ara4n
commented
7 years ago tarcus in HQ suggested https://openalias.org/ after my fosdem talk (https://fosdem.org/2017/schedule/event/matrix_future/) which certainly sounds quite interesting...
Open matrixbot opened 7 years ago
ara4n
commented
7 years ago tarcus in HQ suggested https://openalias.org/ after my fosdem talk (https://fosdem.org/2017/schedule/event/matrix_future/) which certainly sounds quite interesting...
ara4n
commented
7 years ago someone in the audience also suggested indieauth during the talk.
there's also a new persona-like service called https://portier.github.io/ which might be relevant
uniconstructor
commented
5 years ago @ara4n I checked out OpenAlias project website and their repositories and discovered several major problems:
If you need an open, reliable and well-designed solution for decentralized identity system - consider to use an existing open source p2p ecosystem: libp2p.io. It is a toolset developed by Protocol Labs team.
Now the main part: what parts of this this toolset you can use, and how can it help you with you goals:
1) You need "a good solution for simply replacing the email->mxid mapping system" - it is about naming and addresing. Check out multiaddr: https://github.com/multiformats/multiaddr Multiaddr is a part of more global Multiformats project: https://multiformats.io/ It can help you to create a protocol/application/format agnostic identity storage and allow you to use any persistance technology that you like (DNS-record/blockchain transaction/IPFS ond so on) 2) "There's been lots of discussion about this, talking about using existing decentralised identity systems or ledgers ranging from keybase, blockstack (onename), webfist, stellar.org, evernym, uport.me, namecoin, WebAuthn, WebID, Alpenhorn's anytrust model, etc" - you don't have to choose - use all of them, and convert identity data between any formats. Multicodec can be useful for this: https://github.com/multiformats/multicodec . Multicodec provides public registry of existing encoding formats sou you are not have to reinvent the wheel: https://github.com/multiformats/multicodec/blob/master/table.csv. If we talking about implementing logic of conversion identity data between different formats - GraphQL is a good choice for this too. 3) You need an ability to request, issue and verify claims of any kind. W3C have a working draft for this, named "Verifiable Claims": https://www.w3.org/TR/verifiable-claims-data-model/ As a developer you often need a detailed instruction about how to implement something (like "zero knowlenge proof") using "the right way". I think w3c standards - is a best thing that we have for this. 4) globally accessible, up-to-date public registry of public identity information: IPFS is a perfect solution for this: https://ipfs.io IPFS + (Any popular blockchain) = absolutely immutable storage for any important file. 5) Finaly, and most important - you need a common way to link several identity accounts together. IPLD will be perfect solution here: https://ipld.io/
That's all for now - I hope you that some of this projects/ideas will be useful for building decentralized Matrix-based identity system.
You doing a great project. Have fun.
jh72de
commented
3 years ago To quote @xuhcc'comment on matrix-org/matrix-spec#246: "There is a draft of W3C standard for decentralized identifiers: https://w3c.github.io/did-core/"
AdamEunson
commented
3 years ago It may be worth getting in touch with the team at the IOTA Foundation. They're working on their open source Digital Identity protocols that are built based on the W3C standards for DIDs and VCs. They're working on DIDComms as well, pretty sure auth is in the roadmap somewhere, if not already being implemented. https://github.com/iotaledger/identity.rs
GentleRV
commented
1 year ago Why not use the local database to store users and their profiles even with 2fa athentification All decentralized locations are sources for hacking Before I installed rocketchat and had no issues with it, the look from synapse change my mind. Also in rocket chat was easy to connect my home jitsi server without any issues, with matrix I already see that i need to install riot on my server to make it possible.
ShadowJonathan
commented
1 year ago I just came across this, "Petnames", which seems to do away with global DID naming and instead introduce relative names to users, possibly backed by a key, on local scale: https://spritely.institute/news/two-petnames-papers-are-released.html
izN8nu6RyeneG5XnBoBgyRMVGH6H43WF
commented
1 year ago @jh72de said: There is a draft of W3C standard for decentralized identifiers: https://w3c.github.io/did-core/
This recommendation was recently approved. I think we should go with this for two reasons:
Note there are two degrees of "resolution" or "mapping" of DIDs:
That said, what is the scope of this issue? It seems very similar to #246, which has much more discussion.
fadyanwar
commented
1 year ago @jh72de said: There is a draft of W3C standard for decentralized identifiers: https://w3c.github.io/did-core/
This recommendation was recently approved.
This is very interesting, are you aware of any ongoing implementations for this?
izN8nu6RyeneG5XnBoBgyRMVGH6H43WF
commented
1 year ago @fadyanwar said: This is very interesting, are you aware of any ongoing implementations for this?
Note that the implementation is for a DID method, a partial protocol for identity management that meets certain requirements (DID Core is basically a protocol for writing decentralized identity protocols, combined with identifier syntax). We haven't formally written one for Matrix, so there's not much to implement yet. A DID or DID Document syntax validator might be useful, but I couldn't find any single-purpose libraries for this. We may be able to extract this from a more elaborate framework built on DID, such as SideTree, which has a reference implementation.
Although the DID Implementation Guide recommends using existing methods if available, I would recommend that we write (or at least "name", by registering with W3C) our own method, so that the Matrix Foundation keeps control over the entire Matrix protocol, including our method.
This means we'll probably have to write our own implementation, maybe as so:
Submitted by @matthew:matrix.org Somehow we've got this far without a bug tracking replacing sydent and the Identity Service with a decentralised equivalent. There's been lots of discussion about this, talking about using existing decentralised identity systems or ledgers ranging from keybase, blockstack (onename), webfist, stellar.org, evernym, uport.me, namecoin, WebAuthn, WebID, Alpenhorn's anytrust model, etc. We haven't yet found a good solution for simply replacing the email->mxid mapping system of the current ISes with a decentralised one, given the problem of validating an email address in a decentralised manner, when emails themselves are inherently centralised to the SMTP servers responsible for that domain, and existing SMTP have very limited hooks for validating the identity of its users.
(Imported from https://matrix.org/jira/browse/SPEC-458)