1 of 18

Introduction to�Hyperledger Indy

Blockchain for Identity�Stephen Curran - BC Gov - 2018.08.31

2 of 18

Topics

  • What’s the Identity Problem?
  • Internet Identity with Hyperledger Indy
    • DIDs
    • Blockchain
    • Agents and Wallets
    • Verifiable Credentials
  • What’s on the Blockchain?
  • The Sovrin Foundation

3 of 18

What’s the Identity Problem?

Trust�

  • Who is it that we are talking to online?�
  • Can we trust what they tell us?�

It’s a hard problem...

4 of 18

Existing Solutions

  • Identifiers - substitutes for “who we are”
    • Government ID
    • Email Address
    • User ID/Password
  • Attributes about us (e.g KYC)
    • In person “works”
    • On line - not so much…
    • Online transactions? Just:
      • Advertising
      • Shoes
  • Encryption
    • Great - but one sided

5 of 18

Ramifications

  • Password Proliferation
    • I have over 700 in my Password Manager
    • Identity Providers (IDPs) - “trusted” 3rd parties authenticate you, share your data
      • Facebook, Google, Banks
  • Correlation
    • Data about you (your data!!!) is collected and aggregated without your consent
      • Example: Exactis Data Breach - 400 data attributes of 340M identities - article
  • Identity Theft
    • Data breaches, Phishing attacks
  • Attributes
    • Susceptible to theft - see “data breaches” above
    • If online risk is too high - fall back to in-person proofs: paper
      • But...forged documents

6 of 18

Hyperledger Indy

  • Decentralized Identifiers
  • Blockchain
  • Agents and Wallets
  • Verifiable Credentials

7 of 18

Hyperledger Indy - Decentralized Identifiers

  • Identifiers created and distributed by “users”
    • DIDs - URI: did:sov:3ea8a0f8ec98302
    • DID Method - mechanism for “resolving” a DID - Hyperledger Indy is one of a about a dozen
  • DID Document - associated data
    • Public keys and service endpoint
      • Key pairs - cryptography - Proof of Ownership, Signatures, Encryption
  • Exchanged between identities (even consumer and business)
    • Each has a DID for one another - peers
    • Each identity has a different DID for each relationship
      • Not correlatable!!
  • Enables end-to-end encrypted messaging
    • Without an email address!

8 of 18

Hyperledger Indy - Blockchain

  • “Decentralized” - anchored in blockchain
  • (Some) DIDs are published on the Blockchain
  • “DKMS” - Decentralized Key Management System
    • Decentralized version of centralized PKI - Public Key Infrastructure
    • Methods for distributing public keys in a safe manner?��
  • indy-node” is the public ledger part of Hyperledger Indy

9 of 18

Public Permissioned Blockchain

Validation

Access

Permissionless

Permissioned

Public

Bitcoin�Etherium

Indy�Sawtooth

Private

Fabric�Sawtooth�Iroha�Burrow

10 of 18

Hyperledger Indy - Agents and Wallets

  • Managing DIDs (+ other data) requires software - Agents
    • Cryptography - create/manage keypairs (+ other data)
    • Wallets - secure storage for keys (+ other data)
    • Secure messaging with other Agents
    • Built on top of the “indy-sdk

11 of 18

Hyperledger Indy - Verifiable Credentials

  • Key technology enabled by DIDs - Verifiable Credentials
    • W3C Standards-track - “Verifiable Claims” Working Group
  • Data about you, issued to you, that you can present (prove) to others

12 of 18

What is “Proven”?

  • Enabled By: Powerful Magic Cryptography!�
  • Who issued the claims (the Issuer DIDs)
    • Without asking the Issuer
  • The claims were issued to you (via proof of ownership of private key)
  • The claims have not been tampered with (signature)
  • The Credentials have not been revoked (in a non-correlatable) way)�
  • Exercise for the Verifier
    • Who is the Issuer, and do I trust them?

13 of 18

Special Indy Magic - Proofs

  • Selective Disclosure
    • Don’t present the whole Credential - just what’s needed
  • Zero Knowledge Proofs
    • Prove information about a claim, without revealing the data
      • Based on Date of Birth, proof older than 21
      • Proof you have an SSN from US Government (not what it is)

14 of 18

Ramifications of Verifiable Credentials

  • You hold your data and share it as necessary via Proofs
    • Data needn’t/shouldn’t be held by Enterprises
  • Secure - harder to forge than paper credentials
  • Data not issued becomes useless - e.g. Government ID
    • “Enter your SSN:” vs. “Prove you have an SSN issued by the US Government”
  • Enables trusted online transactions
    • Licenses, Permits and Credentials provable online
    • KYC documents can be issued and verified online
  • Higher quality data - no need to retype data over and over

15 of 18

What’s on the Blockchain?

  • DIDs - for Verifiable Credentials - the DID of the Issuer
    • Could be others - Public DIDs�
  • Schema - the layout of a Verifiable Credential
  • Revocation Registry - a way to revoke Credentials - using a ZKP (cool!)
  • Credential Definition
    • Object linking Issuer DID, Schema and Revocation Registry, plus Public Keys for Claims
    • The basis for issuing Verifiable Credentials�

No Private Data!

16 of 18

What’s not on the Blockchain

  • “Pairwise” DIDs - DIDs exchanged between parties for private messaging
  • Credentials - or any private, personal data
    • NONE!!!
    • Not even transaction or consent receipts
    • Nothing
    • Nada

17 of 18

Sovrin Foundation - sovrin.org

  • Global deployment of Hyperledger Indy
  • BLT:
    • Business - Sovrin Foundation Trust Framework
    • Legal - Sovrin Agreements
    • Technical - Hyperledger Indy
  • Node operators are “Stewards” - members of the Sovrin Foundation
    • Currently about 40 worldwide

18 of 18