If you want to benefit from Self-Sovereign Identity, you need to create a Decentralized Identity. This identity consists of many parts that have different functions. This page will cover the basics about identity creation and publishing to the Tangle.
Identity Generation Process
The generation of an identity starts with a randomly generated asymmetric key pair. You can generate it with the IOTA Identity framework, or you can provide it as a parameter during the creation process. The public key is hashed using the
Blake2b-256 algorithm. This hash becomes the DID, creating a permanent and provable link between the initial keypair and the DID. The public key is then embedded into the initial DID Document and is used for verifying signatures created with the corresponding private key.
Using the Account Module
The following example uses the high-level account module of the IOTA Identity framework to create an identity. You should use the account module for most of your use cases, but a lower-level API is also available should you need more flexibility at the cost of more complexity. For more information on APIs please visit the Rust API Reference or the WASM API Reference.
Select your programming language of choice and press the green play button to execute the example.
The first step in this example is the creation of an account. The account is a stateful object that manages one or more identities. The account provides an interface to execute high-level operations on identities, such as creating and updating) them.
Next, the identity is created and published to the IOTA Tangle. This operation will:
- Generate a private key.
- Store it in the account.
- Generate a DID.
- Generate a DID Document.
- Publish it to the Tangle.
Once the DID Document is uploaded to the Tangle, it becomes immutable, meaning that this version of the identity can never be altered or removed. The only way to update or delete an identity is by publishing a new version, which we will discuss in the next section. This immutability is what makes a Decentralized Identity solution based on Distributed Ledger Technology (DLT) trustworthy. The public keys inside the DID Document can never be changed without having access to the private key, allowing the users to completely control their own identities.
The rest of the example shows how to retrieve (resolve) the identity from the Tangle and how it can be deleted.