SSI Architecture
Layer 4
A layer that shifts almost entirely from machines and technology to humans and policy.
The governance framework is a core component of many SSI solutions.
A sister project of Hyperledger and the Decentralized Identity Foundation,
support for the ToIP stack: ToIP Foundation
Trust Over IP - Defining a complete architecture for Internet-scale digital trust
The Trust over IP Foundation is defining a complete architecture for Internet-scale digital trust that combines both cryptographic trust at the machine layer and human trust at the business, legal, and social layers.
live-trustoverip.pantheonsite.io
Layer 3
1) Credential exchange protocol (still being agreed upon)
- Directly depends on Layer 2
- DIF's Presentation Exchange Specification (describes how a verifier requests credentials regardless of which credential technology is used)
DIF Presentation Exchange
§ Presentation Exchange v1.0.0 Specification Status: DIF Ratified Specification Latest Draft: identity.foundation/presentation-exchange Editors: Daniel Buchner (Microsoft) Brent Zundel (Evernym) Martin Riedel (Consensys Mesh) Contributors: Daniel McGrogan
identity.foundation
2) Credential format
(1) JSON Web Token, JWT
- JWT was originally composed of short-lived tokens for authenticating or authorizing brief moments after creation
- Supports a variety of programming languages https://github.com/dvsekhvalnov/jose-jwt
GitHub - dvsekhvalnov/jose-jwt: Ultimate Javascript Object Signing and Encryption (JOSE), JSON Web Token (JWT) and Json Web Keys
Ultimate Javascript Object Signing and Encryption (JOSE), JSON Web Token (JWT) and Json Web Keys (JWK) Implementation for .NET and .NET Core - GitHub - dvsekhvalnov/jose-jwt: Ultimate Javascript Ob...
github.com
(2) Blockcerts
- A Blockcert is a digitally signed JSON document that encodes attributes describing the credential holder
- A proposed open-source standard for computer-friendly credentials and a verification mechanism for credentials
- Blockcerts was designed and supported by Learning Machine -> acquired by Hyland Credentials
Issue verifiable records using the blockchain
A new generation of digital credentials offers transformative convenience and security for all stakeholders through the use of open standards and blockchain-based verification.
www.hylandcredentials.com
(3) W3C Verifiable Credentials format
- Credentials Community Group.
- Establishing world standards for credential interoperability https://www.w3.org/community/credentials/
Credentials Community Group
The mission of the W3C Credentials Community Group is to explore the creation, storage, presentation, verification, and user control of credentials. We focus on a verifiable credential (a set of claims) created by an issuer about a subject—a person, grou
www.w3.org
Layer 2
1) Interface (using SSI infrastructure programmatically) Interface design
(1) API-oriented
- Prefers using distributed web or mobile wallet decentralized apps (Dapps) together with APIs.
- Web 2.0 or Web 3.0 APIs
- Blockcerts app and uPort app
(2) Data-oriented
- Uses encrypted data stores (identity hubs) to retrieve, share, and manage access to identity data.
- The structural core is fundamentally about data sharing
- Some hub APIs are reorganized as message-based
- SaaS-style
(3) Message-oriented
- Uses digital agents (edge-based or cloud-based) that route messages and interactions being shared.
- Agents directly represent identities, rather than being indirect or external proxies like hubs
- Distributed multi-party protocol (aoa architecture)
2) Protocol design
(1) Web-based
Basic HTTP protocol pattern
Relies on the Transport Layer Security TLS standard used in the HTTPS protocol
Architecture of the World Wide Web, Volume One
Nadia and Dirk want to visit the Museum of Weather Forecasting in Oaxaca. Nadia goes to "http://maps.example.com", locates the museum, and mails the URI "http://maps.example.com/oaxaca?lat=17.065;lon=-96.716;scale=6" to Dirk. Dirk goes to "http://mymaps.ex
www.w3.org
(2) Message-based
Designing message-based protocols using DIDComm
- Using the DIDComm protocol for P2P communication between agents
- An architectural approach very similar to email
Developed under the sponsorship of the Hyperledger Aries project.
At the Decentralized Identity Foundation DIF, the Comm Working Group was formed
GitHub - hyperledger/aries: Hyperledger Aries is infrastructure for blockchain-rooted, peer-to-peer interactions
Hyperledger Aries is infrastructure for blockchain-rooted, peer-to-peer interactions - GitHub - hyperledger/aries: Hyperledger Aries is infrastructure for blockchain-rooted, peer-to-peer interactions
github.com
Layer 1
1) DID methods
About 80 different methods, W3C Decentralized Identity Foundation DIF,
W3C Peer DID Method Specification
Peer DID Method Specification
Editor's note, September 2022: This DID method works. There are reasonable, tested libraries for it in python and java. It is convenient to use with DIDComm v2. It is in active use within the Hyperledger Aries community, among other places, and has gravita
identity.foundation
2) DID registries
(1) Blockchain
- Applying general-purpose public blockchains for SSI
- Special-purpose blockchains designed for SSI
(2) Traditional databases as DID registries
(3) P2P protocols as DID registries - Developed under the sponsorship of the Hyperledger Aries project.
https://www.aladin.co.kr/shop/wproduct.aspx?ItemId=290964757
마스터링 자기주권신원
자기주권신원을 통해 디지털 방식으로 서명된 자격증명을 발급받은 후, 개인의 디지털 지갑에 저장하여 온라인에서 신원을 안전하게 증명하는 방법을 다룬다. 블록체인에서 영감을 받은 이 패
www.aladin.co.kr
