分散型IDとはなにか / What is Decentralized Identity

Transcript

1. What Is Decentralized Identity Hi-Con 2018 Nov 10th 2018 Kunihito

   Kuwabara ෼ࢄܕIDͱ͸Կ͔

2. Kunihito Kuwabara Hi-Ether Tech Lead DeNA 2016೥৽ଔೖࣾɻ ΦʔτϞʔςΟϒࣄۀ෦Ͱ࣍ੈ୅ϞϏϦςΟ αʔϏεʮEasy Rideʯͷ։ൃϦʔυɻ

   ࠓ೥9݄ୀ৬ɻݱࡏ͸ϑϦʔϥϯεɻ 2 OpenId Connect / DID / Identity Go / Node.js / Python Ethererum Golf, Outdoor, Workout, Cooking @chanpu_

3. What Is Identity

4. Who Am I ? Who Are You?

5. ̍̍̕̕೥౦ژʹੜ·ΕΔ

6. ੒௕͠ɺ

7. ຊ౰ʹಉ͡ਓ͔ʁ

8. Personal Data 8 Family Register Purchase History Finance Education Occupation

   Health

9. ϑΣΠΫ৘ใ

10. Know Your Customer (KYC) • AML (Anti-Money Laundering) • ࢿۚચড়ରࡦ

    • CFT (Counter Financing of Terrorism) • ςϩࢿۚڙ༩ରࡦ

11. Know Your Customer (KYC) • Verification Documents • ύεϙʔτ •

    ໔ڐূ • ॅຽථ • ೥ۚखா

12. Internet Identification • Authentication : ೝূ • ຊਓͰ͋Δ͜ͱΛ֬ೝ͢Δ͜ͱ • Authorization

    : ೝՄ • ϦιʔεͷΞΫηεݖݶΛ༩͑Δ͜ͱ • ≠ ڐՄʁ

13. 13 Digital Identity

14. 14 Federated Identity

15. 15 ᶃ ᶄ ᶅ ᶆ ᶇ OP/ AuthZ server RP/Client

    ᶃ Access Client ᶄ Request Authorization ᶅ AuthN & AuthZ ᶆ AuthN Response ᶇ Token Request ᶈ Access Token & IdToken ᶈ OpenID Connect

16. 16 Secure ৘ใ࿙Ӯɾ։ࣔΛ͞Εͳ͍ Controllability ࣗ෼ͷ৘ใΛ໨తʹԠͯ͡؅ཧ Portability ϓϩόΠμʔʹറΒΕͣʹެ։ Self- Sovereign Identity

    ࣗݾূ໌ܕ਎෼ূ໌

17. 17 Self- Sovereign Identity ᶃ ᶄ ᶅ ᶆ ᶃ Attestations

    Request ᶄ Attestations Response ᶅ Send Attested information ᶆ Accept to access

18. 18 ୈࡾػ͔ؔΒอূʢAttestationsʣ͞Εͨ ࢿ֨৘ใʢCredentialsʣͱ ଐੑ৘ใʢClaimsʣΛ ෼ݖԽ͞Εͨূ໌ʢProofsʣͱͯ͠ อ࣋ͯࣗ͠ݾ؅ཧͰ͖Δ֓೦ Self-Sovereign Identity

19. 19 Self-Sovereign Identity Management on the Blockchain

20. ERC725 20 By Fabian Vogelsteller

21. 21 ERC725 • Identity͕ॴ༗͢Δެ։伴ͷ؅ཧ • ΩʔλΠϓ • MANAGEMENTɿIdentityΛ؅ཧ͢Δ • ACTION

    ɿTx, login, access ͳͲΛѻ͏ • CLAIM_SIGNER ɿClaimΛॺ໊͢Δ • ENCRYPTION ɿσʔλΛ҉߸Խ͢Δ

22. 22 ERC735 • Claimͷ؅ཧ • ΠϯλʔϑΣʔεΛఆٛ struct Claim { uint256

    topic; uint256 scheme; address issuer; // msg.sender bytes signature; // this.address + topic + data bytes data; string uri; }

23. Origin Protocol 23

24. 24 ERC780 • Ethereum Claims Registry (ECR) • ClaimΛอ࣋͢ΔϨδετϦ •

    Gasফඅͷ࡟ݮ By Joel Torstensson

25. 25 ERC1056 • Lightweight Identity • DIDʹ४ڌ • Identityͷ࡞੒ •

    Identity Ownership • Claimॴ༗ͷมߋ • Delegate management • ΦϯɾΦϑνΣʔϯͷσϦήʔτͷ؅ཧ • Attribute management • Attributeͷ؅ཧ By Pelle Braendgaard, Joel Torstensson

26. 26 Decentralized Identities (DIDs) • Decentralized Identity Foudation (DIF) •

    Microsoft, uPort, EvernymͳͲ • ෼ࢄIDͷඪ४Խ • ਓɺ૊৫ɺσόΠεͳͲશͯʹ૊ΈࠐΉ • Https://Medium.Com/Decentralized-Identity/The-Rising-Tide-Of-Decentralized-Identity-2E163E4Ec663

27. 27 Decentralized Identities (DIDs) { "@context": "https://w3id.org/did/v1", "id": "did:example:123456789abcdefghi", "publicKey":

    [{ "id": "did:example:123456789abcdefghi#keys-1", "type": "RsaVerificationKey2018", "owner": "did:example:123456789abcdefghi", "publicKeyPem": "-----BEGIN PUBLIC KEY...END PUBLIC KEY-----\r\n" }], "authentication": [{ // this key can be used to authenticate as DID ...9938 "type": "RsaSignatureAuthentication2018", "publicKey": "did:example:123456789abcdefghi#keys-1" }], "service": [{ "type": "ExampleService", "serviceEndpoint": "https://example.com/endpoint/8377464" }] }

28. 28 Verifiable Claims Data Model { "@context": [ "https://w3id.org/identity/v1", "https://w3id.org/security/v1"

    ], "id": "http://example.gov/credentials/3732", "type": ["Credential", "ProofOfAgeCredential"], "issuer": "https://dmv.example.gov", "issued": "2010-01-01", "claim": { "id": "did:example:ebfeb1f712ebc6f1c276e12ec21", "ageOver": 21 }, "signature": { "type": "LinkedDataSignature2015", "created": "2016-06-18T21:10:38Z", "creator": "https://example.com/jdoe/keys/1", "domain": "json-ld.org", "nonce": "6165d7e8", "signatureValue": “g4j9UrpHM4/uu32NlTw0HDaSaYF2sykskfuByD7UbuqEc… }

29. 29 Identity Project • UniversalLogin SDK • Malt factor Authentication

    • Friendly name • Meta tx • Iden3 • Circom • zkSNARKs

30. uPort 30 By Consensys

31. 31 uPort • uPort Connect • ΫϥΠΞϯταΠυͷॲཧϥΠϒϥϦ • uPort Credentials

    • Node αʔόʔͷॲཧϥΠϒϥϦ • idͷॺ໊ͱݕূͷϥΠϒϥϦ • Attestation,CredentialͷϦΫΤετ • uPort Transports • QRίʔυɺϓογϡ௨஌ͳͲ • uPort Mobile • ϞόΠϧ΢ΥϨοτΞϓϦ

32. 32 uPort

33. uPort 33 https://github.com/uport-project/specs/blob/develop/flows/selectivedisclosure.md

34. 34 Discloser Request { header: { typ: 'JWT', alg: 'ES256K-R'

    }, payload: { iat: 1541728129, exp: 1541728729, verified: [ 'Attended Hi-Con 2018' ], callback: ‘https://client.example.com/callback', type: 'shareReq', iss: ‘did:ethr: 0xbc3ae59bc76f894822622cdef7a2018dbe…’ }, signature: ‘Y4W9pnt1s…’, data: ‘eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NkstUiJ9.eyJ …’ } Signed JWT

35. 35 Discloser Request { header: { typ: 'JWT', alg: 'ES256K-R'

    }, payload: { iat: 1541728129, exp: 1541728729, verified: [ 'Attended Hi-Con 2018' ], callback: ‘https://client.example.com/callback', type: 'shareReq', iss: ‘did:ethr: 0xbc3ae59bc76f894822622cdef7a2018dbe…’ }, signature: ‘Y4W9pnt1s…’, data: ‘eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NkstUiJ9.eyJ …’ } Signed JWT

36. 36 Discloser Response { header: { typ: 'JWT', alg: 'ES256K'

    }, payload: { iat: 1541728150, exp: 1541814550, aud: ‘did:ethr: 0xbc3ae59bc76f894822622cdef7a2018dbe3…’, type: 'shareResp', own: { 'Attended Hi-Con 2018': [Object] }, req: ‘eyJ0eXAiOiJKV1QiLCJhbGciOJ9.eyJ..’, verified: [ ‘eyJ0eXAiOiJKV1QiL…’ ], iss: ‘did:uport: 2oiRRdjbNm8HPZYJenjPatn…’ }, signature: ‘Xwk6vZ-…, data: ‘eyJ0eXAiOiJKV1QiLCJhbGciOiJ…’

37. 37 Verified Response { iat: 1541732199, sub: ‘did:ethr:0x0b2f60af6b72d99c14b…’, claim: {

    'Attended Hi-Con 2018': { event: 'Hi-Con 2018', date: 'November 10, 2018', location: 'Tokyo, Japan' } }, iss: ‘2ojjrmbQaUCKNGzZVd1pxdBu3qjCU…’, jwt: ‘eyJ0eXAiOiJKV1QiLCJhbGciO…’ }

38. Gakusei 38 By Hi-Ether

39. 39 Gakusei