Verified Id (CloudMonk.io)
Verified ID
Return to Decentralized Identity, IAM
https://identity.foundation
Join us in developing the foundational components of an open, standards-based, decentralized identity ecosystem for people, organizations, apps, and devices.
Using the Microsoft Authenticator with Verified ID: https://learn.microsoft.com/en-us/entra/verified-id/using-authenticator
https://learn.microsoft.com/en-us/entra/verified-id/how-to-opt-out?source=recommendations
https://learn.microsoft.com/en-us/entra/verified-id/decentralized-identifier-overview?source=recommendations
Microsoft is actively collaborating with members of the Decentralized Identity Foundation (DIF), the W3C Credentials Community Group, and the wider identity community. We’ve worked with these groups to identify and develop critical standards, and the following standards have been implemented in our services.
* W3C Decentralized Identifiers - https://www.w3.org/TR/did-core
* W3C Verifiable Credentials - https://www.w3.org/TR/vc-data-model/
* DIF Sidetree Protocol - https://identity.foundation/sidetree/spec - Sidetree is a protocol for creating scalable Decentralized Identifier (https://w3c.github.io/did-core) networks that can run atop any existing decentralized anchoring system (e.g. Bitcoin, Ethereum, distributed ledgers, witness-based approaches) and be as open, public, and permissionless as the underlying anchoring systems they utilize. The protocol allows users to create globally unique, user-controlled identifiers and manage their associated PKI metadata, all without the need for centralized authorities or trusted third parties. The syntax of the identifier and accompanying data model used by the protocol is conformant with the W3C Decentralized Identifiers (https://w3c.github.io/did-core) specification. Implementations of the protocol can be codified as their own distinct DID Methods and registered in the W3C DID Method Registry - https://w3c.github.io/did-spec-registries/#did-methods.
* DIF Well Known DID Configuration - https://identity.foundation/specs/did-configuration
* DIF DID-SIOP - https://identity.foundation/did-siop
* DIF Presentation Exchange
Terminology
Term Description
DID Decentralized Identifier as per DID
DID Document DID Document as per DID
SIOP DID Self-Issued OpenID Connect Provider DID profile. Refers to a specific flavor of DID AuthN used in the OIDC SIOP flow.
JWT JSON Web Token as per RFC7797
JWE JSON Web Encryption as per RFC7516
JWS JSON Web Signature as per RFC7515
JWK JSON Web Key as per RFC7517
JWKS JWK Set as per RFC7517
OIDC OpenID Connect as per ?OIDC.Core
OIDC client Used synonymously with Relying Party (see RP)
OP OpenID Provider as per ?OIDC.Core
SIOP Self-Issued OpenID Provider as per ?OIDC.Core
RP Relying Party, as used in ?OIDC.Core
Identity Wallet An Identity Wallet refers to a application that is under the control and acts on behalf of the DID holder. This Also known as an identity agent. The Identity Wallet can have different form factors such as a mobile app, browser extension/ plugin etc.
DID AuthN Refers to a method of proofing control over a DID for the purpose of authentication.
Source: https://identity.foundation/did-siop
Terminology
Term Description
* [[Decentralized Identifier (DID) Unique ID string and PKI metadata document format for describing the cryptographic keys and other fundamental PKI values linked to a unique, user-controlled, self-sovereign identifier in a target system (i.e. blockchain, distributed ledger).
* [[DID Configuration Well-Known resource in the format of a JSON object that includes
* Domain Linkage Assertions - JSON object containing a DID string and cryptographic proof (in the form of a JWT signed with the specified DID's keys) that verifies the domain controller and the DID controller are the same entity.
* JWT - JSON Web Token, as specified in IETF RFC 7797 - https://datatracker.ietf.org/doc/html/rfc7797
Source: https://identity.foundation/specs/did-configuration
Terminology
This section is non-normative.
The following terms are used to describe concepts in this specification.
claim
An assertion made about a subject.
credential
A set of one or more claims made by an issuer. A verifiable credential is a tamper-evident credential that has authorship that can be cryptographically verified. Verifiable credentials can be used to build verifiable presentations, which can also be cryptographically verified. The claims in a credential can be about different subjects.
data minimization
The act of limiting the amount of shared data strictly to the minimum necessary to successfully accomplish a task or goal.
decentralized identifier
A portable URL-based identifier, also known as a DID, associated with an entity. These identifiers are most often used in a verifiable credential and are associated with subjects such that a verifiable credential itself can be easily ported from one repository to another without the need to reissue the credential. An example of a DID is did:example:123456abcdef.
decentralized identifier document
Also referred to as a DID document, this is a document that is accessible using a verifiable data registry and contains information related to a specific decentralized identifier, such as the associated repository and public key information.
derived predicate
A verifiable, boolean assertion about the value of another attribute in a verifiable credential. These are useful in zero-knowledge-proof-style verifiable presentations because they can limit information disclosure. For example, if a verifiable credential contains an attribute for expressing a specific height in centimeters, a derived predicate might reference the height attribute in the verifiable credential demonstrating that the issuer attests to a height value meeting the minimum height requirement, without actually disclosing the specific height value. For example, the subject is taller than 150 centimeters.
entity
A thing with distinct and independent existence, such as a person, organization, or device that performs one or more roles in the ecosystem.
graph
A network of information composed of subjects and their relationship to other subjects or data.
holder
A role an entity might perform by possessing one or more verifiable credentials and generating presentations from them. A holder is usually, but not always, a subject of the verifiable credentials they are holding. Holders store their credentials in credential repositories.
identity provider
An identity provider, sometimes abbreviated as IdP, is a system for creating, maintaining, and managing identity information for holders, while providing authentication services to relying party applications within a federation or distributed network. In this case the holder is always the subject. Even if the verifiable credentials are bearer credentials, it is assumed the verifiable credentials remain with the subject, and if they are not, they were stolen by an attacker. This specification does not use this term unless comparing or mapping the concepts in this document to other specifications. This specification decouples the identity provider concept into two distinct concepts: the issuer and the holder.
issuer
A role an entity can perform by asserting claims about one or more subjects, creating a verifiable credential from these claims, and transmitting the verifiable credential to a holder.
presentation
Data derived from one or more verifiable credentials, issued by one or more issuers, that is shared with a specific verifier. A verifiable presentation is a tamper-evident presentation encoded in such a way that authorship of the data can be trusted after a process of cryptographic verification. Certain types of verifiable presentations might contain data that is synthesized from, but do not contain, the original verifiable credentials (for example, zero-knowledge proofs).
repository
A program, such as a storage vault or personal verifiable credential wallet, that stores and protects access to holders' verifiable credentials.
selective disclosure
The ability of a holder to make fine-grained decisions about what information to share.
subject
A thing about which claims are made.
validation
The assurance that a verifiable credential or a verifiable presentation meets the needs of a verifier and other dependent stakeholders. This specification is constrained to verifying verifiable credentials and verifiable presentations regardless of their usage. Validating verifiable credentials or verifiable presentations is outside the scope of this specification.
verifiable data registry
A role a system might perform by mediating the creation and verification of identifiers, keys, and other relevant data, such as verifiable credential schemas, revocation registries, issuer public keys, and so on, which might be required to use verifiable credentials. Some configurations might require correlatable identifiers for subjects. Some registries, such as ones for UUIDs and public keys, might just act as namespaces for identifiers.
verification
The evaluation of whether a verifiable credential or verifiable presentation is an authentic and timely statement of the issuer or presenter, respectively. This includes checking that: the credential (or presentation) conforms to the specification; the proof method is satisfied; and, if present, the status check succeeds. Verification of a credential does not imply evaluation of the truth of claims encoded in the credential..
verifier
A role an entity performs by receiving one or more verifiable credentials, optionally inside a verifiable presentation for processing. Other specifications might refer to this concept as a relying party.
URI
A Uniform Resource Identifier, as defined by [RFC3986].
https://www.w3.org/TR/vc-data-model
Identity and Access Management (IAM): IAM, Verified ID, Identity, Access Management. AWS Identity and Access Management (IAM), AWS Single Sign-On (SSO), Azure Active Directory (Azure AD) (Microsoft Certified Identity and Access Administrator Associate), Azure Role-Based Access Control (RBAC), Microsoft 365 Identity Management, Google Cloud Identity and Access Management (IAM), Google Cloud Directory Sync (GCDS), IBM Cloud IAM, IBM Cloud Directory Service, Oracle Cloud Infrastructure Identity and Access Management (IAM), Oracle Identity Cloud Service.
User Provisioning and Deprovisioning, Single Sign-On (SSO), Multi-Factor Authentication (MFA), Identity Federation, Access Control Policies, Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), Identity Governance, Identity Providers (IdP), Service Providers (SP), Security Assertion Markup Language (SAML), OpenID Connect (OIDC), JSON Web Tokens (JWT), Directory Services, Active Directory (AD), LDAP Integration, Privileged Access Management (PAM), Identity as a Service (IDaaS), User Behavior Analytics (UBA), Access Review and Certification, Password Management, Identity Synchronization, Cloud IAM, Federated Identity Management, Biometric Authentication, Smart Cards and Tokens, OAuth 2.0, API Security and IAM, Mobile Identity Management, Social Identity Integration, Compliance and IAM, IAM Audit and Reporting, User Experience in IAM, Risk-Based Authentication, Identity Analytics, IAM for IoT, Blockchain and IAM, Zero Trust Security Model, IAM Policy Enforcement, Credential Stuffing Prevention, Self-Service Identity Management, IAM in Hybrid Environments, Cross-Domain Identity Management, Identity Theft Protection, Data Privacy and IAM, IAM and Endpoint Security, Delegated Administration, IAM and Cybersecurity Frameworks, IAM Best Practices
OAuth, Cloud IAM (AWS IAM, Azure IAM - Active Directory, Azure Active Directory, GCP IAM, IBM Cloud IAM, IBM Mainframe IAM - IBM RACF), OS IAM (Windows IAM - Active Directory, Group Policy, Linux IAM - PAM, macOS IAM), Passkeys, IAM Bibliography, Awesome IAM, GitHub IAM. (navbar_iam - See also navbar_passwords, navbar_passkeys, navbar_mfa, navbar_security, navbar_firewalls, navbar_encryption, navbar_pentesting, navbar_cloud_providers)
----
Cloud Monk is Retired (impermanence |for now). Buddha with you. Copyright | © Beginningless Time - Present Moment - Three Times: The Buddhas or Fair Use. Disclaimers
SYI LU SENG E MU CHYWE YE. NAN. WEI LA YE. WEI LA YE. SA WA HE.
----