1

I want to ask a basic question. I am following story of Alice from Indy offical docs. When Faber College issue identity to Alice then faber college and Alice both know the identity of Alice. It means Faber College maintaning local database of students and assign identity to its students. Which students kept in their wallet. Then how identity is decentralize? Faber college local database might be a honey pot for attackers.

Rohit Kumar
  • 438
  • 2
  • 6
  • 16

3 Answers3

1

Yes, Faber college will still have the data of Alice in its database. But the whole idea of SSI is to go towards Zero Knowledge Proof. So even if an attacker hacks the database and gets the details it is of no value, an organisation now asks for proof which only Alice can do as she holds the private key to do so. So that's how the honey pot situation is also solved. Hope I answered your query.

Sukalpo
  • 326
  • 3
  • 12
0

In this case Faber College is the identity issuer and Alice is the holder, as an Identity Issuer I would have to know what and who the credentials i am assigning to. i.e. College-Transcript

Identity is decentralized when there is another issuing party, for example Job-Certificate from Government Agent ( by following your example ). From there on the Holder (Alice) would consist of 2 credentials which is 1.Job-Certificate , 2.College-Transcript. Thereon only Alice would have the authority to share a credential supply proof with another party. The link upon Issuer-Holder must exists in order for the Verifier to verify the proof that is supplied later on.

Secondly, the wallet creation may be done by another agent (as all wallet creations are done offchain) faber college would not know the existence of Alice. A connection must be established in anycase for faber college to know the existence of Alice, if so the database would not be on faber college agent.

Rickky13
  • 431
  • 4
  • 17
  • How Faber college does not know existence of Alice before giving credential to her? It is okay that a secure connection is established and Faber college provide credentials. But still we cannot say that Faber college is not holding the credentials data of its students locally. – Rohit Kumar Jun 28 '19 at 11:04
  • If Alice didn't initiate a connection with Faber college vice versa, they wont be able to see each other. Faber college should know the credentials they issued out in the past. – Rickky13 Jun 29 '19 at 05:12
0

Don't go for the literal meaning of a decentralized identity. Your question is valid and it's true that your personal identity is not decentralized anyway and SSI is not meant to solve this problem.

So where is decentralization in this identity Picture?

SSI is a citizen-centric decentralized identity model where Public institutions can be part of a decentralized network( Sovrin network) and instead of an identity system managed and control only by Govt, all the participants in the network will maintain, making it distributed, decentralize (consensus) and scalable.

So The identity process is decentralized, not actual an identity of the person.

Coming back to the honeypot issue, When fully SSI layer is implemented, the organization won't have your actual signed verifiable credentials, they may have raw data into their local DB. In the SSI model, when you want to prove your identity, you need to provide verifiable credentials, which nobody can have except you. So anybody having hold of raw data can't use to avail any services thus avoiding identity theft.

But how to stop raw data to be stolen is more of a system security issue rather than SSI or Blockchain.

Shyam Pratap Singh
  • 131
  • 5