Decentralized identity is an emerging technology which aims to give users much greater control over their data and information online as well as transparency over how it is used. Decentralized identity offers a much needed solution to centralized identity and authentication systems which provide users with little security, control, or transparency.
Decentralized identity relies on public-private key cryptography to allow participants to cryptographically sign their communications: messages, data, and requests for data. Data within the system is always under the control of the user, is usually stored off-chain, and may be kept in plaintext for public discoverability or encrypted (symmetrically or asymmetrically) for privacy. This user-controlled open data architecture allows for the separation of data from apps and services, providing users with data portability and interoperability across the web.
At the heart of every decentralized identity is a DID: a unique decentralized identifier which signs every message originating from the user, and to which all of their data is addressed. This allows DIDs to provide verifiability of information in a decentralized context by allowing users to prove ownership and control cryptographically of that information.
DIDs can be implemented without needing a centralized identity registry. This lack of a centralized authority provides several benefits to the end-user, including improved data security by preventing easy-to-target honey pots, data portability and interoperability between various services, and control.
Every 3Box account has a unique DID, called a 3ID, which allows users to interoperably manage their data and information across decentralized networks. To create or recover a 3Box account, users must authenticate by signing a particular message, called a consent message, with their asymmetric key pair. (Currently we support keys from the Ethereum network, but will soon add other blockchains.) This message and signature combination creates the entropy from which their 3ID is deterministically generated, so it will be the same every time.
If others want to look up the DID for a given public address to interact with its data, they need to lookup this mapping since only the owner of the wallet key can generate their 3ID on their own. For this reason, 3Box currently stores public key-to-DID mappings on the 3Box Address Server. Once a participant queries the Address Server to get a given DID for a public address, they can then verify the result in a decentralized way by observing a public link proof stored in the user's 3Box.
If apps or services want to interact with a user's 3Box in any additional way beyond simply reading public data, such as writing data, decrypting data, or deleting data, they will need to request that the user signs a consent message with their verified wallet keys since only the 3ID owner keys can control the decentralized identity.