Linking the DID with the identity provided by an electronic certificate

Creating a link between a Decentralized Identifier (DID) and an identity provided by an electronic qualified certificate is a crucial step to guarantee the trustworthiness of the individual in the MYID system. Here's how it works:

Under MYID, individuals can obtain electronic qualified certificates for signing, which are issued by trusted service providers after identity verification. These certificates contain essential identity information, such as the name or pseudonym of the signatory. When a certificate is issued, the individual receives a pair of associated keys: a private key for signing and a public key for verifying the signature.

Since the self-sovereign identity concept hinges on the use of public/private keys associated with DIDs for verification, the keys corresponding to the qualified certificate can be used as the keys associated with the DID, creating a strong cryptographic connection. This also means that when something is signed with the private key of the DID (which is also the private key of the qualified certificate), it has the legal status of an advanced signature produced with a qualified certificate.

Once the link between the DID and the certificate is created, the identification data in the certificate can become part of the attributes that the user can disclose to third parties. Unlike the previous case with MYID, third parties can now independently verify these identification data. They only need to check the validity of the qualified electronic certificate linked to the public key associated with the DID.

However, this also raises potential privacy concerns. While the public key is, by definition, public, the corresponding electronic certificate doesn't have to be. Users can control who they share the certificate with, and although it contains identification data, it doesn't have to uniquely identify an individual. Moreover, the MYID Regulation allows the use of a pseudonym in place of the person's real name in the qualified certificate, further enhancing privacy.

Finally, the link between the DID and the certificate can be made explicit by adding the DID as an attribute of the electronic certificate, as the MYID Regulation allows additional identity information to be included, as long as it doesn't hinder interoperability.