archive
/
matrix-spec-proposals
mirror of https://github.com/matrix-org/matrix-spec-proposals
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge e8d3ce5481 into ecf996389f

Browse Source
pull/1762/merge
Friedger 2 months ago committed by GitHub
parent ecf996389f e8d3ce5481
commit 37468dc7ce
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 113 additions and 0 deletions
Show Stats Download Patch File Download Diff File

113
proposals/1762-3pid-did.md
Unescape Escape View File

@ -0,0 +1,113 @@
# Proposal to support user-owned identifiers as 3rd party identifiers (3PID)
Email and phone numbers are well-established third party identifiers (3PID). The
verification that a user owns such an identifiers is usually done by sending an
email or SMS. The finalization of the verification requires interaction from the
user. With the advances in blockchain technologies, so-called user-owned or
"distributed identifiers" (DID) have been established that are created, owned
and controlled by the person herself. Third-parties can verify the ownership of
DIDs by verifying cryptographic signatures using public/private key pairs
associated with these DIDs.
For the matrix protocol, this means
* that DIDs can be associated and verified with a user account, and
* that autentication can be done with the matrix username, 3PID and a signature only,
without using the user's password similar to [email based authentication via
identity
server](https://matrix.org/docs/spec/client_server/r0.4.0.html#email-based-identity-server).
Both aspects should be defined in separate MSCs and are mentioned as motivation
why DIDs are a good candidate for a new 3PID type.
While DIDs are not human-friendly identifiers by definition there are some DID
methods that associate a human-friendly id to DIDs. These ids/names should be used
to lookup matrix users through the identity servers as well (in addition to
using DIDs for lookup).
## Proposal
During the last year decentralized identifiers have been standardized by the
[W3C Credentials Community Group](https://w3c-ccg.github.io) (CCG). There exists
several methods to create DIDs. A list of these methods is maintained by the
[CCG Method Registry](https://w3c-ccg.github.io/did-method-registry). The group
also defines standards to describe properties of identifiers, in particular how
to verify ownership of DIDs.
Supporting DIDs as a new 3PID type opens the matrix network to users that are
using DIDs, enables applications with control over DIDs to communicate across
the borders of DID methods, e.g. connect users with a blockstack.org account
(did:stacks:..) to users with sovrin.org accounts (did:sov:..) and to users that
do not have any DID but a matrix account.
DIDs should be defined as a new 3PID type. The medium should be defined as
``m.did``. The address should contains the DID in normalized form as [defined by
the W3C CCG](https://w3c-ccg.github.io/did-spec/#normalization).
Example (for address
[15gxXgJyT5tM5A4Cbx99nwccynHYsBouzr](https://core.blockstack.org/v1/dids/did:stack:v0:15gxXgJyT5tM5A4Cbx99nwccynHYsBouzr-0)):
```
{
medium: "m.did",
address: "did:stack:v0:15gxXgJyT5tM5A4Cbx99nwccynHYsBouzr-0"
}
```
Furthermore, extensions of the 3PID type ``m.did`` should be defined for DID
methods that support human-friendly names. The type should consist of ``m.did.``
followed by the DID methods as defined in the [DID name
registry](https://w3c-ccg.github.io/did-method-registry/). In particular the
following two should be added (more could be added in separate MSCs):
* ``m.did.stack`` for names associated with a DID that starts with
``did:stack:``
* ``m.did.erc725`` for names associated with a DID that starts with
``did:erc725:``
The address of these types are the names in the corresponding DID namespace. The
names can be resolved to DIDs using a resolver method defined by the DID method.
Example (resolves to the [same public
key](https://core.blockstack.org/v1/users/judecnelson.id) as the example above):
````
{
medium: "m.did.stack",
address: "judecnelson.id"
}
````
## Tradeoffs
Instead of adding a new type of 3PID, DID could be defined as a new identifier
type (e.g. ``m.id.did``) as the user has created the DID herself, is in control
of it and can be used for authentication. However, DIDs in general and DID
methods in particular define their own namespaces that matches the concept of
3PID very well. Users make use of their DIDs in other context, e.g.
decentralized apps and might have an interest to make use of them in the
context of matrix as well as other users (or apps) know already the user's DID or the user's human-friendly name associated with the DID.
Furthermore, a new 3PID could be defined for each DID methods like
``m.did.stack`` or ``m.did.btcr``. However, it is not clear which methods will
be defined in the future and the DID method can also be derived from the address
if needed. Therefore, it is not necessary to distinguish mediums for all
different methods.
## Potential issues
More DID methods might provide human friendly names.
## Security considerations
Associating DIDs with email or phone number could have unwanted privacy
implications for the user. However, the user is free to choose which DID she
wants to publish or whether to publish one at all.
## Conclusion
Adding support for decentralized identifiers is inline with the vision of
matrix.org to build an open, decentralized communication network. The proposed
new 3PID type helps users to include their DID as they are used to in other
decentralized apps and as they are used to with email and phone numbers. With
their cryptographic properties DIDs have the potential to provide a new,
password-less, decentralized authentication flow.
Write Preview
Loading…
Cancel
Save