Universal DID Resolver

A universal resolver for digital identity that enables interoperability between different approaches and solutions for decentralized (“self-sovereign”) identity.

Self-Sovereign Identity (“SSI”) is a new approach towards (decentralized) digital identity, that promises to put people in control of their data for the first time. SSI requires new technologies and concepts, particularly Blockchains (or other DLTs) and “Decentralized Identifiers” (“DIDs”), both of which are vital to enable a decentralized architecture without central authorities or intermediaries creating security and privacy risks. To realize decentralized digital identity (SSI) it needs an infrastructure that facilitates the use of DIDs and underlying blockchains as well as their integration into existing systems.

For the Mission Billion Challenge, we are submitting the (basic version of the) Universal DID Resolver (“Universal Resolver”), which provides functionality to resolve (different kinds of) DIDs registered on any blockchain.

Apart from the Universal Resolver, we are currently developing:

• extensions of the Universal Resolver (e.g. to search for DIDs in current and historic versions; a service that triggers notifications and other processes depending on changes of DIDs)

• the Universal DID Registrar (“Universal Registrar”), which provides functionality to register, update and revoke DIDs on any blockchain (compliant with the emerging W3C standard).

These extensions of the Universal Resolver and the Universal Registrar are, however, not part of our submission for the Mission Billion Challenge. (We are planning to publish these software components under a GPL license i.a.)

All of these components (Universal Resolver, its extensions, Universal Registrar; together we call them “Universal DID Infrastructure” or “UDI”) are important, because each of them:

- enables interoperability between different approaches and solutions of different vendors (e.g. different DID methods / data formats; use of different underlying blockchains);

- prevents vendor lock-in (by blockchain or application providers) and increases the autonomy of users, who can interact and switch applications without negative consequences;

- significantly eases the use of all kinds of DIDs and Blockchains (for developers, governments, corporations, research);

- saves overhead costs and time for developing decentralized applications (that require identity);

- facilitates the integration of SSI with existing systems;

- increases flexibility in long-term planning for developers, governments, corporations and research, which is particularly important considering the nascent nature of the involved technologies and standards;

To sum up, the Universal Resolver is one of the most basic and vital software components required by any application that aims to use decentralized digital identity (SSI), because it enables users and applications to look up and leverage digital identities (DIDs) in a universal way (independent of vendors or underlying blockchains).

The Universal Resolver is the first project that allows anyone to resolve different kinds of DIDs (on different underlying blockchains) and by this creates interoperability between different SSI approaches and facilitates the use of DIDs (and underlying blockchains) for developers, governments, corporations and research.

The technical architecture of the “Universal Resolver” exposes a generic DID Resolution API and implements it using a set of plug-in “drivers”.

Our solution demonstrates privacy-by-design on different levels:

• Decentralization: The Universal Resolver facilitates the development and integration of decentralized identity systems, that allow people to control and manage their personal data. There is no central authority or power that can access peoples’ data.

• DIDs: DIDs mainly contain a public key and a service endpoint. Other data, like personal data, is stored off-chain to enhance privacy and compliance (e.g. GDPR).

• Interoperability to increase privacy: The core function of the Universal Resolver is to make all kinds of DIDs “usable” (resolvable). This interoperability allows to leverage strengths of different DID methods and blockchains, incl. different methods to ensure the highest level of privacy such as Zero Knowledge Proofs or Chameleon Hashes.

Note: The UDI would go even further by allowing to e.g. create different DIDs for different interactions as well as for other operations (e.g. key exchange) which enhance privacy (e.g. by making correlation unfeasible) with the Universal Registrar.

Generally, the Universal Resolver can be run as a private or public instance and be integrated via an API into existing systems and applications to avoid “rip and replace”.

However, the purpose of the Universal Resolver is to facilitate the development and integration of decentralized identity systems (SSI). The idea behind SSI is that every person can create, control and manage their own digital identities (meaning DIDs registered on blockchains e.g. with the Universal Resolver) and digital credentials (e.g. personal data). If someone requests data, one can either provide digital credentials (which can be verified by e.g. NGOs, governments, banks) or not. The important thing is that user’s data is stored wherever they want it to be (decentralized). Nevertheless, centralized data aggregation will continue to exist (particularly done by trusted organizations who verify credentials e.g. NGOs). Therefore, the Universal Resolver could be used to build decentralized identity solutions, which can leverage centralized approaches by using verifiable credentials (e.g. a bank signs KYC data of a person “A” from their centralized data base and transfers this signed “verifiable credential” to “A”, who can then use it in interactions with others).

The Universal Resolver would primarily function in the background to enable interoperability between different solutions/applications by different vendors, meaning that the end-user (e.g. an individual) would not directly interact with the Universal Resolver. Nevertheless, it would significantly impact the end-users’ overall experience, because:

• it enables applications with more/better functionalities, incl. higher privacy and better security (because different DIDs and underlying blockchains can be used by application developers);

• it prevents (unnecessary) fragmentation of applications and services;

• it prevents lock in effects (end-users can easily switch applications without negative consequences)

Apart from facilitating the use and integration of the core building blocks of decentralized identity or SSI (DIDs, Blockchains), the main purpose of the Universal Resolver is to enable interoperability between different solutions (DID methods/data formats, blockchains) with a flexible and extensible architecture based on evolving standards (W3C) to prevent vendor lock-in and ensure full data portability of users.

The Universal Resolver creates interoperability by exposing a generic DID Resolution API and implements it using a set of plug-in "drivers". The Universal Resolver can be used via the web or an API, and can be run either as a private or as a public instance.

The DID concept (and therefore also DID Resolution) is extensible in the sense that new DID "methods" can be designed that also work in low connectivity environments. For example, a "peer" DID method is currently being developed, which allows the use of DIDs that exist purely between two individuals through their local "agents". This does not require any access to the wider Internet, only local connectivity between the participants (even ad-hoc mesh networks).

Given that our solution will mainly work in the background, we do not see an issue with UI/UX design.

Our vision is to unleash the potential of SSI, by providing the key building blocks to establish universal interoperability between different solutions.

We already launched a basic version of the Universal Resolver (project of this submission) as the first step to fulfill our vision. We will continously expand the functionality of the solution, and maintain it in alignment with progress on the relevant W3C standards.

We also collaborate closely with SSI communities such as the Decentralized Identity Foundation, and we receive contributions to the Universal Resolver by many leading SSI startups and initiatives, understanding that collaboration is essential.

Decentralized Identity Foundation: Leading the Universal DID Resolver development; Co-chair of DID Auth Working Group

Sovrin: Technical Governance Board, Founding Steward, Contributions to Hyperledger Indy etc.

W3C: Co-author & editor roles (e.g. DID draft specification, DID Resolution draft specification), implementation of libraries (e.g. W3C WebID standard, Verifiable Credentials data model), member of working & community groups (e.g. Verifiable Claims).

OASIS: Co-chair of XDI Technical Committee

Consortia (US, EU): Developed ID solutions (using the UDI) for private sector consortiums

Governments (CAN): Implemented a new authentication method based on DIDs.

Research Institutes (EU): Working with research institutes on decentralized identity (incl. PoCs)

Technology - Markus Sabadello (CEO/CTO)

• global pioneer for digital identity (+15 years experience)

• two master’s degrees

• ex-consultant at Harvard, MIT, World Economic Forum (i.a.)

• Leading web standardization

• International network & built open source tools used globally (e.g. DID Resolver used by companies like Microsoft)

Business - Dominik Beron (COO)

• J.D. (law) & executive education from UPenn, Oxford

• Serial Entrepreneur (mainly social businesses)

• Ex-consultant to UN & speaker of digitization at Austrian Parliament

• Global Network (public & private sector)

• Awarded (e.g. “30 under 30” (Forbes); nomination as “Innovator under 35” (MIT))

The basic version of the Universal Resolver (this submission) is currently available under to Apache 2.0 license.

For extensions of the Universal Resolver (e.g. search for current DIDs and their historical versions, notification and automation services) and for the Universal Registrar (incl. extensions that allow to e.g. update and revoke DIDs) we are currently evaluating different pricing models (freemium, subscription, one-time-license with licenses for updates and maintenance, pay-per-use) and open source licenses (e.g. GPL) for dual licensing. Our current pricing is determined on a case-by-case basis, given the relatively big size of our projects requiring the UDI (e.g. multi-industry consortia).

Regardless of the concrete pricing model, the UDI will serve as the basic software layer that allows developers, governments, corporations and researchers to use different kinds of DIDs (and underlying blockchains) more seamlessly to create powerful (decentralized) applications.

Illustrative Analogy: Google makes information accessible by providing a search engine for the web (DNS). The Universal Resolver makes digital identities accessible and usable (e.g. searchable). Moreover, the Universal Registrar allows people and applications to create, update and revoke their digital identities.

We believe in the importance of universal digital identities that are under the control of individuals. We are involved in the identity space for over a decade, we are pioneering SSI since the beginning (~ 4-5 years ago) and we believe that providing an infrastructure that facilitates the development of SSI and creates interoperability between existing and new solutions (SSI) is key to enable universal digital identities.

We want to bring universal digital identities not only to governments and corporations (current customers), but to everyone and the Mission Billion Challenge is a huge opportunity to reach this goal.

The main challenge is that some of the core technologies (DIDs, blockchain/DLT itself, Verifiable Credentials) are quite nascent and still under development (incl. standards).

We plan to mitigate these risks by closely monitoring developments and by our extensible architecture that makes it possible to replace technologies on each layer of the stack with other options.

Other barriers are e.g. friction linked to the implementing of new systems in general, the complexity of SSI or unresolved questions around topics like scalability and privacy (e.g. which methods – off-chain data storage, Zero Knowledge Proofs etc. - are best suitable for compliance).