Blockchain for Decentralized Identity — Standards
Standards for Decentralized Identity are still evolving. Though we have made progress in recent years, we are still nascent in some areas. Therefore, I will cover some standards in this post and provide references for more information. Today over 350 organizations collectively participate in the Trust over IP Foundation and Decentralized Identity Foundation working on standards.
It grew out of prototypes built at MIT Media Labs. Blockcerts1 is an open standard for creating, issuing, and verifying digital records on blockchains. It assists in building apps that issue and verify blockchain-based official records. These may include certificates for civic records, academic credentials, professional licenses, and more. It contains information about the issuer, holder, or verifier that is blockchain agnostic. The whole blockcert is needed to verify a transaction with the verifier. Some companies have started deploying solutions around blockcerts, and there are use cases that educational institutions have deployed.
Hosted by the Linux Foundation, Hyperledger3 is a multi-project open-source effort towards progress using blockchain technologies across multiple industries. The nonprofit organization brings together an ecosystem of resources and infrastructure. Here, I will cover those relevant for Decentralized Identity.
Hyperledger INDY — provides tools, libraries, and reusable components for Layer 1, the blockchain, the foundation to implement SSI (self-sovereign identity) principles. No private data gets written on INDY. Data written to INDY is immutable and interoperable across blockchains and other distributed ledgers. It supports critical characteristics of a decentralized identity with DIDs, that are universally resolvable via a ledger. Correlation resistant by design, Indy supports secure pairwise unique identifiers between two entities to exchange data. A decentralized identity implementation can be blockchain agnostic, following industry standards across the stack.
Hyperledger URSA — is a shared cryptographic library that helps increase security which is critical for Decentralized Identity implementations. Its library enables an easy option to implement cryptographic capabilities by Indy and Aries. It grew out of the Indy code repository into a separate project. URSA capabilities include:
o Pubic and Private key generation
o Data Encryption and Decryption
o Hash generation
o Data signatures and verification
Hyperledger ARIES — provides a mechanism for creating, transmitting, and storing verifiable credentials within the Decentralized Identity ecosystem. It is the blockchain infrastructure for peer-to-peer transactions between people, organizations, or things. ARIES enables this in 2 ways:
o By sending a chunk of data to another agent and
o By sending data in a series of messages to complete a transaction using a defined protocol.
There are two kinds of ARIES messaging protocol:
o Envelop protocol that sends the message irrespective of its content
o Content protocols that act on the instructions within the message and could trigger a sequence of messages in a particular order to complete a transaction.
It uses cryptography from Hyperledger URSA to deliver secure transactions. ARIES outlines open standard protocols for agent interoperability. It allows agents to use DIDs and Verifiable Credentials from multiple Decentralized Identity ecosystems. Depending on the use case, various protocols outline the agent’s behavior. The functions of the ARIES framework include:
o Connect with other agents using a defined protocol
o Send and receive messages using the DIDComm protocol
o Execute protocols
o Interact with ledgers
o Issue verifiable credentials
o Create and verify presentations
The Controller within ARIES gives instructions to the framework, which enables the agent to conduct transactions. ARIES also provides secure wallet services for the storage of cryptographic content.
DIF (Decentralized Identity Foundation)
The DIF4 focuses on building the foundational components of an identity ecosystem using open standards. There are multiple working groups for DIDs, DID Documents, Identifiers, DID Communications, KERI (Key Event Receipt Infrastructure), Wallet Security, etc. Within DIF, a project is building a library of easily identifiable prominent DIDs. KERI is a new approach to decentralized key management with the potential for self-sovereign identity advantages.
W3C — DID (Decentralized Identitfier)
The World Wide Web Consortium5 is an open standards body that works to ensure the long-term growth of the internet. Groups within the consortium work to further standards for Decentralized Identity. For example, the W3C published the DID (Decentralized Identifier) standard with its core architecture, data model, and representations. At the time of writing, there are 112 DID methods defined with almost half of them supported by the Universal DID resolver. In addition, it published the verifiable credentials data model specifications and attribute recommendations. An API repository for Issuer and Verifier APIs provides the specification for creating and verifying Verifiable Credentials.
W3C Digital Wallet
A portable, extensible JSON-LD wallet supporting digital currencies and credentials is underway at the W3C. There is a working draft, not ready for implementation and adoption (as of the writing of this blog). The eIDAS 2.0 wallet functionality working group is creating a reference wallet architecture to baseline the functionality of an eIDAS 2.0 compliant wallet.
Trust over IP Foundation
Hosted at the Linux Foundation, Trust over IP Foundation7 seeks to define a complete architecture for Internet-scale digital trust that combines cryptographic trust at the machine layer with human trust at the business, legal, and social layers2. In addition, it delivers policy and technology tools for secure communications at scale. Its mission is to provide a scalable, common standards-based foundation to build digital trust for the internet.
I will cover the Public Sector in the next post.
To reference previous posts refer to this link. Again, I would suggest reading the posts in succession.
1. Blockcerts — https://www.blockcerts.org/
2. SSIMeetup.org: Blockcerts: The Open Standard for Blockchain Credentials by Daniel Paramo and Anthony Ronning
3. Hyperledger — www.hyperledger.org
4. DIF (Decentralized Identity Foundation) — https://identity.foundation/
5. W3C — www.w3c.org — standards for DID https://www.w3.org/TR/did-core/
6. W3C — standards for Digital Wallet https://w3c-ccg.github.io/universal-wallet-interop-spec/
7. Trust over IP — https://www.trustoverip.org/
8. Trust over IP at SSIMeetup.org: O’Donnell, Darrell; Vesey, Mike; Reed, Drummond