Polygon ID is an excellent choice to identify and authenticate users in the virtual world. Part of Polygon Labs, Polygon ID offers a Decentralized IDentity verification (DID) management solution to address identity related issues on the Internet.
This post covers the overall technical architecture of the Polygon ID based identity management and verification system. Specifically, it is applicable for implementing a trust layer across parties collaborating in a Web3 application.
What is Polygon ID?
Polygon ID is an ecosystem of tools and components for building DID capabilities and SDKs for native Web3 integration. It is compatible with any EVM-based blockchain, including Ethereum and Polygon, but can also work off the chain. Behind the scenes, the Polygon ID relies on a self sovereign mechanism backed by the technology of zero knowledge proof.
Polygon ID addresses the identity conundrum of Web2, where identities are managed by a central authority, usually a private enterprise, and are subject to misuse and manipulation. Therefore, it addresses the need to build a new identity layer based on the “self-sovereign identity” concept. This concept symbolizes managing personal information using decentralized storage, where users have a wallet to store numerous verifiable credentials (VC). The self sovereign mechanism allows the users to manage their VCs, such as their name, age, biometric data, etc., and carry out transactions themselves to verify and assert their identity.
The VCs are verified through trustworthy applications, as opposed to having a set of identities across several platforms or a single identity controlled by a third party. In addition to that, the transactions are secured by zero knowledge proofs, a cryptographic principle wherein users prove their identity to a verifier without revealing the actual credential data.
The Main Entities in the Polygon ID Verification
The Polygon ID based identity layer revolves around a few key entities. These are further categorized as personas, components, and schema.
The User Personas in PolygonID
There are three primary personas involved in decentralized identity verification using Polygon ID. These represent the actors, such as an individual or organization.
Identity Holder: The Identity Holder is the actual user who holds the credentials in an Identity Wallet as VCs. Before storing them in the Identity Wallet, the Identity Holder must claim the VCs from the Issuer. Later, a Verifier can check the claimed VCs through a zero knowledge query to prove the Identity Holder’s legitimacy. Polygon ID provides a mobile wallet for the Identity Holder to store the VCs.
Issuer: An Issuer is an entity that issues the VCs to the Identity Holder. The issuer has to be a trusted and reputable entity such that the Verifier can trust the legitimacy of the VCs. In most cases, the Issuer is a government organization or a DAO.
Verifier: A Verifier is an entity that verifies the proof submitted by the Identity Holder. This process uses zero knowledge proofs, where the Identity Holder can prove they own a VC without exposing personal and sensitive data. Custom checks can also be specified while verifying proof; for example, if the VC matches the conditions set by the Verifier or if a particular Issuer signed the VC. The verification can happen both off chain and on chain.
The Components in Polygon ID
A Decentralized ID infrastructure deployed using Polygon ID must have the following components.
Issuer Node: An Issuer Node in Polygon ID is equivalent to a blockchain node. But it can function both on chain and off the chain. It handles the processing of identity issuance and revocation related transactions. It can be self-hosted by an entity that acts as an Issuer for a Web3 application. The Issuer Node exposes all the functionalities necessary to manage identities for multiple issuers and maintains the states of these identities. Most importantly, the Issuer Node provides a set of API endpoints for seamless integration with a third-party applications that rely on an Issuer to provide identity services.
Identity Wallet: Identity Wallet is software that holds the VCs of a user. A unique Digital Identity represents every wallet. It is used to fetch the VCs from the Issuer, store them in a highly secure manner, and share those with the Verifiers without exposing any private information. It is important to note that an Identity Wallet differs from a crypto wallet like Metamask used for storing cryptocurrencies. Polygon ID has a wallet app for storing VCs, which can be downloaded from the app store.
Verifier Application: A Verifier Application is any Web3 platform that wants to authenticate users based on their VCs. It can also act as an identity provider that initiates the signup and issuance of identities to its Identity Holders. To perform authentication, the Verifier Application must frame a query that is encapsulated as a zero knowledge query language and get it verified against the VC stored in the Identity Wallet of the Identity Holder. At the end of the process, the Verifier gets cryptographic proof that confirms whether the Identity Holder satisfies the query.
The Credential Schema
Apart from the personas and components, a Polygon ID based DID system also relies on a credential schema. The schema defines the credential structure the Issuer intends to issue to the Identity Holder. It is possible to build a custom schema for a specific application. These schemas are defined in JSON format and must be hosted publicly to be used while issuing the credentials.
Polygon hosts an online schema generator and an explorer with some sample schemas.
The Polygon ID Trust Triangle
Polygon ID works on a trust triangle between the Issuer, Identity Holder, and Verifier.
This trust triangle is established through a workflow that starts with the Issuer and ends with Verifier.
Step 1: Registration of Credentials
The Issuer creates a set of credentials for an Identity Holder upon request. This process creates a new set of credentials as a claim, as per the globally defined schema. These credentials are verified at the Issuer’s organization level. Subsequently, they are stored as VCs as part of the claim and attached with DID of the Issuer.
Step 2: Claim the Credentials
The Identity Holder requests to claim the credentials from the Issuer. The Issuer verifies the claim’s legitimacy and transfers the credentials to the Identity Holder’s Identity Wallet.
Step 3: Credential Verification
Subsequently, a Verifier runs a zero knowledge query on the Identity Wallet to generate a proof about the Identity Holder. This proof is compared against an internal business logic to authenticate the Identity Holder. For example, suppose the Verifier expects the Identity Holder to be above the age of 18. In that case, the zero-knowledge proof will return a boolean result proving whether the user is above 18 years of age or not without revealing the actual age.
Once the Verifier verifies the Identity Holder’s credentials, an inherent trust is established between the Issuer and the Verifier that completes the loop of the trust triangle.
Behind the Scenes of Polygon ID Decentralized Identity Verification
At an infrastructure level, the Issuer, Identity Holder, and Verifier are represented by the Issuer Node, Identity Wallet, and the Verifier Application, respectively. These are the main components needed to deploy the decentralized identity verification system.
Optionally the Issuer Node and Verifier Application can also have a Blockchain node to execute the post verification logic within smart contracts. In that case, the Issuer Node also must publish the status of credentials in the chain.
Polygon ID has a hosted Issuer Node, which is accessible at https://issuer-demo.polygonid.me/. Additionally, Web3 applications or DID identity providers can deploy their own Issuer Node.
The Issuer Node exposes a few APIs for registration and claiming of the credentials. The API reference is available at https://self-hosted-platform.polygonid.me/#overview.
Before an Issuer can issue claims, it has to be identified. Every Issuer must have a unique identity against which the Identity Holders will be given their respective VCs. For this purpose, the Issuer must have a DID registered with the Issuer Node. Registering the Issuer as part of the trust triangle is a one-time process.
Once the Issuer’s identity is established in the Issuer Node, claims can be created against that identity. This sequence follows the same flow as per the workflow for establishing trust.
Here is how the interaction happens between the infrastructure components in accordance with the workflow.
Create Claim
This is an API call to the Issuer Node to register a claim. This call can be initiated from the Verifier Application, which intends to establish an authentic identity mechanism for all Identity Holders who want to access the application services. Alternatively, it can also be initiated from a third party identity provider application responsible for managing the Identity Holder’s user identity.
Get Claim
After the claim is created, the Identity Holder must explicitly claim it. The Verifier Application or identity provider initiates another request to the Issuer Node on behalf of the Identity Holder to claim the credentials.
To make the claim process seamless, the Issuer Node also provides a “Get Claim QR Code” API, which allows the Identity Holder to scan a QR code to transfer the identity into their Identity Wallet app.
Verify Claim
This is the verification step wherein the Verifier Application performs a zero knowledge query on the Identity Holder’s Identity Wallet to authenticate the Identity Holder. It is initiated through a JavaScript SDK provided by Polygon ID.
In a real world application, the claims will have an expiration date. After the expiration, the above cycle repeats once again. Alternatively, if the Web3 Application decides to bar the Identity Holder due to some reason, it can revoke the credentials by sending the “Revoke Claim” API request to the Issuer Node. As part of the claim verification, the Verifier Application always performs these checks to ensure the VCs are valid before initiating the zero knowledge query.
Polygon ID Use Cases
Polygon ID has endless possibilities for enabling applications that rely on a robust identity verification mechanism to moderate the users. Here are some top-level use cases that can be realized with it.
Self Sovereign Identity Verification
Protecting user’s data while authentication or authorization is one of the most pressing concerns on the Internet. Polygon ID ensures that the user’s personal information is never compromised while sharing data, which is vital for authentication procedures such as “Know Your Customer” process. A banking or financial institution can leverage a Polygon ID infrastructure to verify the user’s identity without owning or misusing their personal data.
Self Hosted DID Infrastructure
Many Web3 applications leverage tokenomics driven communities and allow participants to get involved in community activities. In such cases, a “Know Your Participant” procedure must be followed to check the legitimacy of the participant users in the DAO. A Polygon ID infrastructure with a self hosted Issuer Node acts as an identity provider with authority to review and issue credentials to participants.
Identity Driven Gamified Experiences
Polygon ID can work on chain. For those applications that execute custom smart contract logic based on the identity status of a user, Polygon ID offers an interface for Verifier Application to trigger a smart contract. This feature is excellent for building gamified experiences in Web3, such as rewarding users with airdrops based on their identity status.
Test Drive Polygon ID for Your Next Web3 Project
With Web3 applications gaining prominence on the Internet, we will soon witness such self sovereign and decentralized identity verification systems being adopted across all applications. Polygon ID takes a definite leap in this direction.
To get a head start, check out the official tutorials page and sample application using Polygon ID.
If you are building components for the Polygon ID ecosystem, contact us, and we would love to feature you as part of our Web3 use cases.
Attributions
Content Research and initial draft: Anirudha Rao
Web3 subject matter review: Mihir Udupa
