Identity Wallets are not Crypto Wallets

From IIW

Identity Wallet (not Crypto Wallets)


Tuesday 2D

Convener: Daniel Hardman

Notes-taker(s): Karan Verma


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


- What is an identity wallet? 

  • Digital container belonging to a single identity owner that holds secrets, money, credentials, and miscellaneous related items. 
  • Implement best practices and standards for distributed secrets and key management, for maximum security and privacy 
  • Has an identifiable location on hardware 
  • Unit of portability - mostly, move a wallet, move an identity.


- Question Why is it called a wallet? 

  • Because of cryptocurrency wallet 
  • Is there a better name? 
    • Holder
    • Keychain 


- What is and should be stored in an indy wallet? 

Bunch of different things that go into an identity wallet 

  • Key pairs 
  • Cryptocurrency keys and HDKeys indexes 
  • Link secret 
  • Policy address (and agency policy registry doc?)
  • Cred def keys 
  • Credentials 
  • Symmetric keys 
  • Tails indexes, witnesses 
  • Cache of other party’s pub keys -> microliter 
  • Tails file -> file system (not private) 
  • Proofs from others? 
  • Other identity info 


- Cryptocurrency wallet != identity wallet 

  • Cryptocurrency wallets just hold keys 
  • How many things do you put in a cryptocurrency wallet
  • Some put your secrets in cloud, managed by another party 
    • Identity wallet cannot be all in the cloud 


- Vault != wallet 

  • Vault is virtual construct — same boundary as a domain
  • Includes data of all kinds, located in all places under owner control: wallets, proofs, genome, tax and legal records, private docs..
  • Security and privacy of a vault is not standardized


Comment

  • Identity wallet vs cryptocurrency wallet 
    • Need to put lot of data in the wallet
    • Hardware to store symmetric keys 
    • There are different requirement 
      • There are different use cases and they are not exactly the same thing. 


Questions 

  • Natural scope of a wallet is similar in the digital world and physical world 
  • Stateless refuge location 
  • Self sovereign identity for my connections 
    • In a at risk situations, can I get to my wallet through biometrics? Is that somehow connected to the wallet? 
    • Keys are tied to relationships, when you have a wallet you have your connections. 
    • Wallet are set of things which are on a particular device. 
  • Curious about identity - people cannot take away from you - does self-sovriegn apply to wallet/ is it completely in users control? 
    • Self-soverignity has to be a characteristic of the wallet. 
    • There is difference b/w verifiable information and sensitive information. 

Browser Password Synch: sensitive data is never stored on the server, probably should have one wallet. Shouldn’t probably make that distinction b/w cryptocurrency wallet and identity wallet

  • Distinction made for implementers not for users - Users get a unified experience.