Identity @ Hyperledger *Indy *Ursa *Aries *Idemix & FabrCA

From IIW

Identity @ Hyperledger: Indy, Ursa, Aries, Idemix & FabrCA


Tuesday 4H

Convener: Nathan George, Sovrin CTO

Notes-taker(s): Trent Larson


Tags for the session - technology discussed/ideas considered:

Sovrin, Hyperledger, Verifiable Claims


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


Sovrin code is hosted at Hyperledger as Indy

Topics

- Identity Working Group

- Indy

- Ursa

- Aries project proposal

- blockchains & identity

Built to do verifiable data exchange between issuer & holder & verifier (who trusts issuer)

Indy: the original app w/ "blockchain" Plenum ledger

Ursa is a crypto library (in Rust, interfaces to languages & blockchains)

Blockchain requires shared, single store of data (attributes = balance)

Identifiers allow ownership of data separated from the specific keys used

Decouple the attributes from the data & only maintain them

Now we can store the IDs on the chain.

Agents interact on behalf of people, and that's an intentional legal term to represent the holder.

Blockchain is only to verify that the identifier is still valid.

New project proposal: Aries to do identity interaction and key management

Identity interactions on different chains

"public DIDs" on public networks vs "peer DIDs" on private networks

Credentials can be implemented by multiple keys

Private permissioned chains require knowledge of genesis block, then people can be added at will.

Now credentials can be used between individuals without

Revocation Registry tells what credentials are active, and they're moving to SNARKs and Merkle Trees

Credentials can be wrapped as

Sovrin is more about verifying claims than identity




For sharing credentials:

  • Need a schema (data model, structure, vocab, json-ld) which are stored on an immutable blockchain
    • mappings object (to define order) & encoding object (to serialize goals) allow a flattened version of the credential
    • "json-ld data graphs" allow richer data representation
    • "range proofs" allows proofs of a subset of the graph of data
  • Need a credential definition
    • Provides: correctness proof, DID & public DID, keys, pointer to revocation registry


The only attributes on the Sovrin blockchain are:

- Trustees have their names on the network

- Stewards have their organization names on the network

Interesting demos:

The Org Book

StreetCred ID

Spark NZ

ID Ramp