In this post, we'll look at how FlowNames works. Along the way, we'll learn how authentication works, what DIDs are, and how you can create your own app to authenticate using FlowNames!
Example: Signing In to your Bank
Decentralized IDs can be used wherever you need to prove your identity. Passports, emails, bank accounts are all great use cases for strong, encrypted identities. But how can these systems be implemented?
Let's consider what we must do to verify some identity. In the following scenario, let's say you are trying to sign into a bank as "Alice Aisel".
- The bank can't just take your word for it - after all, someone might try and pretend to be you, and the bank wants to be secure
- So, it will send a Auth Challenge to you. The goal of this auth challenge is that only "Alice Aisel" will be able to solve it.
- How do we come up with this?
- This can be very low-effort (we can verify the user in the Verification step, later).
- We can look up "Alice Aisel" in the DID registry, and sign a secret message with her public keys. The result will be the Auth Challenge.
- Next, the user will receive the challenge and provide a response
- In this example:
- you ("Alice Aisel") will have the private keys corresponding to the public keys listed in the DID document. So, you decode the message, and give it back (Auth Response)
- The bank can verify the message matches the secret message - indeed you seem to have "Alice Aisel"'s private keys (and hence, her identity)!
A generic authentication workflow, powered by DID's. From https://github.com/WebOfTrustInfo/rwot6-santabarbara/blob/master/final-documents/did-auth.md
Core components of DIDs
What are fundamental components of a decentralized identity system?
According to the design goals of the W3C, they are:
- decentralized
- private
- interoperable
- portable
- simple + extensible