DID Messaging: A Batphone for Everyone


This post is by Phil Windley's Technometria from Phil Windley's Technometria


Click here to view on the original site: Original Post




Summary: DID Messaging can provide a secure, authenticated, and verified channel for every relationship you have.

Batphone

In my last post, I wrote about a demo given by BCGov, Spark NZ, and Streetcred ID at the last Internet Identity Workshop. That demo caused a lot of people to download and try out Streetcred ID's digital wallet. One of the features that Streetcred ID built into their wallet was peer-to-peer messaging based on DID Messaging and that led to some interesting insights.

A Brief Primer on DIDs

If you're not familiar with DIDs, take a minute to go read my article on Decentralized Identifiers from earlier this year. I'll summarize the relevant parts here:

  • DIDs are a new type of cryptographic identitfier that are resolvable, non-reassignable, and decentralized (not under the control of a single authority).
  • DIDs have at least one associated public/private key pair.
  • The public key(s) and endpoints associated with
    Creating a DID Invitation
    Verifying the Relationship
    Messaging in the Streetcred ID digital wallet
    DID can be retrieved by resolving the DID and getting them from the resulting DID Document.

DIDs are inexpensive to create, so best practice is to create a new DID for every one with whom you create a digital relationship. The exchange of these so-called "peer DIDs" thus creates a mutually-authenticated relationship between the participants, where each can use the public key associated with the other's DID to authenticate them.

The wide use of peer DID exchange creates a network of peer-to-peer relationships that are not only mutually authenticated, but can exchange encrypted messages with each other. This capability requires the use of a DID Messaging protocol like the one found in the open-source Hyperledger Aries codebase1 that forms the basis for peer-to-peer interactions in the Sovrin network. The software that exchanges these messages for each party is called an "agent".

DID Messaging

As I mentioned, the Streetcred ID digital wallet supports peer-to-peer messaging through Sovrin P2P agents. This is something any wallet based on Aries and Sovrin could do, but as far as I know, Streetcred ID's wallet is the first to explore this capability.

After IIW, a friend of mine, Tim Bouma, was talking about the P2P messaging in the Streetcred wallet. He hadn't been at IIW, but I opened my wallet and created an invitation for Tim and sent it to him in a Twitter DM.

Creating a DID Invitation
Creating a DID Invitation in Streetcred ID's Digital Wallet (click to enlarge)

Tim accepted the invitation, but how could I be sure it was him--that Malfroy hadn't intercepted the invitation I sent Tim and inserted himself in the middle of the communication? Fortunately the wallet had a solution. I was able to ask Tim to prove things about himself based on credentials he had in his wallet.

Verifying the Relationship
Verifying the Relationship using an Email Credential (click to enlarge)

Once Tim has proven his email address to me from a credential, I was more sure I was really connected to Tim. For a higher value exchange, I could have asked for other information from Tim until I was sure that it was really him on the other end. With that, we were able to exchange messages. The software took care of encrypting our communcation and ensuring that my discussion with Tim was both protected and to him alone.

Messaging in the Streetcred ID digital wallet
Messaging in the Streetcred ID Digital Wallet (click to enlarge)

The Batphone

After this exchange, Vic Cooper likened DID-based P2P messaging to the Batphone. When Batman picks up the Batphone to talk with Commissioner Gordon, Commissioner Gordon doesn't start off the conversation with "Who am I speaking to?", "Can you give me your account number?", "What's your date of birth?", or "What street did you live on in Junior High?" When Commissionor Gordon picks up the Batphone, he knows it's Batman on the other end. Only Batman can call on the Batphone.

So DID Messaging is like have a Batphone for every digital relationship you have. You and they know they're communicating with the right party2. All the messages are protected from eavesdroppers.

DID Messaging could revolutize how we talk to each other and how we communicate with businesses.

  • We no longer have to rely on a correlatable identifier like an email or phone number, to identify the other party.
  • We no longer have to use centralized systems to talk to other parties with the attendent risk of the system being down or the the conversation not being private.
  • We save time and money using frictionless communications with companies we need to work with. We might even get better service.
  • We can verify who's at the other end by asking them to prove things to us.
  • We can sever one relationship without affecting others since everyone has a different identifier for us.

DID Messaging is the foundation for verifiable credential exchange, but is more general purpose and can be used to reliably and securely exchange messages with anyone else who has a digital wallet that supports DIDs3.


Notes

  1. The Aries project was recently split off from the Hyperledger Indy project.
  2. If you're concerned about losing your phone and having all those relationships exposed, see What If I Lose My Phone.
  3. Not all digital wallets currently expose the DID messaging functionality, but any that do will be compatible with each other.

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.