Self Sovereign Credentials
Verifiable Credentialβ
A verifiable credential is nothing but a credential that can be verified by a third party without asking the issuer.
In case of SSL, the certificates issued by a CA is blindly trusted.
But in SSI, the signature is verified by getting the public keys from the participant who signed in case of web DID or the participant publishes it's public keys to central registry and the verifier must get the information from the registry.
When credentials such as a degree certificate or drivers license is sent to a verifier, it's sent as plain text. The data itself isn't encrypted.
This is why digital signatures are used for this purpose.
DIDβ
DID stands for Decentralized Identity. It's an ID of an entity. Just like an user ID in case of centralized identity systems. Normally identities are centralized which means the credentials are stored on a central server.
DID Docβ
When using SSI, the client application sends his self-signed credential in header. This header size can't be too big. So it mainly contains DID and basic information.
The receiving participant then uses the DID value to get the DID doc as separate entity. This document then has all necessary information such as the public key and URLs for other services it exposes which can be used to get verifiable credentials, etc.
DID value must follow a specific syntax/format has a specific schema which already defines the way to fetch DID doc.
did:web:widget-x.foo.com # This DID means, the doc is available on web via https://widget-x.foo.com/.well-known/did.json
Verifiable Presentationβ
It's the verifiable credential that's presented by the holder to the verifier.
- It can contain the full credential received from issuer or partial.
- The credential contains also the signature from the issuer.
- Signed by the holder to prove his identity.
The verifiable presentation has an parent proof for the entire DID document, and the DID document internally contains the proof details of the issuer.