NXTER.ORG

Self-Sovereign Identity on Ardor

by on 

Aaaand the winner of the Ardor Community Hackathon is…

“bba DID Method”

“Say WHAT?” you say, and that’s what I did too. So, before I congratulate “Atzen”, the winner of the Ardor hackathon, and ask him what he will do with all that great MONEY he won, let’s try understanding the WHY, HOW, and the WHAT of this project;

Atzen’s winning entry is a “DID method based on the Ardor blockchain”. DID stands for Decentralized IDentifiers, which are globally unique identifiers that can be created and managed by the user itself, e.g. no 3rd party controls them. The DID connects to DID documents, which can contain personal public information and service endpoints for further authentication and interaction. DID’s and DID documents are part of the Self-Sovereign Identity (SSI) project, a very concrete vision and concept for managing personal data in a decentralized way.

Self-Sovereign Identity

Self-Sovereign Identity. Taste it. Designed to secure your private data and trusts cryptography over the 3rd parties that might (and do) sell your personal information to others. It aims to stop central entities from taking control over YOUR private I, your online and offline Identity. You keep it close. Over borders. You. Not your government.

Is DID unique for Ardor? No. Only the bba DID method is. Other DID methods exist for other blockchains, which means SSI is far more decentralized than any one single blockchain or blockchain platform can be (or is willing to be) at the moment. That’s the beauty of this beast.

So now, over to Atzen:

An Interview

Hey Arthur,
finally finished my thesis and had time to answer your questions :slightly_smiling_face:

Why this submission?

Three reasons:
1. To enable Ardor to participate in the SSI ecosystem, as I believe that SSI is a very interesting use case for DLT where blockchain implementations can coexist and collaborate rather than compete with each other.
2. For my master’s thesis 😉
3. To learn more about DIDs

How can it help people?

bba adds just one additional option to register and manage DIDs and therefore increases decentralization within the SSI ecosystem (which is a good thing as we all know 😉 ).

SSI is a new identity management approach. It provides a user the possibility to self-sovereignly create, use and manage one’s digital identities without being forced to rely on a third party identity provider like Facebook or Google.

As Christopher Allen stated: it creates user autonomy. A really good description of the bigger picture of SSI can be found within the medium article from Alex Preukschat.

What is your product?

The bba DID method is a way to create and manage DIDs on the Ardor blockchain.

This allows Ardor to participate in the SSI ecosystem as a verifiable data register. Any system that supports the recording of DIDs is called a verifiable data register. Since there was no DID method based on Ardor before, Ardor is strengthening the decentralization of the SSI ecosystem by adding an additional possible infrastructure for DID recording.

What’s next for you?

I now work for a company called CHAINSTEP, which focuses on blockchain technology. SSI is a part of it, and we are currently in a consortium competing for government funding for an SSI solution in Hamburg. It is called STEREO (german).

Maybe there is a chance for bba to get used in this project if we can get the funding.

And for our colored magazine readers: how will you spend the MONEY you just won? 😉
Need a new phone and some vacation :sweat_smile:.

I also would like to have my eyes lasered to get rid of my glasses!

If you have any questions or need some more information, don’t hesitate to ask.
Thank you very much for creating a post about the bba method. Social media is not my favourite task 😉

Cheers,
Attila

Thanks for the words Atzen, a.k.a. Attila Aldemir.

The Ardor bba DID method is listed in the official DID Method Registry.

Demonstration site to play around with: https://wubco.blobaa.dev
Source code: https://github.com/blobaa/bba-did-method-specification

More about SSI, DDI and VCs

Atzen writes:

“The SSI (Self-Sovereign Identity) model is a new identity model currently in development and specification. It is an approach to give control of private data and accounts back to the user instead of relying on trusted third parties like Facebook or Google. It was first described in this article.  The current evolution of the SSI architecture is reflected in the following picture and can be found in the Trust over IP whitepaper.”

It is a dual Stack architecture and separates human trust (similar to the oracle problem, how can I trust the data you entered into a blockchain?) from technical trust (trust in the mathematics and implementations of cryptography).

Let’s only focus on the technical part. In its core SSI depends on two technologies. DIDs (Decentralized IDentifiers) and VCs (Verifiable Credentials).

Decentralized Identifiers

DIDs are identifiers like URLs for websites with the difference that they are persistent and self-controlled. That means that a DID is globally unique (same as a URL) but can be created completely self-sovereign.

You do not register a DID like a URL at some registrar, you just create it and control it. If you’re in possession of the private key that controls the DID, no one can take the DID away from you or modify the associated DID Document. You can have as many DIDs as you want. No one can hinder you from creating new DIDs or modifying your existing ones.

Until now, our Internet identities have all been rooted on accounts. Account-based identity means there is always an intermediary in all our digital relationships. By moving to cryptographically-verifiable digital credentials, we can finally start proving our identity, attributes, or relationships without intermediaries.

From: https://trustoverip.org

A DID is resolvable to a DID Document (similar to a URL which resolves to a website). The DID Document contains public information like public keys and service endpoints for further authentication and interaction. Since the requirement of a DID is to be self-controlled, persistent and decentralized, blockchains as infrastructure for those DIDs are a perfect match. In general, storing public keys in a blockchain has many benefits as explained here and is called a Decentralized Public Key Infrastructure (DPKI).

Since many blockchains are capable to function as DID infrastructures, a specification is needed to abstract a concrete DID implementation from its usage. This provides a unified interface for DID usage (create, resolve, update, deactivate (the CRUD operations)) and makes them interoperable.

The specification for the DID CRUD operations is called a DID method. I created the bba DID method which is based on the Ardor blockchain and therefore lets Ardor be part of the SSI Stack as one of the infrastructures for DIDs.

A list of all officially reviewed and implemented DID methods can be found here.

Verifiable Credentials

Based on DIDs, an identity can then be composed with the help of VCs. VCs can contain any Personally Identifiable Information (PII) like age, birthdate and name and always include the DID of the issuing entity and the entity that the VC belongs to (the VC holder).

VCs are not stored on a blockchain. Think of it as your physical wallet transferred to the digital world. It contains your (you as the VC holder) identity card (the VC) stating that your name is Joe Smith and you are older than 21 (PII inside your VC) and is issued by your government (the VC issuer). If you now want to buy alcohol, you authorize yourself by presenting the VC to the online shop (the VC verifier) and the online shop is capable of cryptographically prove the VC and allows you to proceed the checkout. This is of course just a simplified version but should give you an understanding of the trust triangle shown below.

There is a lot more involved in the SSI Stack, but in its core it is about the orchestration of DIDs and VCs. 

Maybe these two webinars are helpful.

The first is about SSI in general

and the second about the Trust over IP stack

Governments and companies are sharing an unprecedented amount of information, cross-correlating everything from viewing habits to purchases, to where people are located during the day, to where they sleep at night, and with whom they associate. (…) As the digital world becomes increasingly important to the physical world, it also presents a new opportunity; it offers the possibility of redefining modern concepts of identity. It might allow us to place identity back under our control — once more reuniting identity with the ineffable “I”.

Christopher Allen, from “The Path to Self-Sovereign Identity”, March 2016

So, now we understand (a little bit more about) Atzen’s bba DID method and how it uses the Ardor blockchain as a decentralized public-key infrastructure (DPKI) within the Trust over IP Stack for Self-Sovereign Identity (SSI) to create and manage Decentralized Identifiers (DIDs). Brilliant.

The judges of the Ardor Community Hackathon awarded the bba DID method a #1 winning submission. Congratulations.