Unchaining Identity: Decentralized Identity Provider (DIP) Enables Cross-Chain Solutions

The KILT team has completed all milestones of the Polkadot Treasury Grant for developing the Decentralized Identity Provider (DIP), and DIP is now ready for use. Using DIP, any chain can become an identity provider, and any parachain (and, in the future, external chains) can integrate KILT and / or other identity providers for their identity needs.

The Decentralized Identity Provider (DIP) enables a ground-breaking cross-chain decentralized identity system inspired by the functionality of OpenID. This means that parachains requiring an identity solution don’t need to build their own infrastructure. Instead, they can leverage the infrastructure DIP provides. DIP is open-source, and you can integrate it with existing Polkadot-compatible runtimes with minimal changes and without affecting the fee model of the relying party.

DIP Actors

DIP has three key roles: the identity provider, the relying party or consumer, and the user.

The identity provider is any blockchain with an identity system that makes it available for other chains, e.g., KILT Protocol, Litentry, etc.

The relying party or “consumer” is any blockchain that has chosen to delegate identity management to the provider, thus relieving it of needing to maintain its identity infrastructure.

The user is an entity with an identity on the provider chain and wants to use it on other chains without setting up a new identity on each.

The process begins with a user setting up their identity on an identity provider chain, for instance, KILT, by making a transaction. Once an identity completes that transaction, they can share that identity with any relying party chain that uses that provider, eliminating the need for further interaction with the identity provider unless changes are made to the user’s identity information.

Relying parties (e.g., parachains) can choose one or more identity providers. As in the case of accepting multiple social logins such as Google and Facebook, this allows them to access the information graph that each identity provider has previously built.

The Tech

DIP provides a suite of components available for integration:

• A set of pallets for deployment on any chain that wants to act as an identity provider. These allow accounts on the consumer chain to commit identity information, storing such representation in the provider chain’s state.
• A set of pallets to deploy on any chain that wants to act as an identity-relaying or consumer party. These take care of validating cross-chain identity proofs provided by the subject and dispatch the actual call once the proof is verified.
• A set of support crates, suitable for use within a chain runtime, for types and traits the provider and relying partys can use.

These components enable the use of state proofs for information sharing between chains.

Identity on KILT is built around W3C-standard decentralized identifiers (DIDs) and Verifiable Credentials. Using KILT as an example, the following is a streamlined version of the process for using DIP:

Step 1. A user sets up their identity on KILT by generating their unique DID and anchoring it on the KILT blockchain.

Step 2. Credentials issued to that user contain their DID. The user keeps their credentials on their device, and the KILT blockchain stores a hash of each credential.

Step 3. To use the services of the relying party (in this example, any chain using KILT as their identity provider), the user prepares their identity via a transaction that results in their identity information committed to the chain state of KILT. After this point, the user doesn’t need to interact with KILT for each operation.

Step 4. The relying or “consumer” party can verify the identity proofs provided by the User. Once verified, the relaying party can dispatch a call and grant the user access to their services.

Advantages of DIP

DIP offers several significant advantages, including:

1. Portability of Identities
   Traditionally, users would need to create a separate identity for each application. However, with DIP, identities become portable. This means someone can use a single identity across multiple applications or platforms. This simplifies the user experience and maintains consistency of user identity across different platforms.
2. Focus on core competencies
   Blockchain networks can focus on their core functionalities and strengths instead of investing resources into developing and maintaining an identity system. Instead, they can delegate identity management to other chains that specialize in it, effectively increasing efficiency.
3. Simplified Management of Identity for Users
   Users can manage and update their identity in a single place, i.e., via their identity provider, even though the system is decentralized. This simplifies identity management for users, as they do not have to update their information on each platform separately.
4. Decoupling of Identities and Accounts
   With many systems, a user’s identity is closely tied to their account, potentially enabling the tracking or profiling of users based on their account activity. Because DIP is linked to the user’s DID — the core of their identity — rather than their account address, DIP allows for identities to be separate from accounts, increasing privacy and flexibility. The user can then choose which accounts to link their identity to (if any) across several parachains and ecosystems, retaining control over their information disclosure.

KILT as an Identity Provider

KILT Protocol is consistently aligned with the latest standards in the decentralized identity space.

On top of these, additional KILT features such as web3names (unique, user-friendly names to represent a DID) and linked accounts make it easier for users to establish a cross-chain identity.

Users may also build their identity by adding verifiable credentials from trusted parties.

By integrating KILT as an identity provider, the relying party gains access to all the identity information shared by the user while giving the user control over their data. This ensures a robust and comprehensive identity management solution.

Start Integrating

Relying party:

1. Decide on the format of your identity proofs and how verification works with your identity provider
2. Add the DIP consumer pallet as a dependency in your chain runtime
3. Configure the required Config trait according to your needs and the information agreed on with the provider
4. Deploy it on your chain, along with any additional pallets the identity provider requires.

(read KILT pallet documentation)

Identity provider:

1. Check out the pallet and traits
2. Agree on the format of your identity proofs and how verification works with your relying party
3. Customize the DIP provider pallet with your identity primitives and deploy it on your chain
4. For ease of integration, you may also customize the DIP consumer pallet for your consumers.

What’s next?

Now that DIP is up and running, in the next stages, the team will continue to refine privacy-preserving ways to make KILT credentials available to blockchain runtimes. These will include improvements in proof size and proof verification efficiency and support for on-chain credential verification (or representation thereof). With DIP in the hands of the community, DIP’s users and community will guide future development.

About KILT Protocol

KILT is an identity blockchain for generating decentralized identifiers (DIDs) and verifiable credentials, enabling secure, practical identity solutions for enterprises and consumers. KILT brings the traditional process of trust in real-world credentials (passport, driver’s license) to the digital world while keeping data private and in possession of its owner.