What’s Supposed To Happen When A DID Operator Goes Out Of Business?
What’s Supposed to Happen when a DID Operator Goes Out of Business?
Tuesday 6M
Convener: Andrew Hughes
Notes-taker(s): Nicholas Rempel
Tags for the session - technology discussed/ideas considered:
OAuth, Scopes, Claims
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
1. Notes received from Andrew Hughes
************************** ************************* ************************
2. Notes received from Nicholas Rempel:
What is supposed to happen when a critical piece of did infrastructure goes down?
Hypothetically 20% of the critical infrastructure goes down. How to we plan for this?
[VC Architecture drawing]
Possible fail cases?
- DID registry is impaired
solutions:
- Replicate version of the registry
- DID registry ledger is forked
- Holder DID store service impaired
- User Agent app fails
- Issuer compromised
- Partial network outage
- DID registry/network partition
- System key compromise
- Recovery path lost - no key rotation
- Entire did registry is a bad actor
- misconception about longevity of cryptographic systems
Fallback/Mitigation
- Blockchain/ledger solves many problems
- HL Indy includes state proof. Verify proofs offline
- “Skip chains”
- Auditing/Certification
- Insurance observer nodes - business that replicates chain for a fee
- DID forwarding?
Is there an option for a mass migration from one did registry provider to another? Can a single DID be ported to a different registry?
No.
Need to add a new did on a new registry and update all relationships.