The document discusses IBM's Trusted Identity solution for self-sovereign identity. It proposes establishing a decentralized identity network based on principles of user consent, privacy, and interoperability. This network would provide convenience and security for individuals, businesses, and governments by enabling trusted digital identity verification and management across domains. Technical components include decentralized identifiers (DIDs), verifiable credential schemas, and an open-source Sovrin identity framework using distributed ledger technology.

1. lBM Trusted Identity
Towards Self-Sovereign Identity

2. 2 5/21/18
Inclusive of principles from
• NIST's Trusted Identities Group
• A Blueprint for Digital Identity: The Role of Financial Institutions in Building
Digital Identity, World Economic Forum, 2016
• http://www.coindesk.com/path-self-sovereign-identity/
Key Elements of a Trusted Digital Identity Framework
• The user is the ultimate authority
over his/her identity (Self-Sovereign)
• Privacy-enhancing and voluntary
• Decentralized/Distributed Trust
• Trusted Identity for Individuals,
Enterprises and Things
• Open and flexible
• Interoperable and portable
• Viable and sustainable

3. 3 5/21/18
Trusted Digital Identity Network: Benefits
INDIVIDUALS BUSINESSES GOVERNMENTS
•Convenience and simplified
experience for identity
verification
•Full control and consent
over identity usage and monetization
•Reduced costs, and risk of data
breach/theft
•Efficient compliance
management and monitoring
•New revenue streams
•Rapid on-boarding
•Better personalized
customer services
•Distributed trust and increased
protection of identity data
•Reduced counterfeiting, alteration,
and theft
•Reduced risk and cost of identity
issuance and management
•Increased efficiency in compliance
control, monitoring, and quality

4. 4 5/21/18
Trusted Digital Identity Use Cases
The benefits of blockchain technology include almost everything from more secure
financial transactions, improved access to personal healthcare information, and
more efficient and effective government and private-sector services -
MIT Summit Commission For Enhancing National Security – July 2016
Know Your Customer
(KYC)
Government Identity for
citizens and services
Identity Verification Network
across Industries

5. IBM Trusted Identity Solutions | © Copyright IBM Corporation 2017 5
– The Technical Foundations of the Sovrin Architecture
“A globally shared ledger can enable true self-sovereign
identity, where every person, organization, or thing can have its
own truly independent digital identity that no other person,
company, or government can take away.”

6. Open Solution Architectures: Independent identity on
distributed ledgers
Hyperledger Indy is a distributed ledger purpose-built for decentralized
identity. It provides tools, libraries and reusable components for providing
independent digital identities rooted on blockchains or other distributed
ledgers so that they are interoperable across administrative domains,
applications, and any other “silo”.

7. Independent Identity
You

8. IBM Trusted Identity Solutions | © Copyright IBM Corporation 2017
• Sovrin Ledger
• The foundational component—a globally distributed
ledger of root identity records maintained by trusted
institutions around the world. Analogous to the internet
itself, the structure and operation of this layer is
operated as a non-profit global public utility governed
by the Sovrin Foundation.
• Sovrin Agents
• Network services that give Sovrin identity owners
(people and organizations) a permanent, privacy-
protecting way to perform identity and data
management transactions. Sovrin agents are not strictly
required by Sovrin architecture; they simply make a
Sovrin identity much easier and more productive to use.
• Sovrin Clients
• Apps used by Sovrin identity owners (typically on local
devices like smartphones and laptops) to communicate
with Sovrin agents and the Sovrin ledger to conduct
identity transactions of all types. From a security and
encryption standpoint, Sovrin clients are the “key” to
Sovrin key management.
Open Solution Architectures: Independent identity on distributed ledgers
8
•Hyperledger Indy provides tools, libraries, and reusable components for providing digital identities
rooted on distributed ledger technology (DLT) so that they are interoperable across administrative
domains, applications, and any other silos.
Evernym
Contributor of open source Sovrin Trust Framework
Sovrin Foundation
Non-profit organization managing Sovrin Trust Framework
Hyperledger Indy
Open source community project for Sovrin Trust Framework
Sovrin Trust Framework

9. IBM Trusted Identity Solutions | © Copyright IBM Corporation 2017
Open Solution Architectures: Sovrin Trust Framework
9
As with DNS, LDAP, and other large-scale identity systems, read requests are typically an order of
magnitude more numerous than write requests so pools of nodes have different roles.
System of Ledgers
• Identity ledger: Primary ledger that is the system of record for all identity records written by Sovrin identity owners.
• Pool ledger: System of record for what Sovrin nodes are permitted to serve as validator or observer nodes.
• Voting ledger: System of record for historical governance decisions (votes) among trustees within the public utility network.
• Config ledger: holds network-wide configuration data set by the Sovrin Foundation Technical Governance Board and approved by the Board of Trustees.
• Validator nodes
• Validate new Sovrin transactions. Every
“write” to the Sovrin ledger must be sent
to a validator node.
• Observer nodes
• Required as the network scales. From the
standpoint of Sovrin clients, an observer
node is simply a read-only copy of the
Sovrin ledger.

10. IBM Trusted Identity Solutions | © Copyright IBM Corporation 2017
• Stewards
• Ensure that the network runs effectively, security and reliably.
• Granted Trust Anchor status
• Can be any organization that serves in a position of public trust, such as:
• Financial institutions
• Healthcare providers
• Universities
• NGOs
• Government agencies
• Utilities and telecom providers
• Sovrin infrastructure or service providers
• Trust Anchor
• A specialized person or organization that is known to the Sovrin Foundation as an authoritative
entity for which trust is assumed and not derived. These entities are able to help bootstrap
others into the ecosystem (i.e: Government DMV or Vital Records).
• Citizen Agents
• Provide discovery of people, places and things
• Enable connections that improve your status in the reputation economy.
• Provide management of the identity owner’s off-ledger “container” of Sovrin identity data.
• Citizen “Wallets”
• Device Application UX
• ID and agent provisioning
• Key management
• Management of decentralized secure data storage synchronized across the owner’s clients.
Open Solution Architectures: Sovrin Trust Foundation
10
Stewards, Agents and Clients.

11. sovrin
I’m a
doctor
You’re now
a doctor.
University
Verifiable claims

12. sovrin
University
X
Blind verification

13. sovrin
University
Scales to any number of consumers

14. sovrin
Scales to any number of issuers

15. sovrin
I have a
job.
You work
for us.
Bank
Scales to any number of claims

16. sovrin
Gov’t
University
Handles complex claims

17. sovrin
Gov’t
Insurance Companies
Supports selective disclosure

18. Sovrin Claims
Real-time claims verification
– without direct connections to issuers
Revocable (anonymously)
▪ Multi-Issuer
– credit score + mortgage balance + income
▪ Predicates
– over 18: false vs. birthdate: 16 Jan 2001
Privacy-respecting
– Anonymous, Anti-correlation, Selective disclosure

19. What is written to the Ledger?
• Only uncorrelated data → Never PII
– When public ledgers are broken, they are broken forever
Types of data:
• Decentralized IDs
• Public keys
• Service Endpoints
• Accumulators and Anchoring Hashes

20. Sovrin Token
•Every exchange of verifiable claims reduces risk for the verifier
and reduces friction for the owner
•This reduction has value
•Sovrin Token provides a way to monetize this value by
supporting a flow either from verifiers to issuers—or indirectly
from verifiers to owners to issuers.
For example, your mobile carrier could help you prove
your location at any point in time—and be paid for it

21. Fully open architecture
Open Standards (under development)
W3C Decentralized ID
W3C Verifiable Claims
https://www.w3.org/TR/verifiable-claims-data-model/
Decentralized Key Management (DKMS) http://bit.ly/2FpQZJL
Open Source Projects
Decentralized Identity Foundation (DIF) http://identity.foundation
Hyperledger Indy https://github.com/hyperledger/indy-sdk

22. IBM Announcements / Participation
• DIF Member (http://identity.foundation)
• Sovrin Foundation Members (http://sovrin.org)
• Hyperledger Founding Member (Fabric and Indy)
• W3C Member

23. Recommended Reading
Sovrin White Paper – Published in January 2018
A Protocol and Token for Self-Sovereign Identity and
Decentralized Trust
https://sovrin.org/wp-content/uploads/Sovrin-Protocol-and-Token-White-Paper.pdf

24. Thank you!

25. Schemas and Semantics
Schemas can be published to the ledger for use in claims and
proofs as well as for supporting the extensible APIs of agents.
Allows the identity ledger to function as a marketplace for
semantic meaning and a basis for reputation combining
identity, schema and code.

26. DIDs (Decentralized Identifiers)
• DIDs are a new type of digital identifier
• DIDs were invented to enable a new type of long-term digital
identity that does not require centralized registry services
• DIDs can also be verified using cryptography, enabling a digital
“web of trust”

27. Schema and Service Discovery
Service endpoints with the DID Descriptors service block
API enumeration service at a well-known URL that responds
based on mutual authentication of DIDs
OpenAPI (fka Swagger) with an EventedAPI extension (based
on eventedapi spec) being defined and developed now.