Decentralised Identity with HLP Indy and Corda

Editor's Notes

• #2: http://getwallpapers.com/collection/rene-magritte-wallpaper
• #3: This is a cartoon from the New Yorker from 1993. A dog is browsing the internet, turns to another dog, and says, “On the internet, nobody knows you’re a dog.” That was 25 years ago, and we still haven’t solved the problem. Identity on the internet is a litany of failures: Fragmented: Hundreds of logins split across hundreds of databases Manual: Old-fashioned out-of-band processes (phone calls and meetings to set up online banking services…) Blind trust (“Are you over 18?”) Out of your control
• #4: What we need are digital credentials. The digital equivalent of passports, home-ownership documents, address information that can be shown to prove identity without relinquishing our information to some external database. Here’s an example of what a digital driver’s licence could look like. A simple data object, signed by the issuer (to prove integrity of the information) and the owner (to prove ownership of the information).
• #5: https://en.wikipedia.org/wiki/California_Department_of_Motor_Vehicles https://en.wikipedia.org/wiki/Alamo_Rent_a_Car
• #6: We need to create digital credentials – the digital equivalent of a passport
• #7: One approach to linking identities to public keys is to use a few hundred certificate authorities. These are parties that are trusted to use standard KYC processes to link identities to public keys. However, obtaining a certificate from a certificate authority is very slow and expensive, restricted to large companies. If one of these certificate authorities makes a mistake, is hacked, or goes out of business – especially if they’re one of the top-level, high-powered certificate authorities known as root certificate authorities. We don’t want a small number of digital identities restricted to large companies and issued by centralized parties. We want identity for all, at low cost, and safe from breaches. Let us introduce Hyperledger Indy.
• #18: Hyperledger Indy is a toolkit for spinning up, managing and interacting with Sovrin-like blockchains. “This code is independent from but commonly associated with Sovrin. Sovrin is a public utility for identity, built on top of this codebase. People who install sovrin packages (e.g., with sudo apt install sovrin) get prepackaged genesis transactions that integrate with an Indy validator pool using Sovrin's governance and trust framework. However, it is possible to use Indy Node with a different network, using whatever conventions a community chooses.” Indy design choices: Nodes: Consensus with plenum BFT (specifically Redundant BFT) Client-node and node-node network communication with Curve ZMQ Ledger: Replicated across all nodes, backed by merkle tree State: Ethereum’s Patrica trie Storage: LevelDB as key-value storage for ledger and state AnonCred: Anonymous credentials with type-3 revocation (prove identity satisfy certain properties in uncorrelated way without revealing other identity details)
• #20: Gemalto Trust ID Network is a a decentralized digital ID platform allowing banks to simplify customer identity management and streamline the onboarding process of new customers while enabling end users to be in total control of their identity. Each user gets a mobile wallet that uses Indy to manage digital identities and claims, and allows Corda nodes to interact with these digital identities and claims. Workflow: Scan passport -> take selfie -> goes to the Gemalto server (check passport security + match selfie to photo automatically) -> creates passport credential with verifiable claims and associated DID -> you can now share these credentials Similar process for email address (certified by clicking an email link) and phone (certified by receiving a text)