What is SOVRIN?

From IIW
Jump to: navigation, search

What is Sovrin


Tuesday 4E

Convener: Phil Windley

Notes-taker(s): Scott David

Tags for the session - technology discussed/ideas considered:

Discussion notes, key understandings, outstanding questions, observations, and, if

appropriate to this discussion: action items, next steps:


Sovrin is a foundation to create distributed ledger technology


Permissioned


BItcoin blockchain is example of permissionless distributed ledger


Permissioned is Node that write to the ledger are known to the system.


Bitcoin blockstack enables distrib ledger to reach consensus. Use different mechanisms to reach

consensus. Get problems like Sybil problem – addressed by miners.


Sovrin solves the Sybil problem by not letting there be unknown writers.


How get onto the list of who can write to the ledger.


In the production network – go through a process with the foundation to be a node.


Sovrin trust framework will run the network.


Need vetting – need to be let into it.


Sovrin foundation set up for public permissioned ledger for self sovrin identity and not other

problems.


The known nodes is what makes it permissioned.


Whole class of permissioned blockchains – ripple, R3 are approaches.


Second word is public – distinguishes it from “private” network, like corda. Anyone can get an

identity, but the nodes that validate the identity are known.


That is explanation of the “public, permissioned” ledger.


This is special purpose – for identity. Unlike Stellar which is not special purpose.


Permissioned part is why there is a SOVRIN foundation. Someone has to decide who are the nodes

that can write to the ledger. SOVRIN selects nodes to decide who can write to ledger. This is

primary purpose. IT does other things like outreach also, but this is main goal.


How do you reject bad actors. Every transaction you know how everyone voted If you voted

against other nodes, threshold above. Intrusion detection like policy Network algorithmically

protect against bad actors.


What percentage need for stability of system.


33% comes from byzantine generals algorithm. 2/3 of permissioned nodes threshold.


With bitcoin it is 51% of hash power.


Algorithm expects bad actors. Has a way to deal with it.


Foundation is structured so that the nodes have no identity whatever. Identities of system have

complete privacy. Sovrin nodes have no privacy. Kirkoff’s principle for identity.


One aspect of identity that is problem, is that different relying parties trust different things. DOD

Might trust certain things in DOD, but not beyond. Is this a situation where SOVRIN foundation is

trusted? Part of that is related to claims – question might be how do I trust a claim. But answer is

that, yes, you need to trust the nodes. Software being run is open source. All in a trust framework

that is transparent. Need to trust that nodes are doing the right thing.


Consensus system not depend on a single point of failure. If distributed then like an insurance pool.

Risk of loss is reduced. If concerned about sovereign. Single point of failure is node selection

process. Need to trust the SOVRIN.


What are the ways to check the code (code reviews). Need enterprise corporate governance, etc.

Need competent audit and other functions.


Why permissioned? Performance: Permissioned use less computational power to do transactions.

Also, at banks and healthcare – liked the permissioned model.


There will be lots of distributed ledgers used for different things. This is potentially useful for

identity systems.


Financial organizations are starting to look at this as a model for identity.


The intention of these presentations is to solicit help with SOVRIN foundation.


Change of topic:


What mean by “SOVRIN is an identity network” at a high level.


Imagine that have an “identity” for Jane. There is no one real thing. It is in a ledger and distributed,

etc. But Jane with think of these things as correlated with her.


Jane wants to create relationship with her bank Bank has set of keys.


Jane creates an identifier and gives the public part of the key pair to the bank. The ledger is helping

Jane manage the PKI and what is happening there. Jane can have the banks key so that she knows

when talking to the bank, all within normal public private key pairs.


When Jane has relationship with state government, Jane create separate key pair for the

government. Create different key pairs for each entity that Jane interact with. Even if they wanted

to correlate the key pairs, they cannot.


Jane can iterate those key pairs multiply.


Q: If Jane is human rights worker in Cambodia, but need two identities. Can manage two key pairs

for each entity. There is no link other than Jane’s linkage of the different relationships.


If Jane wants to get a job, and apply for work at employer. She may want to use claims that she has

E.g., claims that are self asserted (from government, school and bank e.g., ) wants to tell them about

bank, school transcript and state authority. They are all verifiable claims by the various entities

with which she has the key relationships.


Jane creates a proof which she translates to the potential employer. That proof not provide all

claims, just the ones that she want to share with the potential employer.


With proof, Jane can create proof that other organizations can use and rely upon.

Note that claims are all revocable.


Note that the employer got all the proofs.


She uses that address claim to show the employer that her information is provided to the bank.


There is a use ability to transfer claims to third party, based on relationships to the third parties.


User as the information arbitrage traffic cop.


Note that when written to the ledger – could be on the ledger, or off the ledger.


who controls the ledger. IT is distributed. Who controls what is written to them – stewards control


what is written, SOVRIN cannot change the ledger.


Suggested enhancement to SOVRIN foundation would be to changes to code being in the changing

pool. Predictive market in front of an “actual” market.


Rules about how that happen.


Governance process can be deployed here from other conflict of interest contexts to mitigate the

risk of code change control.


Why do you need a distributed ledger? Premise is true – Distributed ledger is a solution, but

expensive one. Without distributed ledger, what is the way that I can have a self sovereign identity?


Precondition of this system is robust key matching. If have good private key management, cant you

do this separately.


Do you need self sovereign identity or not. What do you mean by self sovereign identity?


Not need bind the concepts this way.


Decentralized ledger “own” the identifier”


DMV issues you a drivers license number, thing they are binding you to is the identifier.


How do this without your own hardware.


I have no pieces of paper – restore identity – no standard for identity.


Possibility of the confusion of my perception of me and your perception of me (external perceptions

of identity and internal senses of self). I have ability to reassert external perceptions of me in the

SOVRIN context, which is a new authority.


Social login and reusable identifiers. Claims are the transactions that drive this way past social

login.


Banks and credit unions do KYC – they are interested in using claims more subtly and broadly.


How do you initialize this model – see next session.


What is the reason that it needs to be a ledger (like distributed hash tables, etc.). can it be

distributed and not be a ledger.


Whoever has the power to pull the plug, creates a silo. If some other entity can pull the plug, then

have silos, so not have user sovereignty.


One horizontal layer is me – person as the courier, holder of truths about the claims.. then the silos

don’t have to talk to each other.


Why need to be ledger – just accounts over time. Important if going to check time, auditability,

immutability, etc.


Does this enable, pairwise, single sign on under user control.


People ask – why not use bitcoin, why not use ethereum – part of the answer is performance

difference. Other issue is trust. Many are uneasy about a permissionless system. They want to

know who is in the system.


Banks need the trust anchor – trust anchor opens up to questions of national sovereignty, etc. This

is why there will be multiple ledgers and systems.


Private key management is a big problem. If lose the keys.


Big problem is the loss of the key. There are discussions going on about how to generate the key

recovery.


Big problem is the UI.