didkit VS did-core

We have a CI pipeline for a cross-platform Rust library, and it currently takes an hour across C, Android, iOS, Java, etc. and different combinations of cryptographic libraries. This is probably something we’ll tune over this or next quarter. We also seem to be hitting some GitHub actions limits in terms of storage.

https://github.com/spruceid/didkit/runs/2468746631

Hello HN,

My name is Wayne Chang, co-founder of Spruce Systems, Inc. (https://spruceid.com). Spruce builds open source software that allows for the signed issuance of data to users that can then be verified. For example, transaction histories, educational qualifications, and reputation from online platforms.

I grew up on the Internet like many of you. I spent a lot of time on IRC where people frequently tried to dox others, and grew a profound respect for privacy as a result. When your online identity is a big part of who you are, it means a lot more when someone violates your privacy. Online identities will become a lot more of who everyone is, as we’ve seen especially over the past 12 hectic months. Today, we don’t have the right tools to assert control over our own identities or data, and we’re trying to change that with Spruce.

When you download your data from Google Takeout, you get a big .zip file that can’t really be used for anything but backups. The same is true with Facebook and LinkedIn. Most services don’t have automated data export and are only required to provide data when you ask.

Using new standards from W3C called Verifiable Credentials and Decentralized Identifiers, our software allows statements about people, places, and things to be issued as a package, linked together, digitally signed, and cryptographically verified. For example, employees can receive digital proofs of employment to get a mortgage. Gig economy workers can port their ratings from one system to another in a way they control. Data sets can travel along with signed statements that they have been stripped of personally identifiable information. By allowing data to move out of silos and increasingly into the hands of their owners, we can loosen the grip of a few large companies in owning everything.

These standards are already being adopted by big players open to data portability including Microsoft (issuance via Active Directory), Workday (portable work histories), the Digital Credentials Consortium (MIT/Harvard/UC Berkeley diplomas and coursework), and the World Health Organization (privacy-preserving vaccination records).

This technology could fundamentally change how we interact digitally. Instead of advertisers profiling people behind their backs, people can just present their credit card histories from Yodlee to get better offers at competitors. In web services, users can upgrade their accounts if they prove they belong to certain alumni networks. Businesses can reduce fraud and improve conversion while users regain control of their information, like if 1Password could store structured documents and also demonstrate their authenticity, untampered from their origins.

At Spruce, we’ve built a cross-platform Rust library called DIDKit that supports the use of Verifiable Credentials, Decentralized Identifiers, and many adjacent specifications in a neat bundle. Through customer feedback, we have grown the list of supported platforms to include Java, C/C++, and Node.js, with many more on the way. We further embed DIDKit into a Flutter application called Credible that runs on Android, iOS, and in the browser through WebAssembly/asm.js. It’s all open source under Apache 2.0. We make money by selling commercial tools, project roadmap commitments, and support contracts.

A great place to start is by building the DIDKit CLI tool and running the example credential issuance and verification shell script on your local GNU/Linux or MacOS machine (also works with Windows using WSL 2).

https://spruceid.dev/docs/didkit/#quickstart

https://spruceid.dev/docs/didkit/example--core-functions-in-...

We invite you to leave feedback about our engineering approach, platforms you’d like to see supported, and interesting use cases that would benefit people if their data were more portable and provably authentic.

You can find our repos here:

DIDKit: https://github.com/spruceid/didkit

Credible: https://github.com/spruceid/credible

Docs: https://spruceid.dev/docs/

In 1994, Tim Berners Lee, the creator of the World Wide Web, founded the World Wide Web Consortium (W3C). The W3C is made up of groups of people focused on setting the best practices and standards for building the web. For example, the W3C develops and maintains standards for HTML, CSS, Web Accessibility, and Web Security. In July 2022, The W3C officially published standards for Decentralized Identifiers. This way, technologists would have blueprint for building and managing digital identity as we make the shift towards controlling your identity on the internet. Check out the Decentralized Identifiers specification here.

A few months ago, I started looking into decentralization on the web and how this could impact our world as we know it today - thanks to Web5 and our work at TBD. One of the biggest and most important pillars in achieving this decentralized future is called Decentralized Identifiers (DIDs).

Unfortunate choice of name, given https://www.w3.org/TR/did-core/.

I'm also a software engineer, and I'm actively working on making it a thing in a parallel system (referenced above) lol. DIDs have been a standard for a while, and as someone who's had my SIN compromised (by Equifax of all places), our current way of handling ID is far easier to hack than a well implemented digital ID would be. Its actually asinine to me that I was compromised in 2016, and DID existed then... yet here we are 7 years later, with identity thefts only climbing year-over-year, and we still have antiquated, and clearly failing identity systems in place.

DESCRIPTION: We are looking for a Rust developer to join the team developing a cross-platform digital identity application using the Tauri framework and several (cloud-based) Rust components for Identity-as-a-Service solutions. We are a young start-up that is developing digital identity products and solutions for people and organizations, based on the decentralized identity standards. Our work includes developing open-source implementations of standards such as DID and Verifiable Credentials from W3C and OpenID4VC from the OpenID Foundation. Using this technology, people gain control over their own digital identities and data and can easily share verifiable information with third parties, enabling more privacy and digital trust.

DID methods are the W3C solution to decentralized identity: https://www.w3.org/TR/did-core/

https://www.w3.org/TR/did-core/#key-and-signature-expiration

"9.8 Verification Method Revocation" https://www.w3.org/TR/did-core/#verification-method-revocati...

Blockerts is built upon W3C DID and W3C Verified Credentials, W3C Linked Data Signatures, and Merkel trees (and JSON-LD). From the Blockerts FAQ

What do you think about Decentralized Identity (DIDs - https://www.w3.org/TR/did-core/)? With it, you can have several identities and easily generate new ones when needed (but you probably need to have a single, government-recognized identity for the real world).

Europe seems to be working hard on establishing an identity for every citizen: https://commission.europa.eu/strategy-and-policy/priorities-... (most countries already have that, but this is about unifying the various countries' ID systems).

Domain names as handles are a cool idea, and you can already do a variant of them in the "fediverse" either by hosting your own instance of a service or by configuring a WebFinger alias (which is what I do).

I'm less convinced by DIDs[1], which is what Bluesky seems to run on: I've yet to see an explanation for why the DID standard exists, given that it effectively punts all semantics (including basic things like cryptographic verification) onto unstandardized "methods" in an uncontrolled global namespace.

[1]: https://www.w3.org/TR/did-core/

- very close is the foundation regarding Decentralized Identifiers by the W3C https://www.w3.org/TR/did-core/ // https://w3c.github.io/did-core/