doipjs/docs/terminology.md
2020-11-08 02:05:34 +01:00

5.5 KiB

Terminology

Claim

A piece of data that is expected to be contained with the proof. When found, the claim—and the identity associated with the claim—is verified. Within the context of this project, a claim is always the fingerprint of an OpenPGP cryptographic key, but formatted in different ways depending on the service provider.

For more detailed information, please refer to Claims.

Cryptographic key

According to Wikipedia:

[...] a piece of information (a parameter) that determines the functional output of a cryptographic algorithm.

Cryptographic keys can be used to encrypt/decrypt data and verify digital signatures.

Within the context of this project, we can view cryptographic keys as documents that everyone can read but only one person can edit. This makes it the perfect candidate to serve as vessel for decentralized identity claims.

Decentralized

A model for interaction between computers or nodes in a network. Its distinguishing feature is that this model does not rely on a central authority, unlike traditional centralized models that are used by Facebook, Google and all other privacy-invading corporations.

A core outcome of choosing a decentralized model is that it gives the user sovereignty over their data, instead of giving all the power to the central node. This means that service providers are allowed to access a user's data, courtesy of that user. It also implies that that user can choose to block access of any service provider at any point in time and move to a different service provider. In this new model, service providers need to fight for access to that user data and any user-compromising service can simply be left behind.

Within the context of this project, you store your identity claims inside a cryptographic key. You can then use any compatible client software or website to verify these claims. And if you don't like that particular client software or website, you just choose to use a different one.

DOIP

A protocol that describes how interactions between cryptographic keys and service providers can be used to the advantage of the people on the internet and allow them to publicly verify their online identity in a secure manner that is resistant to impersonation.

Currently, this documentation is the most elaborate description of the inner workings of the DOIP protocol. Drafting a standard is planned.

Fingerprint

A string of hexadecimal characters that uniquely identifies a cryptographic key.

Within the context of this project, they are used to link a profile page back to a single cryptographic key by mentioning this fingerprint anywhere on the profile page, like inside a biography.

Identity

Within the context of this project, identity refers to a person's digital online identity, the collection of profiles that a person holds and that partially accounts for a person's online activity. A physical person can have multiple online identities, for example a private identity and a work-related identity.

That collection of profiles can be stored inside cryptographic key.

OpenPGP

A standard for cryptographic keys defined by RFC 4880.

Profile

A piece of data that is created by a physical person but stored and managed on the servers of a service provider. While a person does not own that data, it does define them as part of their online identity.

Usually, a service provider generates a profile page based on that user data that displays basic information like a username, an avatar and a biography.

Proof

A piece of data provided a service provider that contains at least some of the data that it stores on a specific user. That piece of data also is publicly available to all, usually as a JSON document.

A claim expects the proof to contain a certain statement. For DOIP, this statement is a fingerprint.

For more detailed information, please refer to Proofs.

Proxy

A piece of software that handles the request for proof instead of the original piece of software that called the proxy. This is useful when doip.js is used in browsers. Some service providers do not allow their public data to be accessed by other websites (so called CORS restrictions, Wikipedia) but requests from non-browser origin are accepted and fulfilled. Doip.js when used in a browser will let proxy servers handle their requests for them to eliminate this friction.

Doip.js requires a proxy server to run the open source doip-proxy software.

Service provider

A company, organization or protocol that stores profiles submitted by their users. The data associated to those profiles should at least be partially made publicly available to allow identity verification using DOIP.

For more information, please refer to Service providers.