TrustKeys Decentralized Account Models (DAM)

The starting point for DAM is that an individual or organization has an offline or real ID that cannot be deleted by others and changes depending on the situation. Sometimes these documents can be restored in the form of identity-related documents issued by a third party, but still retain the deliverables (for example, an expired credit card in your wallet). Or you can have a driver’s license). As in the real world, one’s sovereignty does not mean that an individual or organization has control over all aspects of the identity provided by an outside party. For example, a trusted certificate issued by a legitimate participant (e.g., country) can revoke an individual driver’s license or a company’s liquor sales permit. Rather, your sovereignty means that an individual or organization of one or more identifiers or DIDs may present specific statements or credentials associated with these DIDs without intervention.

 From the outset, it is important to clarify specific terms and actors in the ISS ecosystem. There are various roles that exist at two levels: (1) an identifier-based role in which an individual or organization controls a specific identifier and its use, and (2) a role-based identifier in which an individual or organization owns/controls a specific DID or DID its use.

There are at least four qualification-based roles that can be defined as:

  • Subject — A person, entity, or thing related to or related to a particular coupon.
  • Holder — Digital wallet or agent for which the specified coupon is used. Note that there are cases where the owner is the subject and cases where it is not (for example, a child may be the subject of a digital passport, but the child’s father may be the passport holder).
  • Issuer — the person or entity that issued the given certificate.
  • Verifier — the person or person who Verifies or trusts the given certificate Entity.

We can also identify two roles based on DID:

  • DID Subject — a person, entity or thing identified by a given DID.
  • DID Owner (or Identity Owner) — The person or entity that owns and controls the private key associated with the DID.

Although the identity owner and the DID subject are usually the same, this is not always the case, because (just as the owner manages credentials on behalf of the subject) in some cases, the DID subject may be unable or unwilling to manage their own keys. In this case, care must be taken to design a legal structure around guardianship and delegation to protect DID subjects and maintain their rights.


Putting these roles in context, let’s take the example of a statement that a person is over 18 years of age. In the self-sovereign model, such a statement can be self-certified (a statement made by an individual to himself) or another entity (such as a state or a fiduciary service provider) can be the certificate holder in the form of a certificate of persons who issued a certified claim. In the latter case, the holder (the person who has full control of the aforementioned declaration) can choose to provide a self-certified version of the declaration or a verifiable certificate issued and cryptographically signed by another entity. If the interaction requires a certain degree of trust in the submitted statement, the verifier can request a credential from the trusted issuer, which satisfies the verifier’s requirements for that particular interaction. It is important to say that the exchange of claims occurs in a peer-to-peer manner, and the holder is always one of the interacting pairs. No information is exchanged outside of the owner’s control. This principle is guaranteed by storing claims under the control of the owner and requiring a cryptographic signature for each interaction, based on a key that only the owner can access and control.

Proof of Eligibility and Issuance

DAM model can be used to represent almost any type of statement for an individual or legal entity, and once it has passed a thorough verification and legal approval process, these statements will be for an individual or legal entity It is possible to display all the information of. Bond theme. This adds some flexibility and modularity, encourages the development of new types of identity claims, and allows holders to selectively display only the relevant data needed for a given transaction or interaction. In practice, most interactions require the parties involved to trust the authority of each party (for example, when entering a building), which does not require the unique identification of any of the parties. The main advantage of the DAM model is the ability to support recognition as well as pure access control of personal information protection and data protection in the basic and design environment, as well as the operating system.  DAM is a powerful privacy tool. In fact, it has a strong vision for the EU General Data Protection Regulation (GDPR). The DAM can be the basis for implementing the GDPR Principles in the real world. One of the goals of the GDPR is to improve the right to protect personal data so that DAM provides individuals with more control over their personal data. The second purpose of this provision is for personal data to be freely distributed in the European Single Market to promote economic growth, which is embodied as the right to move data. DAM also creates a trust and autonomous hierarchy around portable identifiers and credentials, facilitating the free flow of data.

Finally, this new identity paradigm is the result of a series of attempts to balance the structure of the forces behind digital identities and personal data to put people in the center of the data ecosystem and control their use of personal data.

Therefore, we need a set of guiding principles to ensure that DAM is not dishonest. The DAM community often uses Christopher Allen’s ten DAM principles as a starting point. The list is based on significant community work at identity seminars on the Internet over the past 10 years and echoes the identity laws of Kim Cameron.

 Before explaining these principles, keep one thing in mind. Identity is a fundamental part of society and you must be very careful when dealing with it. The way we define and use identity can break the balance of democracy. It can empower us, or it can imprison us.

This list is by no means perfect. Things have changed a lot in the last ten years, so in addition to the explanation below, we also provide some notes and improvements (in the form of “notes”).

  1. Existence. Users should exist independently. Note: In some cases, it is assumed that everything is present and must be documented. We deny and respect the unique characteristics of being and the rights that remain unknown in certain circumstances.
  2. Control. Users need to control their identities. Note: the focus is on management, not ownership (e.g., you don’t have a passport, you have a country, but you must be authorized to manage use of your passport).
  3. Access. Users must have access to their data.
  4. Transparency. The system and algorithm must be transparent. Note: To this end, the foundation of all technical solutions that support DAM must be open source.
  5. Persevere. The identity must exist for a long time. Note: When understood to apply to identifiers, this principle can cause considerable controversy.
  6. Portability. Identity information and services must be transmittable.
  7. Interoperability. The identity should be available as much as possible.
  8. Agreed. Users must agree to use their identity. We believe that consent must be real and meaningful. For example, the high standard of consent stipulated in Article 4 of the GDPR requires a free, specific, informed and clear statement or clear affirmative action to express consent for processing. In the big data ecosystem of massive data, massive information asymmetry, and unbalanced bargaining power between individuals and organizations, this level of agreement is almost impossible to achieve, but we are optimistic that the DAM model combined with technological progress can help us in the future Obtain real and meaningful consent.
  9. Minimize. Disclosure of claims should be minimized.
  10. Protection. User rights must be protected.

These principles reinforce the view that individuals can control identity-related information, including their identifiers, credentials, and other personal data. In this sense, they can be understood as true signs of the quality and values implemented by the decentralized identity community through DAM. However, we cannot confuse principles with dogmas, much less refrain from questioning them and continue to improve them when necessary.

Translate »
Scroll to Top