What’s Supposed To Happen When A DID Operator Goes Out Of Business?

From IIW

What’s Supposed to Happen when a DID Operator Goes Out of Business?


Tuesday 6M


Convener: Andrew Hughes

Notes-taker(s): Nicholas Rempel


Tags for the session - technology discussed/ideas considered:


OAuth, Scopes, Claims


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


1. Notes received from Andrew Hughes


IIW28 WED 6M Whats Supposed To Happen(1)(UPDATED).jpg


************************** ************************* ************************


2. Notes received from Nicholas Rempel:

What is supposed to happen when a critical piece of did infrastructure goes down?


Hypothetically 20% of the critical infrastructure goes down. How to we plan for this?


[VC Architecture drawing]


Possible fail cases?


- DID registry is impaired

solutions:

- Replicate version of the registry

- DID registry ledger is forked

- Holder DID store service impaired

- User Agent app fails

- Issuer compromised

- Partial network outage

- DID registry/network partition

- System key compromise

- Recovery path lost - no key rotation

- Entire did registry is a bad actor

- misconception about longevity of cryptographic systems


Fallback/Mitigation

- Blockchain/ledger solves many problems

- HL Indy includes state proof. Verify proofs offline

- “Skip chains”

- Auditing/Certification

- Insurance observer nodes - business that replicates chain for a fee

- DID forwarding?


Is there an option for a mass migration from one did registry provider to another? Can a single DID be ported to a different registry?


No.


Need to add a new did on a new registry and update all relationships.


IIW28 WED 6M Whats Supposed To Happen.jpg