This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
  • RSA.com
  • Products
    • Archer®
      • Archer®
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Ideas
      • Knowledge Base
      • Archer® Exchange
      • Training
      • Upcoming Events
      • Videos
    • RSA® Fraud & Risk Intelligence Suite
      • RSA® Fraud & Risk Intelligence Suite
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Adaptive Authentication for eCommerce
      • RSA® FraudAction Services
      • RSA® Web Threat Detection
      • Upcoming Events
      • Videos
    • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication Cloud
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Events
      • Ideas
      • Knowledge Base
      • Training
      • Upcoming Patch Content
      • Videos
    • RSA® Adaptive Authentication Mobile SDK
      • RSA® Adaptive Authentication Mobile SDK
      • Advisories
      • Events
      • Ideas
      • Knowledge Base
      • Request Access
      • Training
    • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Events
      • Ideas
      • Knowledge Base
      • Training
      • Videos
    • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Events
      • Ideas
      • Knowledge Base
      • Training
      • Videos
    • RSA® Adaptive Authentication for eCommerce
      • RSA® Adaptive Authentication for eCommerce
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Ideas
      • Knowledge Base
      • Training
      • Videos
    • RSA® FraudAction Services
      • RSA® FraudAction Services
      • Advisories
      • Discussions
      • Documentation
      • Ideas
      • Videos
    • RSA® Web Threat Detection
      • RSA® Web Threat Detection
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Ideas
      • Knowledge Base
      • Videos
    • RSA NetWitness® Platform
      • RSA NetWitness® Platform
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Ideas
      • Integrations
      • Knowledge Base
      • Training
      • Upcoming Events
      • Videos
    • RSA NetWitness® Detect AI
      • RSA NetWitness® Detect AI
      • Documentation
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
    • RSA NetWitness® Investigator
      • RSA NetWitness® Investigator
      • Documentation
      • Download the Client
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
    • RSA NetWitness® Orchestrator
      • RSA NetWitness® Orchestrator
      • Overview
      • Documentation
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
    • RSA SecurID® Suite
      • RSA SecurID® Suite
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Knowledge Base
      • Ideas
      • Integrations
      • Training
      • Videos
    • RSA® Identity Governance & Lifecycle
      • RSA® Identity Governance & Lifecycle
      • Advisories
      • Blog
      • Community Exchange
      • Discussions
      • Documentation
      • Downloads
      • Ideas
      • Knowledge Base
      • Training
      • Upcoming Events
      • Videos
    • RSA SecurID® Access
      • RSA SecurID® Access
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Ideas
      • Integrations
      • Knowledge Base
      • Training
      • Upcoming Events
      • Videos
    • Other RSA® Products
      • Other RSA® Products
      • RSA® Access Manager
      • RSA® Data Loss Prevention
      • RSA® Digital Certificate Solutions
      • RSA enVision®
      • RSA® Federated Identity Manager
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
  • Resources
    • Advisories
      • Product Advisories on RSA Link
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication Hosted
      • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Adaptive Authentication for eCommerce
      • RSA® FraudAction Services
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Product Advisories
    • Blogs
      • Blogs on RSA Link
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Adaptive Authentication for eCommerce
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Blogs on RSA Link
    • Discussion Forums
      • Discussion Forums
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Adaptive Authentication for eCommerce
      • RSA® FraudAction Services
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Discussion Forums on RSA Link
    • Documentation
      • Product Documentation
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication Mobile SDK
      • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Adaptive Authentication for eCommerce
      • RSA® FraudAction Services
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Documentation on RSA Link
    • Downloads
      • Product Downloads
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Downloads on RSA Link
    • Ideas
      • Idea Exchange
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication Mobile SDK
      • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Adaptive Authentication for eCommerce
      • RSA® FraudAction Services
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Documentation on RSA Link
    • Knowledge Base
      • Knowledge Base
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication Mobile SDK
      • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Adaptive Authentication for eCommerce
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Knowledge Base Pages on RSA Link
    • Upcoming Events on RSA Link
      • Upcoming Events
    • Videos
      • Videos on RSA Link
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Adaptive Authentication for eCommerce
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Videos on RSA Link
  • Support
    • RSA Link Support
      • RSA Link Support
      • News & Announcements
      • Getting Started
      • Support Forum
      • Support Knowledge Base
      • Ideas & Suggestions
    • RSA Product Support
      • RSA Product Support
      • General Security Advisories and Statements
      • Product Life Cycle
      • Support Information
      •  
      •  
      •  
      •  
      •  
  • RSA Ready
  • RSA University
    • Certification Program
      • Certification Program
    • Course Catalogs
      • Course Catalogs
      • Archer®
      • RSA NetWitness® Platform
      • RSA SecurID® Suite
    • On-Demand Subscriptions
      • On-Demand Subscriptions
      • Archer®
      • RSA NetWitness® Platform
      • RSA SecurID® Suite
    • Product Training
      • Product Training
      • Archer®
      • RSA® Fraud & Risk Intelligence Suite
      • RSA® Identity Governance & Lifecycle
      • RSA NeWitness® Platform
      • RSA SecurID® Access
    • Student Resources
      • Student Resources
      • Access On-Demand Learning
      • Access Virtual Labs
      • Contact RSA University
      • Enrollments & Transcripts
      • Frequently Asked Questions
      • Getting Started
      • Learning Modalities
      • Payments & Cancellations
      • Private Training
      • Training Center Locations
      • Training Credits
      • YouTube Channel
    • Upcoming Events
      • Upcoming Events
      • Full Calendar
      • Conferences
      • Live Classroom Training
      • Live Virtual Classroom Training
      • Webinars
Sign In Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

Visit the Known Issues dashboard if you are experiencing issues on RSA Link

View Dashboard

RSA® Labs Blog

Subscribe to the official RSA Labs blog for information about new product features, industry insights, best practices, and more.
  • RSA Link
  • :
  • RSA Labs
  • :
  • Blogs
  • :
  • Inside Project Sif

Inside Project Sif

BrianMullins
Employee BrianMullins
Employee
0 1 5,731
  • Subscribe to RSS Feed
  • Mark as New
  • Mark as Read
  • Bookmark
  • Subscribe
  • Email to a Friend
  • Printer Friendly Page
  • Report Inappropriate Content
‎2018-12-03 10:09 AM

My previous blog post described how combining the concepts of decentralized identity with verifiable claims creates a powerful new model that allows any person, organization, or thing to interact with any other entity with trust and privacy. This post will delve deeper into the inner workings of Project Sif.

 

Decentralized IDs (DIDs)

A decentralized identity is a digital identity an individual creates, owns, and controls without requiring the involvement of any centralized 3rd party. Decentralized identities are accessible to everyone and designed with privacy in mind. There are no passwords and no centralized repositories of identity data. The idea is that instead of creating a new digital identity for every digital service you want to consume, you can bring your existing IDs with you, similar to how things work in the physical world.

 

The RSA Labs Identity Wallet mobile app allows you to manage your decentralized identities.  This includes creating a decentralized identity (equivalent to a pseudonym or persona) which is backed by a public/private keypair. The public key is stored in a publicly accessible location, in this case a blockchain, where it can be accessed by anyone; the private key is stored encrypted on your mobile device.

 

Verifiable Claims

Verifiable claims are cryptographically signed attestations which can be instantly verified by anyone. They can be issued by governments, banks, or even a friend or family member. Upon reading more about verifiable claims, you’ll undoubtedly stumble across this diagram from W3C:

verifiableClaims.png

 

Let’s briefly go through each component to better understand how the model works:

  • Holder – Entity storing and controlling verifiable claims
  • Issuer – Generates claims and sends to Holder
  • Inspector-Verifier – Requests claims from Holder to verify
  • Identifier Registry – Stores a mapping of DIDs with their public attributes (e.g. public keys)

 

In this model, these components can be provided by disparate vendors. The only trust relationship that exists is between the inspector-verifier and the issuer. This is analogous to how trust works with physical credentials in the real-world. A driver’s license, for example, is issued by a DMV (the issuer) and presented, by the holder, to a liquor store (the inspector-verifier) to prove age.  The liquor store must trust the DMV to only issue valid licenses, which in turn allows it to trust the age claim of the holder of the license.

 

The RSA Labs Identity Wallet mobile app allows you to store and manage your verifiable claims given to you by issuers. Claims can be imported onto your mobile device and later presented to any inspector-verifier that requests them. Here, the mobile app is fulfilling the role of the holder.

 

Project Sif Architecture

Putting these pieces together, the Project Sif architecture takes shape:

 

 projecSifArchitecture.png

 

Here:

  • The Android Identity Wallet app is the Holder
  • A Demo Issuer and Inspector-Verifier were introduced for testing
  • The Blockchain is the Identifier Registry and maps DIDs to their public attributes, in this case the DID public keys

 

Note that in this solution the DID is not the public key. This was done to be able to support the use case of a user revoking a public key and associating a new one with an existing DID.

 

Data Flow

It’s always helpful to understand a system by seeing how data flows through it. Here’s a sample sequence diagram of a user registering for a new website that requires a verified age claim:

 

SifDataFlowForBlog.png

 

Why Blockchain?

It’s important to note that the Identifier Registry as defined by W3C makes no mention of blockchain or any other underlying data storage technology. When considering the combination of decentralized identity with verifiable claims, the Identifier Registry should ideally have the following attributes:

 

  • Public – To adhere to the philosophy of decentralized identity being available to anyone
  • Decentralized – To prevent a single point of failure/attack
  • Immutable – To provide strong assurances about data integrity
  • Auditable

 

RSA or any other organization could stand up its own Identifier Registry server, but it would represent a centralized component in a decentralized solution. The solution is more resilient when every component is decentralized. When considering these ideal attributes, a public blockchain checks most of the boxes. The biggest limitation imposed by a blockchain is the throughput, an area of active research by many groups. Other distributed ledger solutions could also fill the role of the Identifier Registry if properly configured – a blockchain is not the only solution.

 

Summary

Project Sif demonstrates how the concepts of decentralized identity and verifiable claims can be combined to create a new model for identity management; a model that brings advantages regarding both security and usability. As digital services move to a decentralized model, decentralized identity solutions will be required. If you have a use case where decentralized identity and verifiable claims could be helpful or want to learn more about Project Sif please reach out to labs@rsa.com. We’d love to hear from you!

Tags (5)
  • Tags:
  • blockchain
  • decentralized
  • Identity
  • RSA Labs
  • rsalabs
0 Likes
Share
1 Comment
RiazZolfonoon
Employee RiazZolfonoon
Employee
‎2018-12-03 10:15 AM
  • Mark as Read
  • Mark as New
  • Bookmark
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Nice write up!

 

Riaz

0 Likes

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

  • Comment
Latest Articles
  • Project Mercury: The More You Know
  • Project Duma
  • The Archer Third-Party Portal
  • Mercury Rising
  • Pandemic risk may drive IoT risk
  • Calling All Innovation Experts: We Need Your Feedb...
  • Inside Project Sif
  • Managing Decentralized Identities with RSA Project...
  • IoT Visibility with Project Iris
  • Project Sif: Hello Decentralized World
Labels
  • Videos 4
Powered by Khoros
  • Products
  • Resources
  • Solutions
  • RSA University
  • Support
  • RSA Labs
  • RSA Ready
  • About RSA Link
  • Terms & Conditions
  • Privacy Statement
  • Provide Feedback
© 2020 RSA Security LLC or its affiliates.
All rights reserved.