Extrimian – Incucai | Part II

3. Implementation of Decentralized Digital Identity

a. Creation of Decentralized Identifiers (DIDs)

A Decentralized Identifier (DID) is a unique and secure identifier that allows users to have full control over their digital identity without relying on centralized authorities. DIDs are based on cryptography and blockchain technologies and can be independently verified by any interested party. A DID is represented in URL format and is associated with a DID document, which contains the necessary information to interact with the DID, including public keys, authentication methods, and associated services.

  1. Generation of the DID:

A Decentralized Identifier (DID) is created for each user (donor and recipient) using tools provided by Extrimian.

Example of a DID: did:example:123456789abcdefghi

2. Publication of the DID:

The DID is published on a protocol, such as the one used by QuarkID, to ensure it is accessible and verifiable. This ensures the DID is unique and its authenticity can be verified in a decentralized manner.

3. Tools used:

  • Extrimian’s API for creating and managing DIDs.
  • QuarkID protocol for registering and resolving DIDs.

b. Issuance of Verifiable Credentials (VCs)

  1. What is a Verifiable Credential?

A Verifiable Credential (VC) is a digital certificate that confirms specific information about the holder, such as their identity, qualifications, health status, among others. VCs allow the verification of information in a secure and private manner, using cryptographic technologies.

VCs are stored in the holder’s digital wallet and allow selective disclosure of data, meaning the holder can share only the necessary information with third parties without revealing additional details.

2. Creation of Credentials:

Verifiable credentials are created to represent important information such as the donor/recipient identity, health status, and compatibility. This process includes structuring the credential in JSON-LD format, using W3C contexts to ensure interoperability.

3. Signing of Credentials:

Credentials are digitally signed using advanced cryptography (such as BBS+ and JWT) to ensure their authenticity. The digital signature guarantees that the credential has not been altered and that the information is reliable.

4. Tools used:

  • IDConnect for creating and signing verifiable credentials.
  • Use of JSON-LD and W3C contexts for structuring credentials.

c. Storage and Key Management

  1. What is Vault?

Vault is an advanced tool for managing secrets and cryptographic keys. It is designed to manage and protect access to sensitive data and secrets, such as encryption keys, tokens, passwords, and certificates.

Vault offers capabilities such as dynamic credential management, data encryption, policy-based access control, and detailed auditing of accesses and operations.

2. Generation of Keys:

Robust cryptographic keys are generated to protect the user’s identity and data. These keys act as a security mechanism to ensure the integrity and confidentiality of the information.

3. Custody of Keys:

Keys are securely stored using Vault, ensuring that only the owner or authorized parties have access to them. Vault manages the lifecycle of keys, including their rotation and revocation when necessary.

4. Tools Used:

  • Vault for secure key management.
  • Extrimian’s Backend Agent to facilitate credential and key management.
Previous Lesson
Back to Course
Next Lesson