We are proud to announce the release of IOTA Identity version 0.5. With this update, the IOTA Identity team takes an important step towards providing the most secure, privacy-preserving and easy-to-use Self-Sovereign Identity (SSI) framework on the market. While previously following our own naming scheme with “beta-2”, we have now gone back to semantic versioning (major.minor.patch).
On Tangle changes
The 0.5 update contains significant improvements to the Decentralized Identifier (DID) messages on the Tangle. Firstly, DID messages are now compressed using the Brotli compression algorithm, reducing about 40% of the message’s size without having a significant impact on the performance due to compression and decompression. Due to this size reduction, DID messages will require a reduced Proof of Work (PoW) difficulty, thereby also reducing the publication time. In a post-Coordicide setting, we expect this to also apply to Mana, reducing the amount of Mana required to publish a DID message.
After decompression, the DID messages are now also more clearly structured into three separate objects: “doc”, “meta” and “proof”. This separation makes it easier to find relevant information from the raw DID messages and follows the W3C specification for DID more closely.
These changes are not compatible with identities published using older versions of the framework, meaning that those identities cannot be resolved with the new version and vice versa. In order to prevent more breaking changes due to DID message layout alterations, we have introduced versioning. Every DID message contains a byte for the DID message layout versioning and a byte for the compression algorithm used. This makes it possible to support backward compatibility in future updates. While we aim to keep breaking changes to a minimum and would like to maintain backward compatibility, we are still researching the exact details of how DID messages will change with the Stardust update, which could potentially lead to a breaking change.
The Account API has undergone several changes to improve maintainability, flexibility and ease of use. For developers using the Rust framework, this translates mostly into a simplified developer experience where we provide a flexible API with sensible defaults. The Account API is now made to manage a single identity, rather than multiple. This removes the necessity for keeping track of the DID after an identity is created, as developers no longer need to enter the DID into every update function. Because accounts now only manage a single DID, we also allow Strongholds to be shared between Accounts. This prevents users from having to set new passwords for each new identity.
The team has also added support for the X25519 Diffie-Hellman Key Exchange to the framework. This allows two parties to set up a secure communications channel, which is useful for sharing sensitive information such as Verifiable Credentials (VCs). It also enables IOTA Streams to add support for IOTA Identity.
Lastly, the verification of VCs has gained a much more powerful API. Previously, the API only allowed the verification of the signature and only if the signing key was still valid. Now, developers can choose which verification options they find important. They can also decide if they allow expired VCs to pass verification and they can easily build their own custom verification logic on top of the verification API primitives.
The IOTA Identity team has also made drastic improvements to our processes. This may be less shiny and exciting for the community, but it does mean that the team now has a fully automated release process with detailed changelogs. In addition, our automated testing has become faster and more reliable and covers more important cases.