Open in app

Sign in

Write

Sign in

One Identity Across All Parachains Using KILT Infrastructure

KILT Protocol
kilt-protocol
Published in
5 min readJun 29, 2023

--

The Decentralized Identity Provider (DIP) enables the creation of an open identity infrastructure that allows parachain projects to delegate identity management to other parachains that provide identity solutions. As DIP can be easily integrated into systems that can communicate via XCM (the cross-consensus message format), this also extends beyond the Polkadot ecosystem.

The Decentralized Identity Provider

With increasing regulation worldwide, a reliable and trustworthy identity component is becoming even more critical.

The Decentralized Identity Provider (DIP) protocol is a decentralized alternative to OpenID — an industry-standard protocol that allows the delegation of user’s identity management and verification to trusted third parties.

DIP allows any blockchain that supports XCM (cross-consensus messages) to delegate users’ identity management and verification to one or more third-party identity providers, such as KILT Protocol.

As part of the integration process, an XCM channel would be opened between the integrating parachain and the identity provider, allowing the parachain to verify identities existing on that provider. In this way, for example, an identity built on KILT can also be used across other chains that choose to use KILT as their identity provider.

In other words, a user with a KILT identity can use this identity to log into any dapp and authenticate transactions on any parachain that integrates DIP — for example, they could use the same identity across Astar, Frequency, Zeitgeist, etc.

DIP Actors

DIP has three roles:

  • The identity provider: A blockchain that has an identity system in place and makes it available for other chains to use, for example, KILT Protocol.
  • The identity relying party: A blockchain that has chosen to delegate identity management to the provider.
  • The user: An entity that has an identity on the provider chain and wants to use it on other chains without setting up a new identity on each of them.

The Tech

The following components are currently available for integration to enable cross-chain decentralized digital identities:

  • A pallet for deployment on identity providers. The pallet allows entities on these systems to bridge identities of given subjects to a destination, and manages the entire XCM communication with that destination.
  • A pallet for deployment on identity relying parties. The pallet provides other pallets in the runtime with a DIP origin and manages the entire XCM communication with the identity providers. The DIP origin contains identity provider-specific information. For example, in KILT this includes DID signature verification.
  • Support crates, suitable for use within an identity relying party’s runtime, including common type and trait definitions.

DIP integrates with existing runtimes with minimal changes. This means:

  • The fee model of the relying party remains unchanged.
  • The identity subject only needs a wallet to generate a signature and does not necessarily need to submit the transaction and pay the fees (subject to specifications of the relying party / provider)
  • The relying party only needs to perform per-transaction origin verification to have access to the identity of the submitter, as defined by the identity provider.

Why Integrate KILT as an Identity Provider?

KILT provides practical identity solutions for enterprise and consumers.

Based on W3C standards, identity on KILT begins with a unique decentralized identifier (DID) generated by the user on their device and anchored to the KILT blockchain. This DID can be customized with a user-friendly web3name that provides a 1:1 link to the DID. Verifiable credentials from trusted entities can then be added to the DID, building the identity. These credentials are stored on the user’s device in their wallet, under their control. They decide who to share them with, and how much information they want to share (selective disclosure).

For a parachain, integrating DIP with KILT results in:

  • Less effort: The parachain doesn’t have to build and maintain its own identity solution as identity management and verification is handled by KILT.
  • Focus: Parachains can focus on what they do best without having to worry about identities.
  • Risk mitigation: The parachain doesn’t have the risks stemming from managing and storing users’ identities.
  • Access to the KILT user base: Parachains can gain access to the identity information graph composed of all existing KILT’s users.

For builders and users, additional KILT benefits include:

  • Portable identities: The parachain users just need to create and maintain a single identity on KILT and use it on all supporting chains.
  • Support for unique web3names. Enabling cross-chain identity means that these web3names are usable anywhere they are supported.
  • Support for cross-chain account linking. These accounts have explicitly been linked to the DID by the DID subject. Polkadot and Ethereum are currently supported, with more chains planned.
  • Support for verifiable credentials and service endpoints will be included in the next phases.

OpenID

OpenID has become the industry standard, with Facebook, Google, Amazon Web Services (AWS), and Auth0 as the most well-known providers, making OpenID very centralized.

In addition to providing a decentralized alternative to OpenID, DIP can potentially also be used in conjunction with OpenID in future iterations: the OpenID community is already pushing for the integration of W3C DIDs and verifiable credentials, and are working on the specifications.

If integrated, any website that relies on OpenID as the authentication method could start accepting users that own a DID and present requested credentials.

All the building components to implement these features are already available and ready to use in the KILT SDK.

This development is a huge milestone for the intersection between Web2 and Web3, moving blockchain and decentralized identity into the real world and giving control of identity back to the person it belongs to!

About KILT Protocol

KILT is an identity blockchain for generating decentralized identifiers (DIDs) and verifiable credentials, providing secure, practical identity solutions for enterprise and consumers. KILT brings the traditional process of trust in real-world credentials (passport, driver’s license) to the digital world, while keeping data private and in possession of its owner.

Kilt Protocol
Blockchain
Identity
Decentralization
Polkadot

--

--

KILT Protocol
kilt-protocol

Written by KILT Protocol

2.4K Followers

KILT is a blockchain identity protocol for issuing self-sovereign, verifiable credentials. KILT is part of the Polkadot ecosystem.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams