Multi-Source Identity allows multiple credentials from multiple Identity Provider (IDP) to be brought to bear, flexibly and conveniently, in a situation where trusted attestations are needed for the participants in a workflow to make progress.
Multi-Source Identity has three Actors: Any person or organization can play any or all of the roles.
- Credential Service Providers determine what credentials to issue, what the credential means, and how they'll validate the information they put in the credential.
- Credential Holder - determine what credentials they need and which they'll employ in workflows to prove things about themselves.
- Credential Verifiers determine what credentials to accept and who to trust.
Because of these features, Multi-Source Identity provides a Decentralized Identity. In contrast, traditional identity systems have a single Identity Provider (IDP) who administers an identity system for their own purposes, determines what attributes are important, and decides which partners can participate.
Multi-Source Identity implies a particular credential is not intrinsically true. Rather each verifier determines who and what they will trust by relying on the attestations of other parties. Thus, truth is established through a preponderance of evidence. How much evidence is needed for a situation depends on the risk, something the verifier determines independently.
Identifiers still exist, but they're not the primary focus. In Sovrin, each relationship is represented by a pairwise, pseudonymous identifier exchange. These identifiers are linked to public-private key pairs so that each relationship can be validated by either party and supports private, confidential communications between the parties to the relationship.
Online identity has traditionally been single-source and built for specific purposes. Online, various, so-called "identity providers" authenticate people using usernames and passwords and provide a fixed, usually limited set of attributes about the subject of the identity transaction.
In the physical world, people collect and manage identity credentials from various sources including governments, financial institutions, schools, businesses, family, colleagues, and friends. People also assert information themselves. These various credentials serve different purposes. People collect them and present them in various contexts. When presented, the credential verifier is free to determine whether to trust the credential or not.
Multi-Source Identity emphasizes relationships instead of identifiers. Identifiers still exist, but they're not the primary focus. In Sovrin, each relationship is represented by a pairwise, pseudonymous identifier exchange. These identifiers are linked to public-private key pairs so that each relationship can be validated by either party and supports private, confidential communications between the parties to the relationship.
More Information#There might be more information for this subject on one of the following:
- [#1] - http://www.windley.com/archives/2018/05/multi-source_identity.shtml - based on information obtained 2018-08-18-