SlideShare une entreprise Scribd logo

Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger – Daniel Hardman

SSIMeetup
SSIMeetup

https://ssimeetup.org/peer-dids-secure-scalable-method-dids-off-ledger-daniel-hardman-webinar-42/ Daniel Hardman, Chief Architect, Evernym / Secretary, Technical Governance Board – Sovrin Foundation will show how Peer DIDs will allow off-chain transactions for the self-sovereign identity (SSI) world. Most documentation about decentralized identifiers (DIDs) describes them as identifiers that are rooted in a public source of truth like a blockchain, a database, a distributed filesystem, or similar. This publicness lets arbitrary parties resolve the DIDs to an endpoint and keys. It is an important feature for many use cases. However, the vast majority of relationships between people, organizations, and things have simpler requirements. When Alice(Corp|Device) and Bob want to interact, there are exactly and only 2 parties in the world who should care: Alice and Bob. Instead of arbitrary parties needing to resolve their DIDs, only Alice and Bob do. Peer DIDs are perfect in these cases. In many ways, peer DIDs are to public, blockchain-based DIDs what Ethereum Plasma or state channels are to on-chain smart contracts— or what Bitcoin’s Lightning Network is to on-chain cryptopayments. They move interactions off-chain, but offer options to connect back to a chain-based ecosystem as needed. Peer DIDs create the conditions for people, organizations, and things to have full control of their end of the digital relationships they sustain.

Internet
1  sur  30
Télécharger pour lire hors ligne
Peer DIDs a secure and scalable method for DIDs that's entirely off-ledger Daniel Hardman, November 2019 ssimeetup.org · CC BY-SA 4.0 International
1. Empower global SSI communities 2. Open to everyone interested in SSI 3. All content is shared with CC BY SA SSIMeetup.org Alex Preukschat @SSIMeetup @AlexPreukschat Coordinating Node SSIMeetup.org https://creativecommons.org/licenses/by-sa/4.0/ SSIMeetup objectives
Most DID methods Acme public DID: A.did@Any pairwise DID: A.did@A:B Bob pairwise DID: B.did@B:A shared source of truth (e.g., blockchain) register, update register, update resolve A.did@Any, A.did@A:B resolve B.did@B:A resolve *.did@* Everybody in the world can resolve the pairwise DIDs that only Acme and Bob care about (A.did@A:B and B.did@B:A). Scale, cost, security, privacy, performance, regulation issues. SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
Peer DIDs Acme pairwise DID: A.did@A:B Bob pairwise DID: B.did@A:B B.diddoc@A:B (from Bob) A.diddoc@A:B (from Acme) resolve A.did@A:B register, update resolve B.did@B:A register, update SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
Why? Scale 99% of DIDs off ledger Cost No transaction fees, no operating expense, no electrical bill Security No ledger or node to hack, no common pipes to monitor Privacy Only Acme and Bob know what only Acme and Bob care about Performance Throughput automatically, perfectly matches number of parties Regulation No ledger or node operator as GDPR data controller SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
How to create a peer DID Make a DID Doc with whatever keys you like, but omit the actual DID value from the doc. This is called the stored variant of the doc. Compute sha256 hash of stored variant. This is called the numeric basis. Encode the numeric basis and append the encoded data to the prefix, did:peer: SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
Minimal doc { "publicKeys": [ { "crv": "P-256", "kty": "EC", "x": "Gv6c_u05ogFn4HpZHxBS94CdGL8gIv0W307OHjpTSqM ", "y": "Qjg7xEIAAfKvSaV2bZ8LP14fcD33YTkDTIwZ7KKXLMg ", "kid": "1" } ] "authorization": { "profiles": [ {"key": "#1", "roles": ["solo"]} ], "rules": [ { "grant": ["register", "authcrypt", "se_admin", "plaintext", "oblige"], "when": { "roles": "solo" } } ] } } Define a key (JWK format) Map key to a privilege profile, “solo” Tell what the “solo” profile can do. This key lacks the privilege to administer keys or rules, so most evolution is impossible. Suitable for very simple, ephemeral interaction. SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
How to share a peer DID Option 1 (recommended): implement Aries RFC 0023 (DID Exchange Protocol) ● Defined conventions with multiple impls. ● Works with any transport: http(s), Bluetooth, NFC, email, message queue, QR codes, IPC, paper, files, sockets, third party introduction, sneakernet… ● Strong mutual auth done the same way for both parties. ● Security and privacy guarantees are excellent. ● Allows one side to use peer DID and other side to use something else. Option 2 (suboptimal): transmit DID + signed DID Doc over TLS session ● Easy as can be. But… ● No protocol defined (which API calls? which HTTP headers? who does what in which order?) -- proprietary. ● Not transport-agnostic. ● Security and privacy are suspect (SSL visibility appliances). SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
Layers of Support Coding Time to Implement DIDComm + 1 week (sync docs, validate changes) 2-6 hours (generate and store DID docs) 10 min (regex) SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
Status Spec now on revision 6 or 7; about 9 months old A few open issues Likely to change in one important way (key formats) soon, but not much else One ref impl of layers 1 and 2 in python (no dependencies); Aries Go Framework; pending impls in Rust in Aries/Indy SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
How to update a peer DID’s DID Doc (simplified) Generate a delta. This is a JSON fragment that tells what changed. Compute the sha256 hash of the delta. Attach the base64-ed deltas to sync_state DIDComm messages. Gossip these messages with other parties to spread knowledge of state in all directions. Apply new deltas. SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
Alice A.1 A.2 A.3 A.4 Bob B.3 B.4B.2 B.1 arrows point to an agent/key that might be reached and updated by the proactive agent/key on the other side decentralized, ad hoc (Messy but flexible. Handles edge-to-edge and semi-connected. Relaxed management.) SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
Alice A.1 A.2 A.3 A.4 Bob B.3 B.4B.2 B.1 arrows point to an agent/key that might be reached and updated by the proactive agent/key on the other side each side centralized (Clean, but requires cloud connectivity and can’t handle edge-to-edge.) SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
Alice A.1 Bob B.3 B.4B.2 B.1 arrows point to an agent/key that might be reached and updated by the proactive agent/key on the other side domain of 1 (Clean, but requires cloud connectivity and can’t handle edge-to-edge.) SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
Acme A.3 arrows point to an agent/key that might be reached and updated by the proactive agent/key on the other side hybrid (Some centralization, some decentralization) Bot Swarm SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
Authorization Need ability to setup protective policies to handle cases like “My phone was stolen; how do I keep the thief from taking over my DID?” “authorization”: { "profiles": [ {"key": "#Mv6gmMNa", "roles", ["edge"]}, {"key": "#Np4fAwXs", "roles", ["edge"]}, {"key": "#H3C2AVvL", "roles", ["offline"]} ], “rules”: [ {“grant”: ["authcrypt"], "when": {"roles": "edge"}, "id": "98c2c9cc"}, {“grant”: ["key-admin”], "when": { “any”: [ {“roles”: “edge”, “n”: 2}, {“all”: [{“roles”: “edge”}, {“role”: “offline”}]} ], "id": "47b3a6af"}, ] } the key for the stolen phone the protective rule let a key in this DID doc add or remove keys only if... any (either) of these conditions holds: two edge keys agree, OR an edge key AND an offline key agree SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
Privilege Model register: can use DID to create Alice:peer connection (only in genesis state) route: can handle forward messages intended for Alice (internal mediator) authcrypt: can speak on encrypted channels on Alice’s behalf plaintext: can see data intended only for Alice oblige: can incur contractual obligations for Alice (e.g., terms of service, consent) key_admin: can remove keys or add them, plus assign them profiles se_admin: can remove or add service endpoints rule_admin: can remove or add rules (map profiles to privileges) These privileges resemble but are not identical to the use field in JWK. The use field is less granular (only sig and enc are defined), and its scope is one key. The scope of a privilege in peer DIDs may be multiple keys acting as a unit. SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
Registration (sharing DID with peer) Exactly 1 key must have the register privilege in the genesis version of the peer DID doc, and this key must be the one to share the DID with the peer. Signing a DID doc is not enough to register it properly; what gets authcrypted or signed by the key with the register privilege must include enough context to bind the relationship (e.g., the other peer’s DID or a nonce from the other party’s connection_request). Peer DIDs can’t be registered after genesis state unless existing peers consent (upgrade to n-wise). This means an evolved peer DID can’t be registered elsewhere. SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
CRDTs Most items in the DID doc have an id property. All changes are modeled as a combination of adds and deletes--there are no modifies. This guarantees idempotence and eliminates most ordering problems, since a given id never has more than one version of itself. SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
Consensus (coordination), centralization, or forks: pick 1 Consensus what algorithm tolerates participants with different duties, different connectivity, different motivery different connectivity, participants with radically different sophistication, Are forks really that bad? SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
Consensus (coordination), centralization, or forks: pick 1 Consensus What algorithm tolerates participants with different duties, different connectivity, different motives? Centralization Great for any party that picks it, but Alice can’t require Bob to centralize for her own convenience. Forks Yuck. But wait… are they really that bad? SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
Forked Reality A-land B-topia B.1 B.2 A.2 A.1 A.3 SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
Mental Model SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International ● Keys and authorization rules enforce privileges. ● The sync protocol makes data flow. ● These are NOT the same thing.
Pending Deltas Suppose Agent 1 gossips a change to Agent 2, the change requires 2 signatures, but only 1 is affixed. Agent 2 can: ● Authorize it by attaching a signature and re-gossiping the doubly authorized delta (if it deems the change desirable) ● Hold the delta in pending status, if it can’t authorize (hasn’t taken effect yet, but we know it’s been proposed) Pending status means the CRDT/replication/gossip logic never applies a change unless/until it is legitimate. Once a change is legitimate, there no denying it happened, and all agents who see it must accept it. Thus, no merge conflicts, and remaining ordering constraints vanish. Contradictory forks can still happen, but they represent historic divergences in how knowledge propagated; once both are seen, both are applied, even if they cancel. SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
The ~state decorator Included with all DIDComm messages to check synchronization. Triggers gossip if any discrepancy detected. SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
Why No Merge Conflicts ● Idempotent ● Every item has a unique id that never repeats ● All operations are adds and deletes, never modifies (1 version of each item) ● Pending status ● Forks accurately represent divergent knowledge; reconciling just means accepting both SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
More Info http://j.mp/peer-dids-group https://openssi.github.io/peer-did-method-spec github issues at https://github.com/openssi/peer-did-method-spec https://github.com/evernym/pypeerdid (ref impl of layers 1 and 2) SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
Peer DIDs a secure and scalable method for DIDs that's entirely off-ledger Daniel Hardman, November 2019 ssimeetup.org · CC BY-SA 4.0 International
Peer DIDs http://j.mp/2pmxrDc (see also http://j.mp/peer-did-layer2) Nov 2019 SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International

Recommandé

OpenID for SSI
OpenID for SSIOpenID for SSI
OpenID for SSI
Torsten Lodderstedt
 
What are Decentralized Identifiers (DIDs)?
What are Decentralized Identifiers (DIDs)?What are Decentralized Identifiers (DIDs)?
What are Decentralized Identifiers (DIDs)?
Evernym
 
PolygonID Zero-Knowledge Identity Web2 & Web3
PolygonID Zero-Knowledge Identity Web2 & Web3PolygonID Zero-Knowledge Identity Web2 & Web3
PolygonID Zero-Knowledge Identity Web2 & Web3
SSIMeetup
 
Decentralized Identifier (DIDs) fundamentals deep dive
Decentralized Identifier (DIDs) fundamentals deep diveDecentralized Identifier (DIDs) fundamentals deep dive
Decentralized Identifier (DIDs) fundamentals deep dive
SSIMeetup
 
Self Sovereign Identity (SSI) Open standards with Drummond Reed
Self Sovereign Identity (SSI) Open standards with Drummond Reed Self Sovereign Identity (SSI) Open standards with Drummond Reed
Self Sovereign Identity (SSI) Open standards with Drummond Reed
SSIMeetup
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable Credentials
Torsten Lodderstedt
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable Credentials
Torsten Lodderstedt
 
Hyperledger Fabric Architecture
Hyperledger Fabric ArchitectureHyperledger Fabric Architecture
Hyperledger Fabric Architecture
상문 오
 

Recommandé

OpenID for SSI
OpenID for SSIOpenID for SSI
OpenID for SSI
Torsten Lodderstedt
 
What are Decentralized Identifiers (DIDs)?
What are Decentralized Identifiers (DIDs)?What are Decentralized Identifiers (DIDs)?
What are Decentralized Identifiers (DIDs)?
Evernym
 
PolygonID Zero-Knowledge Identity Web2 & Web3
PolygonID Zero-Knowledge Identity Web2 & Web3PolygonID Zero-Knowledge Identity Web2 & Web3
PolygonID Zero-Knowledge Identity Web2 & Web3
SSIMeetup
 
Decentralized Identifier (DIDs) fundamentals deep dive
Decentralized Identifier (DIDs) fundamentals deep diveDecentralized Identifier (DIDs) fundamentals deep dive
Decentralized Identifier (DIDs) fundamentals deep dive
SSIMeetup
 
Self Sovereign Identity (SSI) Open standards with Drummond Reed
Self Sovereign Identity (SSI) Open standards with Drummond Reed Self Sovereign Identity (SSI) Open standards with Drummond Reed
Self Sovereign Identity (SSI) Open standards with Drummond Reed
SSIMeetup
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable Credentials
Torsten Lodderstedt
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable Credentials
Torsten Lodderstedt
 
Hyperledger Fabric Architecture
Hyperledger Fabric ArchitectureHyperledger Fabric Architecture
Hyperledger Fabric Architecture
상문 오
 
Introduction to Self Sovereign Identity - IIW October 2019
Introduction to Self Sovereign Identity - IIW October 2019Introduction to Self Sovereign Identity - IIW October 2019
Introduction to Self Sovereign Identity - IIW October 2019
Heather Vescent
 
OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)
Torsten Lodderstedt
 
OpenID Connect 4 SSI
OpenID Connect 4 SSIOpenID Connect 4 SSI
OpenID Connect 4 SSI
Torsten Lodderstedt
 
Introduction to Self Sovereign Identity
Introduction to Self Sovereign IdentityIntroduction to Self Sovereign Identity
Introduction to Self Sovereign Identity
Heather Vescent
 
Hyperledger Aries: Open Source Interoperable Identity Solution – Nathan George
Hyperledger Aries: Open Source Interoperable Identity Solution – Nathan GeorgeHyperledger Aries: Open Source Interoperable Identity Solution – Nathan George
Hyperledger Aries: Open Source Interoperable Identity Solution – Nathan George
SSIMeetup
 
The Shift from Federated to Decentralized Identity
The Shift from Federated to Decentralized IdentityThe Shift from Federated to Decentralized Identity
The Shift from Federated to Decentralized Identity
Evernym
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
Torsten Lodderstedt
 
Overview of Decentralized Identity
Overview of Decentralized IdentityOverview of Decentralized Identity
Overview of Decentralized Identity
Jim Flynn
 
Digital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For BanksDigital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For Banks
Evernym
 
FIWARE Training: API Umbrella
FIWARE Training: API UmbrellaFIWARE Training: API Umbrella
FIWARE Training: API Umbrella
FIWARE
 
Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)
Evernym
 
OpenID Connect Federation
OpenID Connect FederationOpenID Connect Federation
OpenID Connect Federation
Andreas Åkre Solberg
 
FIWARE Global Summit - NGSI-LD - NGSI with Linked Data
FIWARE Global Summit - NGSI-LD - NGSI with Linked DataFIWARE Global Summit - NGSI-LD - NGSI with Linked Data
FIWARE Global Summit - NGSI-LD - NGSI with Linked Data
FIWARE
 
Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs
Vasiliy Suvorov
 
OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)
Torsten Lodderstedt
 
OpenID for Verifiable Credentials @ IIW 36
OpenID for Verifiable Credentials @ IIW 36OpenID for Verifiable Credentials @ IIW 36
OpenID for Verifiable Credentials @ IIW 36
Torsten Lodderstedt
 
Decentralized Key Management (DKMS): An Essential Missing Piece of the SSI Pu...
Decentralized Key Management (DKMS): An Essential Missing Piece of the SSI Pu...Decentralized Key Management (DKMS): An Essential Missing Piece of the SSI Pu...
Decentralized Key Management (DKMS): An Essential Missing Piece of the SSI Pu...
SSIMeetup
 
Self-Sovereign Identity: Ideology and Architecture with Christopher Allen
Self-Sovereign Identity: Ideology and Architecture with Christopher AllenSelf-Sovereign Identity: Ideology and Architecture with Christopher Allen
Self-Sovereign Identity: Ideology and Architecture with Christopher Allen
SSIMeetup
 
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
SSIMeetup
 
OIDC4VP for AB/C WG
OIDC4VP for AB/C WGOIDC4VP for AB/C WG
OIDC4VP for AB/C WG
Torsten Lodderstedt
 
Identity and the quest for Self-Sovereign Identity - Daniel Hardman
Identity and the quest for Self-Sovereign Identity - Daniel HardmanIdentity and the quest for Self-Sovereign Identity - Daniel Hardman
Identity and the quest for Self-Sovereign Identity - Daniel Hardman
SSIMeetup
 
Introduction to Ion – a layer 2 network for Decentralized Identifiers with Bi...
Introduction to Ion – a layer 2 network for Decentralized Identifiers with Bi...Introduction to Ion – a layer 2 network for Decentralized Identifiers with Bi...
Introduction to Ion – a layer 2 network for Decentralized Identifiers with Bi...
SSIMeetup
 

Contenu connexe

Tendances

Hyperledger Aries: Open Source Interoperable Identity Solution – Nathan George
Hyperledger Aries: Open Source Interoperable Identity Solution – Nathan GeorgeHyperledger Aries: Open Source Interoperable Identity Solution – Nathan George
Hyperledger Aries: Open Source Interoperable Identity Solution – Nathan George
SSIMeetup
 
The Shift from Federated to Decentralized Identity
The Shift from Federated to Decentralized IdentityThe Shift from Federated to Decentralized Identity
The Shift from Federated to Decentralized Identity
Evernym
 
FIWARE Training: API Umbrella
FIWARE Training: API UmbrellaFIWARE Training: API Umbrella
FIWARE Training: API Umbrella
FIWARE
 
Decentralized Key Management (DKMS): An Essential Missing Piece of the SSI Pu...
Decentralized Key Management (DKMS): An Essential Missing Piece of the SSI Pu...Decentralized Key Management (DKMS): An Essential Missing Piece of the SSI Pu...
Decentralized Key Management (DKMS): An Essential Missing Piece of the SSI Pu...
SSIMeetup
 
Self-Sovereign Identity: Ideology and Architecture with Christopher Allen
Self-Sovereign Identity: Ideology and Architecture with Christopher AllenSelf-Sovereign Identity: Ideology and Architecture with Christopher Allen
Self-Sovereign Identity: Ideology and Architecture with Christopher Allen
SSIMeetup
 

Tendances (20)

Introduction to Self Sovereign Identity - IIW October 2019
Introduction to Self Sovereign Identity - IIW October 2019Introduction to Self Sovereign Identity - IIW October 2019
Introduction to Self Sovereign Identity - IIW October 2019
 
OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)
 
OpenID Connect 4 SSI
OpenID Connect 4 SSIOpenID Connect 4 SSI
OpenID Connect 4 SSI
 
Introduction to Self Sovereign Identity
Introduction to Self Sovereign IdentityIntroduction to Self Sovereign Identity
Introduction to Self Sovereign Identity
 
Hyperledger Aries: Open Source Interoperable Identity Solution – Nathan George
Hyperledger Aries: Open Source Interoperable Identity Solution – Nathan GeorgeHyperledger Aries: Open Source Interoperable Identity Solution – Nathan George
Hyperledger Aries: Open Source Interoperable Identity Solution – Nathan George
 
The Shift from Federated to Decentralized Identity
The Shift from Federated to Decentralized IdentityThe Shift from Federated to Decentralized Identity
The Shift from Federated to Decentralized Identity
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
 
Overview of Decentralized Identity
Overview of Decentralized IdentityOverview of Decentralized Identity
Overview of Decentralized Identity
 
Digital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For BanksDigital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For Banks
 
FIWARE Training: API Umbrella
FIWARE Training: API UmbrellaFIWARE Training: API Umbrella
FIWARE Training: API Umbrella
 
Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)
 
OpenID Connect Federation
OpenID Connect FederationOpenID Connect Federation
OpenID Connect Federation
 
FIWARE Global Summit - NGSI-LD - NGSI with Linked Data
FIWARE Global Summit - NGSI-LD - NGSI with Linked DataFIWARE Global Summit - NGSI-LD - NGSI with Linked Data
FIWARE Global Summit - NGSI-LD - NGSI with Linked Data
 
Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs
 
OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)
 
OpenID for Verifiable Credentials @ IIW 36
OpenID for Verifiable Credentials @ IIW 36OpenID for Verifiable Credentials @ IIW 36
OpenID for Verifiable Credentials @ IIW 36
 
Decentralized Key Management (DKMS): An Essential Missing Piece of the SSI Pu...
Decentralized Key Management (DKMS): An Essential Missing Piece of the SSI Pu...Decentralized Key Management (DKMS): An Essential Missing Piece of the SSI Pu...
Decentralized Key Management (DKMS): An Essential Missing Piece of the SSI Pu...
 
Self-Sovereign Identity: Ideology and Architecture with Christopher Allen
Self-Sovereign Identity: Ideology and Architecture with Christopher AllenSelf-Sovereign Identity: Ideology and Architecture with Christopher Allen
Self-Sovereign Identity: Ideology and Architecture with Christopher Allen
 
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
 
OIDC4VP for AB/C WG
OIDC4VP for AB/C WGOIDC4VP for AB/C WG
OIDC4VP for AB/C WG
 

Similaire à Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger – Daniel Hardman

Introduction to Ion – a layer 2 network for Decentralized Identifiers with Bi...
Introduction to Ion – a layer 2 network for Decentralized Identifiers with Bi...Introduction to Ion – a layer 2 network for Decentralized Identifiers with Bi...
Introduction to Ion – a layer 2 network for Decentralized Identifiers with Bi...
SSIMeetup
 
Git Ready! Workflows
Git Ready! WorkflowsGit Ready! Workflows
Git Ready! Workflows
Atlassian
 
Lilypad @ Labweek, Istanbul, 2023.pdf
Lilypad @ Labweek, Istanbul, 2023.pdfLilypad @ Labweek, Istanbul, 2023.pdf
Lilypad @ Labweek, Istanbul, 2023.pdf
Ally339821
 

Similaire à Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger – Daniel Hardman (20)

Identity and the quest for Self-Sovereign Identity - Daniel Hardman
Identity and the quest for Self-Sovereign Identity - Daniel HardmanIdentity and the quest for Self-Sovereign Identity - Daniel Hardman
Identity and the quest for Self-Sovereign Identity - Daniel Hardman
 
Introduction to Ion – a layer 2 network for Decentralized Identifiers with Bi...
Introduction to Ion – a layer 2 network for Decentralized Identifiers with Bi...Introduction to Ion – a layer 2 network for Decentralized Identifiers with Bi...
Introduction to Ion – a layer 2 network for Decentralized Identifiers with Bi...
 
Blockchin architecture azure meetup
Blockchin architecture azure meetupBlockchin architecture azure meetup
Blockchin architecture azure meetup
 
Hashgraph as Code
Hashgraph as CodeHashgraph as Code
Hashgraph as Code
 
Windows admin interview questions
Windows admin interview questionsWindows admin interview questions
Windows admin interview questions
 
Eris Industries - American Banker presentation deck.
Eris Industries - American Banker presentation deck. Eris Industries - American Banker presentation deck.
Eris Industries - American Banker presentation deck.
 
Eth-Defi-Ecosystem-v2022.pdf
Eth-Defi-Ecosystem-v2022.pdfEth-Defi-Ecosystem-v2022.pdf
Eth-Defi-Ecosystem-v2022.pdf
 
Extensible and Dynamic Topic Types for DDS
Extensible and Dynamic Topic Types for DDSExtensible and Dynamic Topic Types for DDS
Extensible and Dynamic Topic Types for DDS
 
How OpenShift SDN helps to automate
How OpenShift SDN helps to automateHow OpenShift SDN helps to automate
How OpenShift SDN helps to automate
 
Git Ready! Workflows
Git Ready! WorkflowsGit Ready! Workflows
Git Ready! Workflows
 
Lilypad @ Labweek, Istanbul, 2023.pdf
Lilypad @ Labweek, Istanbul, 2023.pdfLilypad @ Labweek, Istanbul, 2023.pdf
Lilypad @ Labweek, Istanbul, 2023.pdf
 
Let's talk about... Microservices
Let's talk about... MicroservicesLet's talk about... Microservices
Let's talk about... Microservices
 
PThreads Vs Win32 Threads
PThreads Vs Win32 ThreadsPThreads Vs Win32 Threads
PThreads Vs Win32 Threads
 
Introduction To NIDS
Introduction To NIDSIntroduction To NIDS
Introduction To NIDS
 
David Hedley's Tuesday Tech Talk OSI Model
David Hedley's Tuesday Tech Talk OSI ModelDavid Hedley's Tuesday Tech Talk OSI Model
David Hedley's Tuesday Tech Talk OSI Model
 
Internet Identity Workshop #29 highlights with Drummond Reed
Internet Identity Workshop #29 highlights with Drummond ReedInternet Identity Workshop #29 highlights with Drummond Reed
Internet Identity Workshop #29 highlights with Drummond Reed
 
Bsides Tampa Blue Team’s tool dump.
Bsides Tampa Blue Team’s tool dump.Bsides Tampa Blue Team’s tool dump.
Bsides Tampa Blue Team’s tool dump.
 
Technical Developments within the UK Access Management Federation
Technical Developments within the UK Access Management FederationTechnical Developments within the UK Access Management Federation
Technical Developments within the UK Access Management Federation
 
Highlights of Internet Identity Workshop #28 with Drummond Reed
Highlights of Internet Identity Workshop #28 with Drummond ReedHighlights of Internet Identity Workshop #28 with Drummond Reed
Highlights of Internet Identity Workshop #28 with Drummond Reed
 
APAC-05 XMPP AccessGrid presentation
APAC-05 XMPP AccessGrid presentationAPAC-05 XMPP AccessGrid presentation
APAC-05 XMPP AccessGrid presentation
 

Plus de SSIMeetup

Anonymous credentials with range proofs, verifiable encryption, ZKSNARKs, Cir...
Anonymous credentials with range proofs, verifiable encryption, ZKSNARKs, Cir...Anonymous credentials with range proofs, verifiable encryption, ZKSNARKs, Cir...
Anonymous credentials with range proofs, verifiable encryption, ZKSNARKs, Cir...
SSIMeetup
 
Value proposition of SSI tech providers - Self-Sovereign Identity
Value proposition of SSI tech providers - Self-Sovereign IdentityValue proposition of SSI tech providers - Self-Sovereign Identity
Value proposition of SSI tech providers - Self-Sovereign Identity
SSIMeetup
 
Portabl - The state of open banking, regulations, and the intersection of SSI...
Portabl - The state of open banking, regulations, and the intersection of SSI...Portabl - The state of open banking, regulations, and the intersection of SSI...
Portabl - The state of open banking, regulations, and the intersection of SSI...
SSIMeetup
 
PharmaLedger: A Digital Trust Ecosystem for Healthcare
PharmaLedger: A Digital Trust Ecosystem for HealthcarePharmaLedger: A Digital Trust Ecosystem for Healthcare
PharmaLedger: A Digital Trust Ecosystem for Healthcare
SSIMeetup
 
Building SSI Products: A Guide for Product Managers
Building SSI Products: A Guide for Product ManagersBuilding SSI Products: A Guide for Product Managers
Building SSI Products: A Guide for Product Managers
SSIMeetup
 
Solving compliance for crypto businesses using Decentralized Identity – Pelle...
Solving compliance for crypto businesses using Decentralized Identity – Pelle...Solving compliance for crypto businesses using Decentralized Identity – Pelle...
Solving compliance for crypto businesses using Decentralized Identity – Pelle...
SSIMeetup
 
The Pan-Canadian Trust Framework (PCTF) for SSI
The Pan-Canadian Trust Framework (PCTF) for SSIThe Pan-Canadian Trust Framework (PCTF) for SSI
The Pan-Canadian Trust Framework (PCTF) for SSI
SSIMeetup
 
Identity-centric interoperability with the Ceramic Protocol
Identity-centric interoperability with the Ceramic ProtocolIdentity-centric interoperability with the Ceramic Protocol
Identity-centric interoperability with the Ceramic Protocol
SSIMeetup
 
Introducing the SSI eIDAS Legal Report – Ignacio Alamillo
Introducing the SSI eIDAS Legal Report – Ignacio AlamilloIntroducing the SSI eIDAS Legal Report – Ignacio Alamillo
Introducing the SSI eIDAS Legal Report – Ignacio Alamillo
SSIMeetup
 
How to avoid another identity nightmare with SSI? Christopher Allen
How to avoid another identity nightmare with SSI? Christopher AllenHow to avoid another identity nightmare with SSI? Christopher Allen
How to avoid another identity nightmare with SSI? Christopher Allen
SSIMeetup
 
eIDAS regulation: anchoring trust in Self-Sovereign Identity systems
eIDAS regulation: anchoring trust in Self-Sovereign Identity systemseIDAS regulation: anchoring trust in Self-Sovereign Identity systems
eIDAS regulation: anchoring trust in Self-Sovereign Identity systems
SSIMeetup
 
Explaining SSI to C-suite executives, and anyone else for that matter
Explaining SSI to C-suite executives, and anyone else for that matterExplaining SSI to C-suite executives, and anyone else for that matter
Explaining SSI to C-suite executives, and anyone else for that matter
SSIMeetup
 
The 2nd Official W3C DID Working Group Meeting (The Netherlands)
The 2nd Official W3C DID Working Group Meeting (The Netherlands)The 2nd Official W3C DID Working Group Meeting (The Netherlands)
The 2nd Official W3C DID Working Group Meeting (The Netherlands)
SSIMeetup
 
The Hyperledger Indy Public Blockchain Node
The Hyperledger Indy Public Blockchain NodeThe Hyperledger Indy Public Blockchain Node
The Hyperledger Indy Public Blockchain Node
SSIMeetup
 

Plus de SSIMeetup (20)

ZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSIZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSI
 
Anonymous credentials with range proofs, verifiable encryption, ZKSNARKs, Cir...
Anonymous credentials with range proofs, verifiable encryption, ZKSNARKs, Cir...Anonymous credentials with range proofs, verifiable encryption, ZKSNARKs, Cir...
Anonymous credentials with range proofs, verifiable encryption, ZKSNARKs, Cir...
 
Value proposition of SSI tech providers - Self-Sovereign Identity
Value proposition of SSI tech providers - Self-Sovereign IdentityValue proposition of SSI tech providers - Self-Sovereign Identity
Value proposition of SSI tech providers - Self-Sovereign Identity
 
SSI Adoption: What will it take? Riley Hughes
SSI Adoption: What will it take? Riley HughesSSI Adoption: What will it take? Riley Hughes
SSI Adoption: What will it take? Riley Hughes
 
Web5 - Open to Build - Block-TBD
Web5 - Open to Build - Block-TBDWeb5 - Open to Build - Block-TBD
Web5 - Open to Build - Block-TBD
 
Portabl - The state of open banking, regulations, and the intersection of SSI...
Portabl - The state of open banking, regulations, and the intersection of SSI...Portabl - The state of open banking, regulations, and the intersection of SSI...
Portabl - The state of open banking, regulations, and the intersection of SSI...
 
PharmaLedger: A Digital Trust Ecosystem for Healthcare
PharmaLedger: A Digital Trust Ecosystem for HealthcarePharmaLedger: A Digital Trust Ecosystem for Healthcare
PharmaLedger: A Digital Trust Ecosystem for Healthcare
 
Cheqd: Making privacy-preserving digital credentials fun
Cheqd: Making privacy-preserving digital credentials funCheqd: Making privacy-preserving digital credentials fun
Cheqd: Making privacy-preserving digital credentials fun
 
Building SSI Products: A Guide for Product Managers
Building SSI Products: A Guide for Product ManagersBuilding SSI Products: A Guide for Product Managers
Building SSI Products: A Guide for Product Managers
 
Solving compliance for crypto businesses using Decentralized Identity – Pelle...
Solving compliance for crypto businesses using Decentralized Identity – Pelle...Solving compliance for crypto businesses using Decentralized Identity – Pelle...
Solving compliance for crypto businesses using Decentralized Identity – Pelle...
 
The Pan-Canadian Trust Framework (PCTF) for SSI
The Pan-Canadian Trust Framework (PCTF) for SSIThe Pan-Canadian Trust Framework (PCTF) for SSI
The Pan-Canadian Trust Framework (PCTF) for SSI
 
Identity-centric interoperability with the Ceramic Protocol
Identity-centric interoperability with the Ceramic ProtocolIdentity-centric interoperability with the Ceramic Protocol
Identity-centric interoperability with the Ceramic Protocol
 
The SSI Ecosystem in South Korea
The SSI Ecosystem in South KoreaThe SSI Ecosystem in South Korea
The SSI Ecosystem in South Korea
 
Introducing the SSI eIDAS Legal Report – Ignacio Alamillo
Introducing the SSI eIDAS Legal Report – Ignacio AlamilloIntroducing the SSI eIDAS Legal Report – Ignacio Alamillo
Introducing the SSI eIDAS Legal Report – Ignacio Alamillo
 
Learn about the Trust Over IP (ToIP) stack
Learn about the Trust Over IP (ToIP) stackLearn about the Trust Over IP (ToIP) stack
Learn about the Trust Over IP (ToIP) stack
 
How to avoid another identity nightmare with SSI? Christopher Allen
How to avoid another identity nightmare with SSI? Christopher AllenHow to avoid another identity nightmare with SSI? Christopher Allen
How to avoid another identity nightmare with SSI? Christopher Allen
 
eIDAS regulation: anchoring trust in Self-Sovereign Identity systems
eIDAS regulation: anchoring trust in Self-Sovereign Identity systemseIDAS regulation: anchoring trust in Self-Sovereign Identity systems
eIDAS regulation: anchoring trust in Self-Sovereign Identity systems
 
Explaining SSI to C-suite executives, and anyone else for that matter
Explaining SSI to C-suite executives, and anyone else for that matterExplaining SSI to C-suite executives, and anyone else for that matter
Explaining SSI to C-suite executives, and anyone else for that matter
 
The 2nd Official W3C DID Working Group Meeting (The Netherlands)
The 2nd Official W3C DID Working Group Meeting (The Netherlands)The 2nd Official W3C DID Working Group Meeting (The Netherlands)
The 2nd Official W3C DID Working Group Meeting (The Netherlands)
 
The Hyperledger Indy Public Blockchain Node
The Hyperledger Indy Public Blockchain NodeThe Hyperledger Indy Public Blockchain Node
The Hyperledger Indy Public Blockchain Node
 

Dernier

(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
Escorts Call Girls
 
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Delhi Call girls
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
gwenoracqe6
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
tanu pandey
 
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
nilamkumrai
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
Neha Pandey
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
tanu pandey
 
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
SUHANI PANDEY
 
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft DatingDubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
kojalkojal131
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
SUHANI PANDEY
 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls Dubai
Escorts Call Girls
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
SUHANI PANDEY
 
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
kojalkojal131
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Delhi Call girls
 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Escorts Call Girls
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
ruhi
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Chandigarh Call girls 9053900678 Call girls in Chandigarh
 

Dernier (20)

(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
 
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
 
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
 
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft DatingDubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls Dubai
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
 
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
 

Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger – Daniel Hardman

  • 1. Peer DIDs a secure and scalable method for DIDs that's entirely off-ledger Daniel Hardman, November 2019 ssimeetup.org · CC BY-SA 4.0 International
  • 2. 1. Empower global SSI communities 2. Open to everyone interested in SSI 3. All content is shared with CC BY SA SSIMeetup.org Alex Preukschat @SSIMeetup @AlexPreukschat Coordinating Node SSIMeetup.org https://creativecommons.org/licenses/by-sa/4.0/ SSIMeetup objectives
  • 3. Most DID methods Acme public DID: A.did@Any pairwise DID: A.did@A:B Bob pairwise DID: B.did@B:A shared source of truth (e.g., blockchain) register, update register, update resolve A.did@Any, A.did@A:B resolve B.did@B:A resolve *.did@* Everybody in the world can resolve the pairwise DIDs that only Acme and Bob care about (A.did@A:B and B.did@B:A). Scale, cost, security, privacy, performance, regulation issues. SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
  • 4. Peer DIDs Acme pairwise DID: A.did@A:B Bob pairwise DID: B.did@A:B B.diddoc@A:B (from Bob) A.diddoc@A:B (from Acme) resolve A.did@A:B register, update resolve B.did@B:A register, update SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
  • 5. Why? Scale 99% of DIDs off ledger Cost No transaction fees, no operating expense, no electrical bill Security No ledger or node to hack, no common pipes to monitor Privacy Only Acme and Bob know what only Acme and Bob care about Performance Throughput automatically, perfectly matches number of parties Regulation No ledger or node operator as GDPR data controller SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
  • 6. How to create a peer DID Make a DID Doc with whatever keys you like, but omit the actual DID value from the doc. This is called the stored variant of the doc. Compute sha256 hash of stored variant. This is called the numeric basis. Encode the numeric basis and append the encoded data to the prefix, did:peer: SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
  • 7. SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
  • 8. Minimal doc { "publicKeys": [ { "crv": "P-256", "kty": "EC", "x": "Gv6c_u05ogFn4HpZHxBS94CdGL8gIv0W307OHjpTSqM ", "y": "Qjg7xEIAAfKvSaV2bZ8LP14fcD33YTkDTIwZ7KKXLMg ", "kid": "1" } ] "authorization": { "profiles": [ {"key": "#1", "roles": ["solo"]} ], "rules": [ { "grant": ["register", "authcrypt", "se_admin", "plaintext", "oblige"], "when": { "roles": "solo" } } ] } } Define a key (JWK format) Map key to a privilege profile, “solo” Tell what the “solo” profile can do. This key lacks the privilege to administer keys or rules, so most evolution is impossible. Suitable for very simple, ephemeral interaction. SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
  • 9. How to share a peer DID Option 1 (recommended): implement Aries RFC 0023 (DID Exchange Protocol) ● Defined conventions with multiple impls. ● Works with any transport: http(s), Bluetooth, NFC, email, message queue, QR codes, IPC, paper, files, sockets, third party introduction, sneakernet… ● Strong mutual auth done the same way for both parties. ● Security and privacy guarantees are excellent. ● Allows one side to use peer DID and other side to use something else. Option 2 (suboptimal): transmit DID + signed DID Doc over TLS session ● Easy as can be. But… ● No protocol defined (which API calls? which HTTP headers? who does what in which order?) -- proprietary. ● Not transport-agnostic. ● Security and privacy are suspect (SSL visibility appliances). SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
  • 10. Layers of Support Coding Time to Implement DIDComm + 1 week (sync docs, validate changes) 2-6 hours (generate and store DID docs) 10 min (regex) SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
  • 11. Status Spec now on revision 6 or 7; about 9 months old A few open issues Likely to change in one important way (key formats) soon, but not much else One ref impl of layers 1 and 2 in python (no dependencies); Aries Go Framework; pending impls in Rust in Aries/Indy SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
  • 12. How to update a peer DID’s DID Doc (simplified) Generate a delta. This is a JSON fragment that tells what changed. Compute the sha256 hash of the delta. Attach the base64-ed deltas to sync_state DIDComm messages. Gossip these messages with other parties to spread knowledge of state in all directions. Apply new deltas. SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
  • 13. Alice A.1 A.2 A.3 A.4 Bob B.3 B.4B.2 B.1 arrows point to an agent/key that might be reached and updated by the proactive agent/key on the other side decentralized, ad hoc (Messy but flexible. Handles edge-to-edge and semi-connected. Relaxed management.) SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
  • 14. Alice A.1 A.2 A.3 A.4 Bob B.3 B.4B.2 B.1 arrows point to an agent/key that might be reached and updated by the proactive agent/key on the other side each side centralized (Clean, but requires cloud connectivity and can’t handle edge-to-edge.) SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
  • 15. Alice A.1 Bob B.3 B.4B.2 B.1 arrows point to an agent/key that might be reached and updated by the proactive agent/key on the other side domain of 1 (Clean, but requires cloud connectivity and can’t handle edge-to-edge.) SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
  • 16. Acme A.3 arrows point to an agent/key that might be reached and updated by the proactive agent/key on the other side hybrid (Some centralization, some decentralization) Bot Swarm SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
  • 17. Authorization Need ability to setup protective policies to handle cases like “My phone was stolen; how do I keep the thief from taking over my DID?” “authorization”: { "profiles": [ {"key": "#Mv6gmMNa", "roles", ["edge"]}, {"key": "#Np4fAwXs", "roles", ["edge"]}, {"key": "#H3C2AVvL", "roles", ["offline"]} ], “rules”: [ {“grant”: ["authcrypt"], "when": {"roles": "edge"}, "id": "98c2c9cc"}, {“grant”: ["key-admin”], "when": { “any”: [ {“roles”: “edge”, “n”: 2}, {“all”: [{“roles”: “edge”}, {“role”: “offline”}]} ], "id": "47b3a6af"}, ] } the key for the stolen phone the protective rule let a key in this DID doc add or remove keys only if... any (either) of these conditions holds: two edge keys agree, OR an edge key AND an offline key agree SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
  • 18. Privilege Model register: can use DID to create Alice:peer connection (only in genesis state) route: can handle forward messages intended for Alice (internal mediator) authcrypt: can speak on encrypted channels on Alice’s behalf plaintext: can see data intended only for Alice oblige: can incur contractual obligations for Alice (e.g., terms of service, consent) key_admin: can remove keys or add them, plus assign them profiles se_admin: can remove or add service endpoints rule_admin: can remove or add rules (map profiles to privileges) These privileges resemble but are not identical to the use field in JWK. The use field is less granular (only sig and enc are defined), and its scope is one key. The scope of a privilege in peer DIDs may be multiple keys acting as a unit. SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
  • 19. Registration (sharing DID with peer) Exactly 1 key must have the register privilege in the genesis version of the peer DID doc, and this key must be the one to share the DID with the peer. Signing a DID doc is not enough to register it properly; what gets authcrypted or signed by the key with the register privilege must include enough context to bind the relationship (e.g., the other peer’s DID or a nonce from the other party’s connection_request). Peer DIDs can’t be registered after genesis state unless existing peers consent (upgrade to n-wise). This means an evolved peer DID can’t be registered elsewhere. SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
  • 20. CRDTs Most items in the DID doc have an id property. All changes are modeled as a combination of adds and deletes--there are no modifies. This guarantees idempotence and eliminates most ordering problems, since a given id never has more than one version of itself. SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
  • 21. Consensus (coordination), centralization, or forks: pick 1 Consensus what algorithm tolerates participants with different duties, different connectivity, different motivery different connectivity, participants with radically different sophistication, Are forks really that bad? SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
  • 22. Consensus (coordination), centralization, or forks: pick 1 Consensus What algorithm tolerates participants with different duties, different connectivity, different motives? Centralization Great for any party that picks it, but Alice can’t require Bob to centralize for her own convenience. Forks Yuck. But wait… are they really that bad? SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
  • 24. Mental Model SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International ● Keys and authorization rules enforce privileges. ● The sync protocol makes data flow. ● These are NOT the same thing.
  • 25. Pending Deltas Suppose Agent 1 gossips a change to Agent 2, the change requires 2 signatures, but only 1 is affixed. Agent 2 can: ● Authorize it by attaching a signature and re-gossiping the doubly authorized delta (if it deems the change desirable) ● Hold the delta in pending status, if it can’t authorize (hasn’t taken effect yet, but we know it’s been proposed) Pending status means the CRDT/replication/gossip logic never applies a change unless/until it is legitimate. Once a change is legitimate, there no denying it happened, and all agents who see it must accept it. Thus, no merge conflicts, and remaining ordering constraints vanish. Contradictory forks can still happen, but they represent historic divergences in how knowledge propagated; once both are seen, both are applied, even if they cancel. SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
  • 26. The ~state decorator Included with all DIDComm messages to check synchronization. Triggers gossip if any discrepancy detected. SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
  • 27. Why No Merge Conflicts ● Idempotent ● Every item has a unique id that never repeats ● All operations are adds and deletes, never modifies (1 version of each item) ● Pending status ● Forks accurately represent divergent knowledge; reconciling just means accepting both SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
  • 28. More Info http://j.mp/peer-dids-group https://openssi.github.io/peer-did-method-spec github issues at https://github.com/openssi/peer-did-method-spec https://github.com/evernym/pypeerdid (ref impl of layers 1 and 2) SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International
  • 29. Peer DIDs a secure and scalable method for DIDs that's entirely off-ledger Daniel Hardman, November 2019 ssimeetup.org · CC BY-SA 4.0 International
  • 30. Peer DIDs http://j.mp/2pmxrDc (see also http://j.mp/peer-did-layer2) Nov 2019 SSIMeetup.orgssimeetup.org · CC BY-SA 4.0 International