24G/ Achieving Full Global Decentralization with the KERI Protocol
From IIW
Achieving Full Global Decentralization with the KERI Protocol
Thursday 24G
Convener: Timothy Ruff
Notes-taker(s): Mark Scott
Tags for the session - technology discussed/ideas considered:
KERI, blockchain, decentralization, discovery
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Timothy Ruff (Opening Circle Summary): This session will discuss achieving full global decentralization with the KERI protocol. I believe the era of blockchain based identity and blockchain based authentic data is waning. I believe that we will be able to realize something that a lot of us have had as a goal for a long time - and that is full global decentralization of identity systems.
| IIW 33 | Session 24G | Achieving Full Global Decentralization with the KERI Protocol |
|---|---|---|
| Time | Name | Sessions Comments (interwoven with time-stamped comments from Chat) |
| Timothy Ruff | Introductory comments: Timothy spent several years building SSI with a blockchain-based primary root-of-trust, but now believes that approach is detrimental to achieving the goals of SSI. Evernym went to great lengths to create and establish an open-sourced network for managing and discovering SSI components/solutions by giving away control to the repository. Initially this was done via the Sovrin Foundation, and later moved to the Linux Foundation as part of the Hyperledger project (Hyperledger Indy, Aries, and Ursla). What emerged in the intervening years, however, was a network-of-networks, many non-interoperable DID Methods, and too much complexity to be feasible in support of viable business models. Essentially, in the Identity space, everyone ended up using blockchain as a platform; balkanized, captive platforms with identifiers locked in. By comparison, what is needed, is a protocol-based approach to interoperable SSI solutions. For examples of the advantages of protocols over platforms, consider: 1) SMTP vs. proprietary email; 2) SMS vs. carrier-based messaging. KERI (Key Event Receipt Infrastructure) is a protocol, not a platform. It publishes a Key Event Log (KEL), has no proscribed place or network, and replaces platforms. With KERI, you control your own identifiers and can communicate across any domains. | |
| Some discussion ensued regarding Timothy's definition of decentralized. | ||
| Timothy Ruff | We can't achieve the original vision of SSI without decentralization. | |
| 14:00 | Neil Thomson | Agree - just look at the COVID Certificate Initiative (based on existing blockchain DIDS) and their trust networks-of-networks that are being proposed. Essentially a multi-centralized system with lots of friction to set up and manage. |
| Neil Thomson | Multi-centralized efforts are not decentralized. | |
| Timothy Ruff | Agreed. I like that term, multi-centralized. | |
| 14:04 | Aaron Goldman | https://docs.google.com/presentation/d/1r9O8cBPCqyT2Kx1uYYF7IVs0HRD1BfjjC3m_dJYGZHE/edit#slide=id.p |
| Timothy Ruff | Timothy showed the table: Relative Decentralization of Identifier Systems | |
| 14:05 | Timothy Ruff | https://docs.google.com/document/d/165Y_1a8THF23rbuTz6dbwhVcXvjn69ff1hG1-Fn17zg/edit# |
| 14:07 | David Wheeler | There is a short list of trusted root authorities for DNS. |
| Phil Windley | Let's not bring DIDs into this discussion. Having 117 different DIDs is a good thing at this stage. A small number will prevail. | |
| Todd Snyder | Along with mention of centralized in the table, can also characterize as proprietary or closed systems. | |
| Drummond Reed | Decentralized is complex and hard to describe. A 40-page paper has been written defining it. [Reference?] | |
| Wenjing Chu | What about the unique processes for obtaining a business license in each of the 50 US states? Is that decentralized? | |
| Timothy Ruff | I choose what I put in my wallet. How do we get there with any centralized identity systems? How does KERI enable full decentralization? | |
| Sam Smith | Thirty years ago, PKI was proposed as the security solution to the Internet (see reference below). | |
| 14:09 | Sam Smith | https://www.rfc-editor.org/rfc/rfc2693.txt |
| Sam Smith | It consisted of PKI, signing, certificates, Diffie-Hellman, etc. The problem: managing private keys. PGP came along, implementing the concept of a web-of-trust, but didn't solve the key rotation problem. With an upgrade to algorithms, one had to reestablish key pairs, which with even only 40 PGP peer connections, became unmanageable. With KERI, it's just PKI and key management, without shared governance (which would make it harder). Industrialized countries know how to manage keys now (better than in the 1990's). | |
| Sam Smith | The PKI of DIDs is centered on method-specific identifiers. We can use KERI to prove control of identifier in a particular name space. Each DID Method is its own trust domain. KERI allows for one trust domain. | |
| 14:13 | Zorigt Baz | I understand KERI is for key rotation. Can you give an example of how KERI could be like SMTP to which different platforms connect? |
| 14:13 | Vic Cooper | Is Global decentralization an end in itself or is there a greater goal? |
| 14:16 | Phil Windley | I think we’re spending too much time debating what decentralized means. |
| 14:16 | Zorigt Baz | +1 |
| 14:17 | Michael Shea | Is KERI a standard? |
| 14:17 | Henk van Cann | Not yet. |
| 14:17 | Kevin Griffin | @Michael it’s on track for IETF. |
| 14:17 | David Wheeler | +1 Phil Windley |
| 14:17 | Michael Shea | Then technically, KERI is not Standardized. |
| Stephen Curran | We can't use KERI today, correct? | |
| Sam Smith | Correct. We should use whatever is available today. | |
| Timothy Ruff | I see a dead end to identifier systems based on blockchain ledgers, as they don't have sustainable business models. | |
| Michel Plante | How far away are we on KERI? | |
| Philip Feairheller | Beta today. Pilot on 15 Oct 2021. Witness networks are available. | |
| Sam Smith | Production in Q1 2022. GLEIF will be offering vLEIs. | |
| Timothy Ruff | KERI will initially be used for communication, corporate filings, then transactions. | |
| 14:18 | Sam Smith | KERI is about establishing provable control via cryptography of an identifier such that any statement made in the name of that identifier can be securely attributed to the controller of that identifier. Key rotation is how you maintain persistent control over an identifier in spite of key compromise. |
| 14:18 | Phil Windley | https://www.windley.com/archives/2015/01/re-imagining_decentralized_and_distributed.shtml |
| 14:18 | Phil Windley | Re-imagining Decentralized and Distributed. We’re missing an axis: hierarchy vs heterarchy. |
| 14:20 | Sam Smith | Control is established by cryptographically binding an identifier to one or more (public, private) digital signing key pairs. This means control is established via non-repudiable signatures. |
| 14:21 | Stephen Curran | I can have a KERI identifier. Now I need to share it and others have to be able to resolve it. How is it easier to use than a DID with a given DID method? |
| 14:21 | Cam Parra | How would that world work in places where smartphones are scarce? |
| 14:22 | Sam Smith | There is a did:keri method. KERI identifiers are independent of name space. DID is a name space protocol. The method-specific identifier in a DID is the cryptographic identifier; everything else in a DID is part of the name space, but control of that name space is only cryptographically established versus. |
| 14:24 | Stephen Curran | So to use KERI, we need a 118th DID Method. It’s not that I’m against — I just don’t see how it is used on its own. Thus, comparing it to DNS or blockchains seems like apples and oranges. |
| 14:26 | Philip Feairheller | KERI doesn't need a DID Method, but can be used to back one. If a wallet supports the KERI protocol it can verify any KERI identifier with anything being on a ledger. If someone "gives" you an identifier, they have given you the KEL too, which is end-verifiable. |
| 14:27 | Phil Windley | I think calling DID a namespace protocol does it a disservice. If you give me a did:keri:…, then I should know I can use it in DIDComm, I can resolve it, etc. That’s more than namespacing. |
| Phil Windley | In a different way, Mike Jones said: Encourages everyone he knows to not use DIDComm because he doesn't trust the security features of a messaging system. | |
| 14:27 | Philip Feairheller | And if they are using witnesses, then you can verify that there has been no duplicty for that KEL. |
| 14:27 | Phil Windley | @Philip, same is true of did:peer:... (your first comment) |
| 14:27 | Philip Feairheller | Not the last part, correct? Jinx |
| 14:27 | Phil Windley | :) |
| 14:28 | Cam Parra | Will KERI include that layer? To work for custodial wallets? |
| 14:29 | Philip Feairheller | It will be part of the specification and is currently available in the python implementation. |
| 14:30 | Rouven Heck | Where do you host the other DID doc/metadata for KERI DIDs? |
| 14:30 | Philip Feairheller | https://github.com/WebOfTrust/keripy |
| Sam Smith | We need an independent audit of KERI code. | |
| Stephen Curran | There need to be layers on top of KERI to get us to the place of other more mature solutions. | |
| Timothy Ruff | Yes, we need trust frameworks, legal, etc. A chicken-egg problem. | |
| 14:34 | Rouven Heck | That's why we have public chains with tokens 😄 |
| 14:34 | Rouven Heck | @Timothy - how do you incentivize the witness & watcher networks? |
| 14:36 | Timothy Ruff | A controller pays them. |
| 14:37 | Henk van Cann | And verifiers could pay the watchers. |
| 14:37 | Rouven Heck | +1 Stephen - I think we compare different things. |
| Timothy Ruff | Banks would do witness & watcher networks. KERI doesn't proscribe best practice. | |
| Stephen Curran | Wouldn't it make more sense to weave KERI into DIDs so you can find KEL? did:web is ideal for what a KEL would do. | |
| Sam Smith | Agree. If I could get them to adopt KERI, great. The design of KERI is such that it could be a trust-spanning layer of the Internet, across domains. | |
| Timothy Ruff | One sticking point. [?] | |
| 14:39 | Phil Windley | You’re going to be part of a governance framework, and different frameworks will have different requirements. |
| Phil Windley | Do we need blockchain? We need discovery for public identifiers. Block chain provides that. How else do we do that without blockchain? | |
| Rouven Heck | There are three layers of separation with blockchain: 1) High layer [description?]; 2) Execution engine; 3) Logical layer of where to find things. | |
| 14:45 | Nader Helmy | KERI needs some organized way to build advocacy and incentives structures on top of it. A DAO perhaps? In other words, one way to formalize a community of KERI users and adopters. |
| 14:48 | Rob Aaron | I'm confused by the word "discovery". Is this search-ability? |
| 14:49 | Dan Robertson | +1, same question as Rob 🤔 |
| 14:49 | Zorigt Baz | I think it means resolving DID. Maybe. |
| 14:49 | Phil Windley | I give you a DID, you need to resolve it. It’s not my DID, it’s a public DID. How do you resolve that? You need to discover it. |
| 14:50 | Vic Cooper | One meaning is how can you find me if all of our connections are peer-to-peer with no centralized directory. |
| 14:50 | Timothy Ruff | That. :) |
| 14:50 | Dan Robertson | ☑️ Thanks for expounding, Phil. 🙏 |
| 14:50 | Rob Aaron | Got it! |
| Sam Smith | Regarding discovery: Agree blockchains are useful. KERI has primary root-of-trust that is irreplaceable (the KEL). Using blockchain as a (replaceable) secondary root-of-trust could be the best use of blockchain (in identifier systems). We want to find approaches with better performance, cost, latency, governance (as in less governance), which is what KERI provides (with, for example, Percolated Discovery and Verifiable Data Registry (VDR)). | |
| 14:52 | Enddy Dumbrique | Nooo! This was so good. I wish that I had not walked in a little late. |
| 14:52 | Rouven Heck | Timestamping in discovery is helpful. How do I know it’s the latest state? |
| 14:53 | Michael Shea | +1 Phil Windley |
| Phil Windley | We're years away from KERI being implemented and available. | |
| Timothy Ruff | We can talk about blockchain as a dead end for identity systems and authentication. | |
| Phil Windley | One could take a more tactful approach. | |
| Timothy Ruff | Yes. | |
| 14:54 | Rouven Heck | Would you take a bet? 🙂 |
| 14:54 | Timothy Ruff | Yep. A big one. |
| 14:54 | Rouven Heck | Ok - let’s do it. |
| Timothy Ruff | Within 3 years, no one in the identity community will be using blockchain as a primary root-of-trust. | |
| [missed the final few comments in the chat] |
