Atala PRISM

FOUNDATIONS
OF DECENTRALIZED IDENTITY
SSI Concepts

ATAL A PR I SM - Foundations of Decentralized Identity 31 SSI Concepts

So far, we have explored the fundamentals of SSI and the principles that support them. The
concepts so far have been to explain how all this works under the hood. This section will put the
pieces together with new ideas: holders, issuers, and verifiers. Before we begin, one thing to keep
in mind is that any entity can hold all of these roles concurrently.

Holders

A holder is an entity that has and controls
DIDs. They can also hold verifiable
credentials (VCs). Holders can make
connections with other entities and share
information with them.
A holder of human and legal rights can
delegate the authority of their DIDs to
another party. This concept is called
guardianship in SSI. It is similar to processes
we use in the world today, such as the
power of attorney or the relationship of a
parent/guardian. This delegation process
is significant for those who may not have
access to technology.
Being a holder enables those who may
not have documents to establish verifiable
points of identity, like refugees or those in
countries without legal documentation.
Having some verifiable identity profile
opens up mobility in the world to an
individual. All services and economies have
dependencies upon the use of identity.
Enabling the ability to hold and control
identity is a critical and vital pillar in the SSI
ecosystem.
We spoke about data portability before in
an SSI ecosystem because we hold the DIDs
and verifiable credentials. We can take our
DIDs and VCs with us wherever we go with
portability. Even if a credential gets revoked,
we still have this information we can share
to prove something about ourselves. It would
show as revoked when verified, but it may be
possible to form a historical record.

ATAL A PR I SM - Foundations of Decentralized Identity 32 SSI Concepts

Issuers

Issuers issue credentials to those with whom they have connections. An issuer cannot send
credentials to random holders. There must be an established relationship. Anyone can
be an issuer–however, there may be some requirements to be an issuer for certain types
of credentials. There is a lot to unpack here. We will dig deeper into trust and governance
frameworks in a later section, in addition to schemas or templates for specific credentials.

ATAL A PR I SM - Foundations of Decentralized Identity 33 SSI Concepts

Verifiers
Holding a verifiable credential is fantastic, but it is purposeless
without being able to do something with it. A verifier will
authenticate or verify the credentials that get presented to them.
Earlier, we touched on levels of assurance–which also apply to
verifiers. Whereas ZKPs provide an assurance level of facts,
a verifier has varying confidence levels based on the validity
of the information.
How verifying is done can get completed in several ways. A low level
of assurance would be checking the DID of the issuing entity on
the VC. This method would authenticate that the issuer is who they
are–and the details of the info shared are not critical. An example
of this may be something like a rewards program. For example,
through a cell phone company, we may get rewards in the form of
a free subscription to a streaming service. The cell phone company
would issue us a VC. We present it for verification to the streaming
service, which would only need to check our credentials issued by
the authorized cell phone company.
ATAL A PR I SM - Foundations of Decentralized Identity
A higher level of assurance would be the passport scenario we
discussed earlier. The government would need to authenticate the
information about us to ensure we were a citizen. Just validating
the issuer of the document is authentic would not suffice. A higher
level of assurance is required because the entity needs to validate
the information, not just that the issuer is valid. This concept may be
challenging to digest because the world does not operate like this
today.
One thing to keep in mind while going over these concepts is
the privacy by design feature of SSI. Keeping information private
is crucial. Sharing information is important too, but sometimes
validating the issuer is sufficient. It is a careful balance that occurs
in an SSI ecosystem. If any of these concepts seem difficult to grasp,
it is okay. SSI is incredibly complex when we begin picking apart how
everything interacts together.
34 SSI Concepts
Putting it all together

Let’s look at a brief example of how this all works together.

You can follow this example by downloading the Atala PRISM app
and following the demo on atalaprism.io.

Jo wants to get a Jo scans the QR code. Jo confirms the Jo receives her credential,
government ID. connection. and it gets stored in her
wallet.
Jo can see the contacts Jo can see the credential Jo wants to go to She scans the university’s She confirms the
in her wallet. in her wallet. university. QR code connection
The university needs proof Jo shares that ID with the Jo receives confirmation Jo receives her degree in The credential is viewable
of her identity. university. her credential was shared her wallet
AI is only one of many emerging technologies–from genome editing
and 3D printing to a globally networked “Internet of Things”–shaping a
future unparalleled in human history in its promise and its peril. Are we
up to the challenge this future presents? If not, how can we get there?
How can humans hope to live well in a world made increasingly more
complex and unpredictable by emerging technologies?
Technology and the Virtues, 2016, p. 1
 Powered by Cardano

Atala PRISM is powered by Cardano, which is built by a decentralized community

of scientists, engineers, and thought leaders united in a common purpose: to
create a technology platform that will ignite the positive change the world needs.
It is the first blockchain platform to be built through peer-reviewed research, to be
secure enough to protect the data of billions, scalable enough to accommodate
global systems, and robust enough to support foundational change.

ATAL A PR I SM - Foundations of Decentralized Identity 97 Contact

 Register to our Pioneer Program Contact us

The Atala PRISM Pioneer Program trains professionals, UX designers, and software Got a question about any aspect of Atala PRISM? Just send a message and
developers to design decentralized identity solutions and ecosystems using the someone from the appropriate team will be in touch.
Atala PRISM Software Development Kit (SDK).
Credits

Author: Peter Vielhaber

Design: Tanguy Henrijean
Richie Chew
Copy Editor: Darryn Brugioni
Atala PRISM
THANK YOU!