How DIDs talk to each other — DID Auth, DIDComm, DWN — what is the difference ?
The backbone of Trust over IP is secure messaging and transport protocols L2. But first we need to create addressable space some how. ToIP focus on autonomous decentralised identifiers.
It is not a focus of this article you could read about ToIPon my article but it is bring critical topic to the table — how to build a secure communication between SSI entities and agents ?
Addresses , Names and Identifiers
Identity is not identifiers but it is heavily depends on it. To communicate you need a address and authenticity check. You need to know with whom you talking and how to send him a message.
DIDs — Decentralised Identifiers deserve a separate post with a deep dive. But it serve 3 main goals:
- distribute a public key
- be decentralised cryptographic verifiable identifier
- define a analog of name in a global context
So you could threat a DID as a identity identifier or name that cryptographically proved and what more importent binded but not coupled with a private key pair. Possibility of rotation of signing key is quite crucial security feature.
DID Auth
In case when you need just a prove of ownership of DID or lets say prove of ownership of private key you could relay on did Auth.
Unfortunately it is more concept level and we do not have official standard for it.
It could be few possible implementations of it
Source of pictures and useful slides on topic (https://www.w3.org/Security/201812-Auth-ID/04_-_Day_1_-_Understanding_DID_Auth.pdf)
I have a separate video about did auth benefit over a WEB3 login
DID auth unlock a possibility to have a password-less, otp less login similar to FIDO but with a benefit of better security and a key rotation.
We have our own implementation of did auth as a library and widely use it for ssi agent
It is give a implementation of client and a server parts or in terms of Open Id — client and relying party
Still it is give more authenticity but live a message and communication protocol open.
Messages and DIDCommv2
Hyperladger and Aries community has a agent oriented architecture. It was a emerging need for message protocol to communicate between a agents. As a result of this efforts DIDComm was developed. Now it is independent from Hyperladger protocol under DIF umbrella.
https://identity.foundation/didcomm-messaging/spec/v2.0/
More details about DIDComm in a Video. You will see how DIDComm build on top of existing standards and define proper abstraction.
Still DID comm live a topic of persistence and async and offline communication open
Affinidi Messages
In era before DIDComm we implement a bit simplified transport layer over HTTP that solve few critical needs for us
- Use DIDs that already exists with out modification of document and need of service endpoints
- design of offline interaction and async messages
- create SSI hub that are secure and multi Tennant
As a result we have Affinidi messages
Decentralized Web Node
Is more modern and still emerging SSI hub that have a DID based message oriented architecture and offer security, permission management and persistence on top of IPLD data structures that compatible with IPFS.
https://identity.foundation/decentralized-web-node/spec/
Still as same as DIDComm it is require to have a service endpoint to a DWN user node for a communication.
It is still relatively new and under development. It have different philosophy and focus more on collection of data and access to data streams rather that messages.
Summary
- if you need something simple and move logic on the application side — go with did Auth and negotiate mainly on cryptography.
- if you need to reuse dids that already exist and has simple persistence and offline and async communication — take a look to affinidi messages
- if you are a protocol builder, look at DIDCOMMV2 https://didcomm.org/book/v2/. And figure out the best persistence and ACL yourself. Maybe you could combine https://ceramic.network/ and https://litprotocol.com/ solve your needs.
- keep an eye on DWN if you need a persistence and more collection and datastream oriented app
