Identity @ Hyperledger *Indy *Ursa *Aries *Idemix & FabrCA
Identity @ Hyperledger: Indy, Ursa, Aries, Idemix & FabrCA
Tuesday 4H
Convener: Nathan George, Sovrin CTO
Notes-taker(s): Trent Larson
Tags for the session - technology discussed/ideas considered:
Sovrin, Hyperledger, Verifiable Claims
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Sovrin code is hosted at Hyperledger as Indy
Topics
- Identity Working Group
- Indy
- Ursa
- Aries project proposal
- blockchains & identity
Built to do verifiable data exchange between issuer & holder & verifier (who trusts issuer)
Indy: the original app w/ "blockchain" Plenum ledger
Ursa is a crypto library (in Rust, interfaces to languages & blockchains)
Blockchain requires shared, single store of data (attributes = balance)
Identifiers allow ownership of data separated from the specific keys used
Decouple the attributes from the data & only maintain them
Now we can store the IDs on the chain.
Agents interact on behalf of people, and that's an intentional legal term to represent the holder.
Blockchain is only to verify that the identifier is still valid.
New project proposal: Aries to do identity interaction and key management
Identity interactions on different chains
"public DIDs" on public networks vs "peer DIDs" on private networks
Credentials can be implemented by multiple keys
Private permissioned chains require knowledge of genesis block, then people can be added at will.
Now credentials can be used between individuals without
Revocation Registry tells what credentials are active, and they're moving to SNARKs and Merkle Trees
Credentials can be wrapped as
Sovrin is more about verifying claims than identity
For sharing credentials:
- Need a schema (data model, structure, vocab, json-ld) which are stored on an immutable blockchain
- mappings object (to define order) & encoding object (to serialize goals) allow a flattened version of the credential
- "json-ld data graphs" allow richer data representation
- "range proofs" allows proofs of a subset of the graph of data
- Need a credential definition
- Provides: correctness proof, DID & public DID, keys, pointer to revocation registry
The only attributes on the Sovrin blockchain are:
- Trustees have their names on the network
- Stewards have their organization names on the network
Interesting demos:
The Org Book
StreetCred ID
Spark NZ
ID Ramp