust that bunch of people? how does it know they are not all bots? do they also ask them for people who agree they are human? doesn't work, unless you have at some point some authority you can trust that just decides who is a robot and who is human. the bitcoin people have tried this every way imaginable and they can't .
@@aresgood1 that's not the problem this is trying to solve. Just like with "sign in with google/Facebook etc" You have an identity with that provider. Other companies/or applications can leverage that identity to know who you are with out you having to repeat your information to them. None of that can prove you weren't a bot in the first place. If you do happen to be a human though it can give you more control over where you store your data, who has access, and a single company can't just delete that identity on you. The key word is "decentralized".
@@aresgood1 Not exactly. MS is providing the initial service but they don't really control much once the ball is rolling. They will post the public key to a block chain but they can't remove it once that is done. They might provide the blockchain service but most of the talk I've seen say MS won't be making their own block chain they will use one that already exists like say bitcoin. Theoretically though this method would work on any block chain. That's the decentralization. No one really "owns" a blockchain or can mutate data that has been added to it. Not to say I implicitly trust MS but if the implementation is how they claim it is the science and math behind is sound.
@@ragnarok7976 i am suck and tired of people claiming something is decentralized just because it's on a block-chain. if the block-chain has to interact with entities outside the blockchain, and these entities are centralized, then so is the system.
That's why security systems should still leverage Multi-Factor-Authentication. For Alice to use her private keys within her digital identity wallet should only happen after multiple forms of proof are presented. In the example, something like Alice's fingerprint should be given (something Alice has) AND the pin number (something Alice knows). Additional challenge proofs requirements, e.g., one-time-passwords, hardware security tokens, etc. can be enforced depending on the security level required.
Replication is almost impossible because the pseudonym ID is cryptographically generated and secured with a biometric proof or a pin only known by the user. It's how Bitcoin uses and in 10 years nobody has broken the system. The only way a hacker would have to grant access to another account is by obtaining both the private key and the pin. Self sovereign identity users should understand this and act accordingly (handling the storage of credentials in a secure way).
The point is it's not one organization - it's any organization. You could set up an issuing authority that issues a credential that asserts something about me if I want one issued to me. It's up to the site/service accepting the credential if they trust what you've issued about me. The University example is a good one - the university is fundamentally authoritative on whom is(was)/is not (wasn't) a student, so they are then the trusted authority for that piece of information. They could issue a credential with as much or as little information they're authoritative for (GPA, Major, graduating year, etc. etc.) and cryptographically sign it for verification when presented.
Can it really be called "decentralized" if one person controls it?
Life on the blockchain will be increasingly controlled and managed by inhuman technocratic artificial intelligence.
While human intervention is the Block chain.
Depends if the blockchain is decentralized than it is okay.
@@mvrtgt The protocol (rules) are centralized. Only the storage and automated operation is decentralized. It doesn't give power to people. Quite the opposite.
@@argusfestquindi è una trappola?
This is the easy part to centralise. What about LUA?
How do we know that it was Alice how got the ID in the first place?
Alice controls the private key of the DID that the school signed.
@@MasterNeiXD Yes..."Alice" have the key. I meant Levels of assurance (LOA), misspell from my part. How do we know that it was Alice that collected the key. Thats the hard part. Validation of the user collecting the ID in a manner that works for everyone without losing LOA.
@@MasterNeiXD same as for the credentials we use today, add biometrics
@@karlcastor8692 oh, yeah. We need to trust the "issuers". The signers. If someone you trust, for example a big university, signed a message confirming a public key belongs to Alice, then you know it's true.
Scary!
Confused.... When I start my Microsoft journey with Centralize solutions , like ADDS Domain, Now why this De- centralize solution?
I know MS's identity is based on Bitcoin protocol. This is called ION. Hope to see it their products and sevices soon.
you don't like your freedom and privacy? Russian millioniares just had their yachts and townhouses taken from them - even if they were against the Russian invasion. Canadians protesting had their bank accounts frozen. This digital ID will mean the end of freedom.
Credit cards today are very much traceable indeed. This offers the same. It's even more centralized identity. Don't think Microsoft thought that one through,
This isn’t microsoft's idea xD they just jump on the train because this is inevitable…
Digital id’s are coming only question is will they be decentralized, or are we going the chinese way of dictatorship (centralized)
A centralized Chinese-style all-encompassing social credit system is the goal. Everything about this was thought through thoroughly.
@@taryn2736 exactly. one world government and all of us underlings will be serfs, peons and easily controlled. The US president just signed a bill to give all new cars sold 5 years from now a kill switch. So, if a big protest is coming, your car, your ability to buy gas, or food, or a bus ticket or poster board could easily be stopped. Heck, they could do that for everyone everywhere for a few days until they could figure out where the threat was.
Covid-19 lockdowns were a small taste of what was to come.
Digital identity is the beginning of a prison planet
Decentralized Identity is the solution.
arcblock abt@@mvrtgt
@@mvrtgtchi ti assicura che sia realmente decentralizzato?
Shouldn't DID be revokable? Immnutability recording on a blockchain goes against that, don't you think?
The Decentralized Identity Public Key Identifier is recorded for sure, but not necessarily the Identity Attributes. Think of it similar to a torrent file which is the metadata and link to a media file, however, the actual bits are stored and distributed in a decentralized fashion.
@@GabrielRodriguezInjectedFusion I'm curious about how Microsoft has dealt with revocation. I've been studying the subject and I haven't found a clear demonstration on this. W3C specs for DIDs are defined very broadly, it's still a work in progress. I think the only way to really achieve revocability is by hosting the DID on users' device. It's the only way to wipe out the DID for sure. Blockchain is unnecessary IMHO and can be perfectly replaced by IPFS or using hypercore protocol (formally dat)
@@sprintwithcarlos It's important to note the DID address itself is what is committed to a blockchain, not the details of the identity. There really isn't any big deal about a randomized DID address existing on a distributed public ledger. That's just the lookup and points the way to more conventional datastore that actually hosts the identity details and attributes itself. So in terms of revocation, Alice with the private key controls who has access and can grant and revoke access anytime to her identity details & attributes. Lastly, it is possible for Alice to completely block all access to her identity trust stores and her mobile phone and also cloud-storage providers. Then delete her private key. This also known as cryptographic deletion.
Why would you need to store Alice's identifier/public key in a public registry anyway, and who would register it? To verify credentials, publishing the issuer's public signing key should be sufficient.
@@johannessedlmeir3045 According to W3C specs, since DID should resolve to a DID document, you need a "verifiable data registry". Beside a blockchain, it could be also a distributed ledger, decentralized file system, distributed database, peer-to-peer network, etc. The identifier does not include the public key, is just an URI that resolves to a DID document. The public key then could be included in that document. At the beginning I also thought that sharing everything with a JWT will suffice but since attributes can change after the issuance developmentdecentralizeddon't require such a huge infrastructure. For a peer DID, no blockchain should be necessary
These people are monsters.
they must be stopped before this digital ID takes effect, before it is too late.
I'm still confused about how the problems have been solved. in short, it's the same thing, but in a new format.
yes. this video is crap. it just claims you can prove to someone you are not a robot if you just show them a bunch of people who agree you are human.
but how is this system supposed to trust that bunch of people? how does it know they are not all bots? do they also ask them for people who agree they are human? doesn't work, unless you have at some point some authority you can trust that just decides who is a robot and who is human. the bitcoin people have tried this every way imaginable and they can't .
@@aresgood1 that's not the problem this is trying to solve.
Just like with "sign in with google/Facebook etc" You have an identity with that provider. Other companies/or applications can leverage that identity to know who you are with out you having to repeat your information to them. None of that can prove you weren't a bot in the first place. If you do happen to be a human though it can give you more control over where you store your data, who has access, and a single company can't just delete that identity on you.
The key word is "decentralized".
@@ragnarok7976 yeah. it claims to be decentralized, and it workd by giving you multiple providers. so it's centralized around them
@@aresgood1 Not exactly. MS is providing the initial service but they don't really control much once the ball is rolling. They will post the public key to a block chain but they can't remove it once that is done. They might provide the blockchain service but most of the talk I've seen say MS won't be making their own block chain they will use one that already exists like say bitcoin. Theoretically though this method would work on any block chain.
That's the decentralization. No one really "owns" a blockchain or can mutate data that has been added to it. Not to say I implicitly trust MS but if the implementation is how they claim it is the science and math behind is sound.
@@ragnarok7976 i am suck and tired of people claiming something is decentralized just because it's on a block-chain. if the block-chain has to interact with entities outside the blockchain, and these entities are centralized, then so is the system.
I'm losing momentum. This is a great topic.
"digital wallet generates a unique identifier"
That's a hard thing to do with secure anti-counterfeiting.
Anybody know how to generate a DID for issuer
Can't wait for this to become standard in usage and development.
@Rene Elon lol yes right
@Kenzo Wilder lol yea right
why not just rob a bank if you want to live in a prison. that is what a digital ID will be - a technocracy that will imprison most people.
What if fingerprint is replicated
That's why security systems should still leverage Multi-Factor-Authentication. For Alice to use her private keys within her digital identity wallet should only happen after multiple forms of proof are presented. In the example, something like Alice's fingerprint should be given (something Alice has) AND the pin number (something Alice knows). Additional challenge proofs requirements, e.g., one-time-passwords, hardware security tokens, etc. can be enforced depending on the security level required.
Replication is almost impossible because the pseudonym ID is cryptographically generated and secured with a biometric proof or a pin only known by the user. It's how Bitcoin uses and in 10 years nobody has broken the system. The only way a hacker would have to grant access to another account is by obtaining both the private key and the pin. Self sovereign identity users should understand this and act accordingly (handling the storage of credentials in a secure way).
So, three years later, where is it?
They glazed over the organization that issues standards-based credentials, which is just another centralized authority.
The point is it's not one organization - it's any organization. You could set up an issuing authority that issues a credential that asserts something about me if I want one issued to me. It's up to the site/service accepting the credential if they trust what you've issued about me. The University example is a good one - the university is fundamentally authoritative on whom is(was)/is not (wasn't) a student, so they are then the trusted authority for that piece of information. They could issue a credential with as much or as little information they're authoritative for (GPA, Major, graduating year, etc. etc.) and cryptographically sign it for verification when presented.
In Italy we have SPID and CIE!
Thanks for sharing!
yeah no, this is all round a bad direction
This not required as this app designed to trace you...
No thanks
LOLLLLLLLLLLLLLLL ITS ALL ABOUT N4Z1 CENTRALISED CONTR0L BE YOUR OWN BANK WITH BTC NOT THIS G0V PL4N
Sheeple cards
Quamfy
Nope, it’s enslavement