Abstract: Embodiments disclosed herein are related to computing systems and methods for generating one or more pseudonymous names for use by a Decentralized Identifier (DID) owner when interacting with third party entities. An indication is received from a DID owner who is associated with a DID. The indication indicates that the DID owner desires to interact with various third party entities. A list is generated of pseudonymous names that are to be used in place of the DID as the DID owner interacts with the one or more third party entities. A selection is received for a specific one of the generated pseudonymous names. The selected specific pseudonymous name is bound to the DID so that the selected specific pseudonymous name is used during the interaction.

Abstract: Embodiments disclosed herein are related to computing systems and methods for generating attestation User Interface (UI) elements based on signed attestations for use by a DID owner. Attestation UI elements are rendered by a DID management module. The attestation UI elements are based underlying DID signed attestations that provide information about the DID owner from various third party entities. The management module may receive physical input from the DID owner. In response to receiving the physical input, the DID owner may be provided access to the rendered attestation UI elements.

Abstract: Inserting media data into existing media data in a way that ensures the inserted data is not accessible to all users. The computing system and methods are implemented in a decentralized network that implements a distributed ledger, the distributed ledger backing one or more decentralized identities (DID) for one or more users of the computing system. Access to a first portion of media data is granted to various users. The access is partially based on a DID that is associated with each of the users. A second portion of media data is received that is inserted into the first portion of media data. The second portion of media data is accessible by only some of the users who have access to the first portion of media data. Access to the second portion of media data is also partially based on the DID of each of the subset of users.

Abstract: Embodiments disclosed herein are related to computing systems and methods for providing a self-help mechanism to DID owners. The computing system and methods are implemented in the decentralized network that implements a distributed ledger that backs one or more decentralized identities (DID) for one or more users of the computing system. One or more DID-related data such as a DID-related intent or attestation is received from a third party entity. The received DID-related data is analyzed to determine a meaning of the DID-related data and/or the implications of providing information that is requested in the DID-related data to the third party entity or to another entity. A report based on the analysis is provided to the DID owner. The report includes information about the meaning of the DID-related data and/or the implications of providing the data to the third party entity or to another entity.

Abstract: Executing an application in a container within a scope of user-granted permission in a decentralized network that implements a distributed edger. Receiving a request from an entity for using data stored in a data storage that is associated with a DID as one or more inputs of an application associated with the entity to generate one or more results. One or more characteristics of the application is identified. Based on the identified characteristics, a scope of permission to use the requested data is determined. Next, the scope of permission is granted to a container where the application is stored or is to be stored. The application is then executed in the container using the data within the granted scope of permission as input to generate one or more results.

Abstract: Storing and executing an application in a personal storage with a user-granted permission in a decentralized network that implements a distributed edger. First, receiving a request from an entity for storing an application in a data storage that is associated with a DID owner. The application is configured to use data stored in the data storage as one or more inputs to generate one or more results. Next, one or more characteristics of the application associated with the entity is identified. Based on identified one or more characteristics, a write permission is to be granted to the entity, and the application is stored in the data storage. Thereafter, the application stored in the data storage is executed using data stored in the data storage.

Abstract: Embodiments disclosed herein are related to computing systems and methods for localizing how a user will receive and view received DID-related data. The computing system and methods are implemented in the decentralized network that implements a distributed ledger that backs one or more decentralized identities (DID) for one or more users of the computing system. Various sets of rule are accessed. The sets of rules specify how a DID owner will receive and view DID-related data received from a third party entity. The sets of rules are applied to the DID-related data received from the third party entity. The received DID-related data is modified such that the received DID-related data conforms to the one or more sets of rules. The modified DID-related data is provided to the DID owner so that the DID owner is able to view the modified DID-related data according to the applied sets of rules.

Abstract: Executing an application within a scope of user-granted permission in a decentralized network that implements a distributed edger. First, receiving a request from an entity for using data stored in a data storage that is associated with a DID owner as one or more inputs of an application associated with the entity to generate one or more results. Next, one or more characteristics of the application associated with the entity is identified. Based on identified one or more characteristics, a scope of permission to access the requested data that is to be granted to the entity is determined. Then, the scope of permission is granted to the entity to use the data as the one or more inputs of the application associated with the entity. Finally, the one or more results from the application is received.

Abstract: An attestation component to make attestations about itself to a relying party. The attestation component offers identity attestations of a particular decentralized identity, and manages use of a private key of that decentralized identity. However, the attestation component also has its own private key that is different than the private key of the decentralized identity for which it offers attestations. As an example, the attestation component might, using its own private key, provide an integrity attestation from which an integrity with which the attestation component has managed the private key of the decentralized identity may be determined. Based on this integrity attestation, a relying party can determine whether to trust other attestations provided by the attestation component on behalf of the decentralized identity.

Abstract: Failover between decentralized identity stores in the context of there being multiple decentralized identity stores that are each under the control of a single decentralized identity to store data belonging to or regarding the decentralized identity. Third parties can use the decentralized identity to at least conditionally access the data of the primary decentralized identity store. However, in response to detecting a failover event, one of the remaining decentralized identity stores is promoted as the new primary decentralized identity store. As part of this promotion, the new primary decentralized identity store replaces the old primary decentralized identity store as being the decentralized identity store that is accessed using the decentralized identity.

Abstract: Performing late binding of a social network identification (ID) to a guest ID for use in an identity platform. A guest ID is created for a second user that gives access to a shared application of an identity platform that is associated with a first user. Subsequent to creating the guest ID, permission is requested from the second user to bind social network IDs of social networks of which the second user is a member to the guest ID. In response to receiving permission, binding the social network IDs to the guest ID is performed. The binding gives the identity platform access to profile attributes of the second user from the social networks, and allows it to write information such as a merit badge back on the second user's social network profile. A federation binding may also be created that allows the second user to sign into the shared application using their social network ID.

Abstract: Embodiments disclosed herein are related to computing systems, computer program products, and methods for selecting and providing an attestation in response to a request from an entity. A request is received from an entity for attestation that included in various attestations related to an owner of the attestations. The attestations define information about the owner of the attestations that the entity desires to obtain. The request includes request metadata that identifies a type of the attestation that is being requested. The request metadata is analyzed to determine the attestation that is being requested. Based on the analysis, the attestation is selected. Access to the attestation is provided to the entity making the request.

Abstract: Permitting a decentralized identity to authenticate on behalf of a centralized identity to a centralized identity system, and/or permitting a centralized identity to authenticate on behalf of a decentralized identity to a decentralized identity system. Thus, the principles described herein permit authentication across decentralized and centralized domains. The identity system receives and registers a delegation for the first identity to authentic as the second identity, where one of the identities is a decentralized identity and one is a centralized identity. Thereafter, when the identity system receives a communication from the first identity to access a resource owned by the second identity, the identity system accesses the registration to determine that the first identity is authorized to authenticate as the second identity, authenticates the first identity as the second identity, and grants the first identity access to the resource owned by the second identity.

Abstract: Embodiments disclosed herein are related to computing systems, computer program products, and methods for providing a callback pattern for DID attestations or claims. An attestation is provided from a first entity of a decentralized network to a second entity of the decentralized network. The attestation defines information about an owner of the attestation that has been generated by the first entity and that is to be used by the second entity. The attestation includes contact metadata that defines how to contact the first entity. In response to the attestation being provided to the second entity, the first entity is contacted using the contact metadata.

Abstract: Embodiments disclosed herein are related to computing systems and methods for broadcasting an intent of a first user to a second user of a decentralized network. The computing system and methods are implemented in the decentralized network that implements a distributed ledger that backs one or more decentralized identities (DID) for one or more users of the computing system. Intent from first users of the computing system is received. The intent data defines potential interactions between the first users and second users of the computing system. Broadcast messages are generated. The broadcast messages include a DID for each of the first users and information specifying the potential interactions. The generated broadcast messages are provided to the second users.

Abstract: Enforcing different policy rules that are applicable to different types of data. A plurality of DIDs and a plurality of storages are managed by a computing system. Each of the plurality of storages is associated with at least one of the plurality of DIDs. Receive a request from an entity for operating on data stored or to be stored in one of the plurality of storages. Determine a type of the data requested to be operated on. Access one or more policy rules that are applicable to the type of the data. Based on the accessed one or more policy rules, determine whether the operation to be performed on the data will result in the data complying with the one or more policy rules. Based on the determination, allow or deny the request.

Abstract: Enforcing different policy rules that are applicable to different types of data. The computing system and methods are implemented in a decentralized network that implements a distributed ledger, the distributed ledger backing one or more decentralized identities (DID) for one or more users of the computing system. Receive a request from an entity for operating on data stored or to be stored in a storage that is associated with an owner of a DID. A type of data that is requested to be operated on is then determined. One or more policy rules that are applicable to the determined type of data are accessed. Based on the one or more policy rules, determine if the operation to be performed on the data will result in the data complying with the one or more policy rules. Based on the determination, allow the request when the operation will result the data complying with the one or more policy rules.

Abstract: The generation and management of decentralized identifiers of an entity. A decentralized identifier of a particular entity is recorded. Then, upon determining that the particular entity is granting a permission to another entity, the permission is signed based on the recorded decentralized identifier. As one example, the permission may be signed by a private key of the decentralized identifier. The permission may be verified upon request by authenticating the signed permission being associated with the recorded decentralized identifier; and authorizing the other entity to act upon the data depending on the authentication. As an example only, the authentication may occur using a public key associated with the recorded decentralized identifier.

Abstract: Embodiments disclosed herein are related to computing systems, and methods for determining patterns in received data that are indicative of common characteristics of the one or more users of a computing system. Data from first users of the computing system is received. The received data defines information about the first users. The type of the data that is received is determined by the first users. The received data is analyzed to determine one or more patterns in the received data. The one or more patterns are indicative of one or more common characteristics shared by the first users. Information related to the determined one or more patterns is provided to second users. The information includes a DID for each of the f first users that may be used by the second users to communicate with the first users.

Abstract: Inserting media data into existing media data in a way that ensures the inserted data is not accessible to all users. The computing system and methods are implemented in a decentralized network that implements a distributed ledger, the distributed ledger backing one or more decentralized identities (DID) for one or more users of the computing system. Access to a first portion of media data is granted to various users. The access is partially based on a DID that is associated with each of the users. A second portion of media data is received that is inserted into the first portion of media data. The second portion of media data is accessible by only some of the users who have access to the first portion of media data. Access to the second portion of media data is also partially based on the DID of each of the subset of users.