The ABC's of Decentralized Identity
In order to make decentralized identity more accessible, we’ve put together a quick-start guide to the different acronyms that are commonly used in the blog posts, articles, and other resources you may be reading focusing on the future of decentralized identity.
The world of decentralized identity can be deeply technical and complex. However, at its core, the mission is simple:
The average person has 100 passwords they need to maintain, according to a 2021 study released by NordPass, and, in the case of social-logins like Sign In with Google, users are relying more heavily on third-parties to manage and protect their data for critical, personally meaningful services.
In an ideal world, individuals (or entities) should be able to control their own data and provision access to applications if and when required. When you explain it this way, the case for decentralized identity makes sense to pretty much everyone - even my 80-year-old grandparents understood the high level concept in discussions at a family dinner.
As you start to dig into how it actually works, however, the jargon gets a bit more complicated.
In order to make this particular domain more accessible, we’ve put together a quick-start guide to the different acronyms that are commonly used in the blog posts, articles, and other resources you may be reading focusing on the future of decentralized identity.
In future blog posts, we’ll break down the basic concepts here, but we’ll start first by defining the ABC's of decentralized identity:
- 💭SSI - Self-sovereign identity
Also known as decentralized identity, SSI gives individuals control over their own identity and data, and how they present themselves to applications and services across the web.
- 💭DID - Decentralized Identifiers
A DID is a globally unique identifier that is generated or registered cryptographically. It serves as a reference linking to a DID document, similar to how a URL would be linked to a specific web resource. The structure is did:<method>:<method-specific-id> (for example, did:ens:spruce.eth or did:web:spruceid.com).
- 💭URI - Uniform Resource Identifier
A URI is a string of characters that is the standard identifier format for all resources on the web. A DID is a type of URI scheme, as shown above. The most commonly known URI is the URL, a standard web address (like https://twitter.com).
- 💭VC - Verifiable Credential
No, not a venture capitalist. This VC is a tamper-proof, cryptographically secure form of a machine-readable credential. For example, it might be a digital version of your SSN, a German passport, or even a concert ticket.
- 💭LOA - Levels of assurance
LOA is the degree of certainty that an entity is who or who they claim to be. Higher levels are required where risk of fraud is more serious, such as buying a plane ticket (high risk), compared to buying a t-shirt (low risk).
- 💭KYC - Know Your Customer
KYC are standards used in the financial industry to verify the identity of customers and assess their risk levels. These standards were designed to protect against fraud, corruption, money laundering, and sanctions noncompliance.
- 💭PII - Personal Identifiable Information
PII is any piece of information that either directly or indirectly identifies a specific individual. For example, this might be a credit card number. It could also simply be “Board of Directors at company ABC, female” if only one person fits that criteria.
- 💭SSO - Single Sign-On
SSO is when one login can be used across multiple applications and services. For example, your same Google login can be used to create an account on an eCommerce website, like Zara, but also on a work messaging service, like Slack.
- 💭OIDC - OpenID Connect
An open authentication protocol that allows a user’s identity to be verified when trying to access a protected HTTPs endpoint. It sits on top of OAuth 2.0 with login and profile information on the user, enabling single sign-on. If you're interested in learning more, the spec for OAuth 2.0 is a good place to start.
- 💭SIOP - Self-issued OpenID Provider
SIOP is an extension of OIDC for the SSI use case (yes, more acronyms - both OIDC and SSI defined above). SIOP enables users to interact directly with verifiers themselves to prove identity, without needing to rely on a third-party provider (like Google). It is “self-issued” because users serve as their own Identity Provider (IdP, defined next) in this extension.
- 💭IdP - Identity Provider
An IdP is a trusted, centralized party that creates, stores, and manages digital identities for users and also provides authentication services. An IdP lets you use single-sign on to create accounts across multiple services, reducing the need to remember unique usernames and passwords for each service.
- 💭IAM - Identity and Access Management
IAM is the set of tools and policies for managing the roles and permissions for users to a variety of applications. For example, the goal for an enterprise is to give people and devices the appropriate access rights, while keeping the ability to cut off access to sensitive information if needed, like if a laptop is stolen.
- 💭SAML - Security Assertion Markup Language
SAML is an open standard for authentication that enables you to use one set of login credentials to access multiple web applications. Web applications use SAML to transfer authentication information in a specific format between the identity provider and a service provider.
- 💭IDaaS - Identity as a Service
IDaaS is a cloud-based identity management service operated by a third-party provider. It enables IT teams to consolidate workflows like VPN remote access, multi-factor authentication, single sign-on, and other identity services to be managed by one provider, rather than building solutions themselves.
- 💭ZKP - Zero-Knowledge Proof
A cryptographic protocol where a claim is proven true without revealing any additional information beyond that the claim is true. For example, the bouncer at your favorite happy hour bar would know you're over 21, but doesn't see your exact birthday.
- 💭IPFS - InterPlanetary File System
IPFS is a peer-to-peer file storage system. Each device on a network is connected to the same file system and each file within the system has a unique hash of its contents. The artwork for NFT projects is stored on IPFS in most cases.
- 💭SIWE - Sign-In with Ethereum
Last, but certainly not least, SIWE is a standard that describes how Ethereum accounts authenticate with off-chain services using a standardized message format. This is an important step to improve interoperability across off-chain services that use Ethereum-based authentication. Yes, we’re a bit biased about this one, as we helped to develop it, alongside the Ethereum Foundation and ENS.
Yes, that was a lot of acronyms. We hope this helped to make the world of decentralized identity a bit more clear. In future blog posts, we’ll break down these concepts to help you further understand how they fit together in workflows and what different use cases they might have in our daily lives.
About Spruce: Spruce lets users control their data across the web. If you're curious about integrating Spruce's technology into your project, come chat with us in our Discord.