用户在可验证凭据中的作用是什么？ did:ion:username 以及用户何时会生成？

Question

Hello guys I m using azure verifiable credentials.

in flow I m not sure when user did is going to be generated and from where ?

what will be its role when verifier will verify the verifiable credentials ?

Answer 1

What are DID’S

DIDs are identifiers that can be used to secure access to resources, sign and verify credentials, and facilitate application data exchange. Unlike traditional usernames and email addresses, DIDs are owned and controlled by the entity itself (be it a person, device, or company), and exist independently of any external organization or trusted intermediary.

These DID(s) are generated by user itself, self-owned, globally unique identifiers rooted in decentralized systems like ION and intended to provide self-ownership and user control. They possess unique characteristics, like greater assurance of immutability, censorship resistance, and tamper evasiveness.

The DID(s) are generated by user itself and microsoft has implemented a user-agent to do this in the Microsoft Authenticator App that you can install on your phone and microsoft has implemented a user-agent to do this in the Microsoft Authenticator App or other digital wallets that you can install on your phone and exists only in the user's Authenticator app or other digital wallets and is not explicitly bound to any existing function or identity in the Authenticator app (MFA, password manager, broker, etc).

These wallets use this information to validate that your DID is linked to your domain.The issuer's DID creates a digital signature as proof that they attest to this information.

We have to choose the plan of how to issue the credentials by storage or by app using keyvault .See below references.

1. Usually to issue verifier credentials ,if you've set up your Azure AD Verifiable Credentials service,,this way > to Issue Azure AD Verifiable Credentials from an application (preview) | Microsoft Docs , you can find did in verifier credentials service overview page or in the organization settings . Later for above way, it can be verified this way > To Configure Azure AD Verifiable Credentials verifier (preview) | Microsoft Docs

2. And if you check this Plan your Azure Active Directory Verifiable Credentials issuance solution(preview) | Microsoft Docs ,in the context of a verifier solution, the Azure AD Verifiable Credentials service is the interface between the Microsoft components of the solution and ION. The service provisions the key set to Key Vault , ( Setup Azure Key Vault and generate DID )and it provisions the decentralized identifier (DID), and writes the DID document to ION, where it can be used by subjects and issuers. You can see how it is verified with a sample here Plan your Azure Active Directory Verifiable Credentials verification solution (preview) | Microsoft Docs

Please check this scenario

References:

1. Introduction to Azure Active Directory Verifiable Credentials (preview) | Microsoft Docs
2. Please watch this explaination DID (decentralized-identity-solution)
3. Plan your Azure Active Directory Verifiable Credentials verification solution (preview) | Microsoft Docs