Skip to content

1.1: Getting Started with SSI & XIDs

XIDs are a powerful new type of decentralized identifier, meant to fulfill the original principles of self-sovereign identity, much of which has been lost as the commercial market for DIDs has evolved.

Here's a bit more about what that all means.

Understanding Self-Sovereign Identity

The concept of self-sovereign identity (SSI) was popularized in "The Path to Self-Sovereign Identity" and through the Rebooting the Web of Trust workshops. The idea was simple: people should control their digital identities, not be beholden to centralized entities such as Google and Facebook who can remove their identity at a whim.

That original article laid out ten principles for what SSI should include: existence, control, access, transparency, persistence, portability, interoperability, consent, minimization, and protection. Those principles are still being discussed today but their foundations are strong: users should have full visibility on their identity, they should have principal authority over it, and they should be able to move it around as they see fit.

Unfortunately, as the SSI ecosystem matured, it moved away from these core principles, as discussed in "Has our SSI Ecosystem Become Morally Bankrupt?". Issuers took control of identities and created centralized points-of-failure and even centralized logging of identity usage. Many SSI deployments ultimately reiterated the problems of centralized identity: they weren't truly self-sovereign.

Understanding XIDs

XIDs were invented to offer a new model for self-sovereign identity that goes back to first principles. "How XIDs Demonstrate a True Self-Sovereign Identity" talks about many of the ways that they go back to those principles.

It starts out with the core design: a XID is an autonomous cryptographic object (ACO). It's a self-sufficient package that contains an identifier, keys to control that identifier, and other data. You don't need to depend on any infrastructure: there's no separate issuer or verifier, no centralized authority at all. A XID is holder-created and holder-controlled. That's the dream of self-sovereign identity.

The other major design element of the XID is a holder's ability to redact (elide) content. This allows for selective disclosure (you decide exactly what to give out to each person) and data minimization (you release only the amount of information that's required). Although data minimization has long been given lip service, it's rarely been well-supported. Even when self-sovereign identity has enabled redaction, what you can redact has often been controlled by an issuer (which violates the most central vision of SSI).

The technology in XIDs is novel (including deterministic encoding, radical elision, and progressive trust). The privacy is greatly improved over existing systems that put issuers in the driver's seat. Finally, it's bolstered by radically private communication methods such as Garner, which ensure that your self-sovereign identity is supported by self-sovereign networking.

If you believe in self-sovereign identity (or privacy or novel technologies or improving the specifications we already have), then XIDs are for you.

Getting Started with XIDs

Working with XIDs in this tutorial will give you hands-on experience with how you can maintain a stable identifier even through key rotation, device additions, and recovery scenarios. It will also demonstrate how to cryptographically elide data while maintaining verifiability through signatures.

Learning XIDs

The heart of this course is the Learning XIDs tutorial. We suggest downloading the few pieces of required software and running all the commands discussed in the tutorial one at a time, to get a feel for how everything works. Explore the results, digging into them further if you wish, as that's the power of a hands-on course like this.

Summary: Doing Self-Sovereign Identity Right

Self-sovereign identity was a dream of giving us all autonomy on the internet: the ability to control who we are, and for those identities not to be ripped away from us by centralized entities.

It failed.

XIDs are intended as a model for self-sovereign identity done right: focused on the holder, not an issuer or verifier.

What's Next

A number of technologies and core concepts underlie XIDss. These are covered in §1.2: Understanding Core Concepts. But if you're eager to get hands on with your XIDs, you should jump to §1.3: Creating Your First XID.

Appendix I: Key Terminology

Deterministic Encoding - Encoding that is always the same for the same content, no matter what system the encoding occurs on.

Progressive Trust - Increasing the amount of trust between two peers by revealing more information over time.

Radical Elision - The ability to remove any part of a larger set of data, as determined by the holder of the data.

Self-sovereign Identity - An identity that is controlled by the holder, who can create, reform, and redact the identity as they see fit. It is built on the principles of existence, control, access, transparency, persistence, portability, interoperability, consent, minimization, and protection.

XID (eXtensible IDentifier) - The unique identifier for a self-sovereign identity, calculated as the SHA-256 hash of an inception siging public key. Persistent across all document editions because it's bound to that original key. Less formally, the metadata, keys, and provenance marks included in a XID Document.