--- date: 2020-11-26 title: (DID) Authentication Working Group - DIF description: design, recommend, and implement authentication and authorization protocols that rely upon open standards and cryptographic protocols using DIDs and DID Documents. excerpt: > The purpose of this working group is to design, recommend and implement authentication and authorization protocols that rely upon open standards and cryptographic protocols using DIDs and DID Documents. Recommendations and development of specifications, protocols, and formats for data structures used for authentication and authorization. permalink: organizations/decentralized-identity-foundation/wg/secure-data-storage/ canonical_url: https://decentralized-id.com/organizations/decentralized-identity-foundation/wg/secure-data-storage/ redirect_from: - organizations/identity-foundation/wg/secure-data-storage/ categories: ["Identity Foundation (DIF)","Web Standards"] tags: ["DIDAuth WG","DIDAuth","DIF","DID","SOIP","Aries","Encrypted Envelope"] header: image: /images/didauth-wg-head.webp teaser: /images/didauth-wg-teaser.webp last_modified_at: 2020-11-26 --- [Webpage](https://identity.foundation/working-groups/authentication.html) - [Wiki](https://dif.groups.io/g/sds-wg/wiki) - [GitHub](https://github.com/decentralized-identity/authentication-wg) > Join this group to contribute to standards and technology that designs and implements authentication protocols that rely upon open standards and cryptographic protocols, including DIDs and DID Documents. This group develops specifications, protocols, and formats for data structures used for authentication. * [Mailing list](https://dif.groups.io/g/didauth-wg) - The purpose of this working group is to design, recommend, and implement authentication and authorization protocols that rely upon open standards and cryptographic protocols using DIDs and DID Documents. * [DIDAuth WG Charter](https://github.com/decentralized-identity/org/blob/master/Org%20documents/WG%20documents/DIF_DIDAuth_WG_charter_v1.pdf) > The purpose of this working group is to design, recommend and implement authentication and authorization protocols that rely upon open standards and cryptographic protocols using DIDs and DID Documents. Recommendations and development of specifications, protocols, and formats for data structures used for authentication and authorization. The Working Group’s areas of activity may include, but are not limited to, the following: > - Define the formats and protocols necessary for authentication and authorization using DIDs, DID Documents, and verifiable credentials which we intend to recognize as formally DIF-approved. > - Implement DIF-approved DID Auth proposals. > - Develop tools for validation and programmatic interaction for authentication and authorization using DIDs, DID Documents,and verifiable credentials. > - Create specifications and reference implementations that integrate current authentication and authorization protocols withDIDs, DID Documents, and verifiable credentials. > - Security analysis and formal DIF-approved reviews of authentication and authorization protocols involving DIDs, DIDDocuments, and verifiable credentials. * [DIDAuth WG Operating Addendum](https://github.com/decentralized-identity/org/blob/master/Org%20documents/WG%20documents/DIF_DIDAuth_WG_Operating_Addendum_v1.pdf) > We are designing communications protocols specifically for use with the decentralized identifier specification at W3C (​https://www.w3.org/TR/did-core/​). The DID Core specification and the surrounding family of DID specifications (e.g ​https://w3c-ccg.github.io/did-resolution/​) represent the format for entity identification in our DID Authentication efforts. ## Specs & Projects ### DID Authentication Profile for SIOP This specification defines the SIOP DID AuthN flavor to use OpenID Connect (OIDC) together with the strong decentralization, privacy and security guarantees of DID for everyone who wants to have a generic way to integrate SSI wallets into their web applications. * [Self-Issued OpenID Connect Provider DID Profile v0.1](https://github.com/decentralized-identity/papers/blob/master/did-authn/siop/did-authn-siop-profile.md) - DIF Working Group Draft > This specification defines the "SIOP DID Profile" (SIOP DID) that is a DID AuthN flavor to use OpenID Connect (OIDC) together with the strong decentralization, privacy and security guarantees of Decentralized Identifiers (DID) for everyone who wants to have a generic way to integrate Identity Wallets into their web applications. * [decentralized-identity/did-siop/](https://github.com/decentralized-identity/did-siop/) * [decentralized-identity/did-siop-browser-ext](https://github.com/decentralized-identity/did-siop-browser-ext) - DID based SIOP ### DIDComm JS Lib \ Encrypted Envelope A shared effort with the HL Aries project to create a standardized means of authenticated general message passing between DID controllers. * [decentralized-identity/DIDComm-js](https://github.com/decentralized-identity/DIDComm-js) > Javascript (written in typescript) version of the cryptographic envelope of DIDComm. This library is built for any javascript environment that needs to . It is built on libsodium-js and follows the specs documented in the docs folder. - [HL Aries Explainer](https://github.com/hyperledger/aries-rfcs/blob/master/features/0019-encryption-envelope/README.md) > There are two layers of messages that combine to enable interoperable self-sovereign agent-to-agent communication. At the highest level are DIDComm Plaintext Messages - messages sent between identities to accomplish some shared goal (e.g., establishing a connection, issuing a verifiable credential, sharing a chat). [DIDComm Plaintext Messages](https://github.com/hyperledger/aries-rfcs/blob/master/features/0044-didcomm-file-and-mime-types/README.md#didcomm-messages-dm) are delivered via the second, lower layer of messaging - [DIDComm Encrypted Envelopes](https://github.com/hyperledger/aries-rfcs/blob/master/features/0044-didcomm-file-and-mime-types/README.md#didcomm-encrypted-envelope-dee). A DIDComm Encrypted Envelope is a wrapper (envelope) around a plaintext message to permit secure sending and routing. A plaintext message going from its sender to its receiver passes through many agents, and an encryption envelope is used for each hop of the journey