Dec 17

The Social Impact of “being”

By Eduardo Elias Saleh, Tech Lead at Tykn Blog, Hyperledger Indy

To be or not to be is not a question nowadays. To the normal citizen, you have your birth certificate that enables you to have an identity, a driver’s license, a passport and voilá: You are.

Even that digitally seems quite common and straightforward. Most of the western citizens have not one but many digital identities with them: a Google account, a Microsoft account, a Facebook account, etc.

This is not the case for a large segment of mankind: A group that has no identity, knows little or nothing about their roots and cannot provide any proof of them. By not being able to prove their identity, they cannot open a bank account, access healthcare or enroll in university. They cannot have a “normal” life. Unfortunately, for this group, it is easier to buy a pizza using Bitcoin than to prove their names, origins and history.

This happens because we lack a common ground for identities. Governments have strong agreements on how each of them will “understand” documents issued by other nations. Internal conflicts, commercial disputes or other political situations make it hard for some countries to be part of such agreements and they end up being left outside. In some cases, those excluded countries are the ones facing issues that force their populations to migrate. Without an identifying document recognized by their host countries, these migrants become “nobodies” in their new home.

Self-Sovereign Identity, Interoperability and Trust

Hyperledger Indy, a distributed ledger built for the purpose of decentralized identity, will be a powerful tool to overcome this issue. It will do so by being a carrier of trust.

Distributed Ledger Technology (a “blockchain”), in an identity management scenario, enables everyone in the network to have the same source of truth about which credentials are valid and who attested to the validity of the data inside the credential, without revealing the actual data.

Through the infrastructure of a blockchain, an identity verifying party does not need to check the validity of the actual data in the provided proof. Instead, the verifier can use the blockchain to check the validity of the attestation and attesting party to determine whether to validate the proof.

For example, when an identity owner presents a proof of his or her date of birth, rather than actually checking the truth of the date of birth itself, the verifying party will validate the government’s signature who issued and attested to this credential to then decide whether he trusts the government’s assessment about the accuracy of the data.

Hence, the validation of a proof is based on the verifier’s judgement of the reliability of the attestor.

But trust is not the only issue we face. Most of the identity credentials issued by an institution are particular to that institution. There’s no standard on those schemas. Through Indy and standards such as Verifiable Credentials (whose Data Model 1.0 was recently published as a W3C recommendation) interoperability between institutions and different identity management systems might be achieved.

Using this technology, Non-Governmental Organizations (NGOs) can help those “invisible people” gain access to services and expedite the humanitarian process. In the future, it may even enable NGOs to issue some sort of universally verifiable digital identity credentials to refugees. Credentials that refugee host countries could “understand” and accept because they use the same interoperable digital identity standards and trust the NGO that issued the credentials. This would allow refugees to fully access services in their host countries. They would be able to be included in society, open bank accounts, rent houses and be productive as any other citizen.

The key is interoperability and the decentralization of trust.

Hyperledger Indy

Hyperledger Indy is still quite young with a lot to be discussed and done. However, it has an engaged community around it, researching, asking questions and working towards the maturity of the ecosystem. The main tool to start using Indy is Indy-SDK. An SDK (Software Development Kit) is a “kit” that brings all-you-need tools in one library.

Today the solution still relies solely on said SDK. That can be tricky as it carries a lot of heavy-weight assumptions like using ZeroMQ, which browsers are not compatible with because of RAW TCP usage, to communicate with the node. That usually requires more recent mobile devices to work. Also, being a kind of all-in-one library it carries functionalities not always needed to everyone that uses it.

To be the solution for the problem that plagues 1.2 billion people around the world who do not have an identity, the current technology still needs improvements. It has to be easier to use on basic phones, easier to integrate and easier to develop. It still requires users to have powerful smartphones to hold wallets. It’s not possible to run on a browser. And, we are challenged with little and sometimes confusing documentation on the technical side.

There are a lot of initiatives tackling those issues. Hyperledger Aries, which is making it more modular, Indy-crypto, indy-vcx and other projects are working to make this tech more democratic, transparent and easy to use.

A lot of independent programmers are also experimenting with it, successfully creating, for example, a nodejs indy request that made a “sdkless” call to the node. I would personally love to see an HTTP with encrypted body request work over an Indy node and other “think outside the box” kind of tools.

Overcoming those issues will not be easy, but when we, the entire digital identity community, position ourselves in a united front to fight these problems, there’s a huge chance to succeed.

Dec 06

Love1

Why SSI Incubator: An inside look at the program and startups

By Maya Kanehara, Managing Director, Self-Sovereign Identity Incubator Blog, Hyperledger Aries, Hyperledger Indy, Hyperledger Ursa

The identity community at Hyperledger is lucky to see the groundbreaking toolboxes, libraries, and resources grow by leaps and bounds in just a very short time. From Hyperledger Indy, then Hyperledger Ursa, to the new project Hyperledger Aries, widespread adoption of decentralized identity is closer than ever. It was this excitement and optimism for the growing industry of identity products and solutions being born out of this community from which the Self-Sovereign Identity Incubator (SSI Incubator) was launched. By combining the expert mentors from all over the decentralized identity world with some of the most passionate innovators in the identity startup scene today, the Hyperledger identity community is poised to see growth that we’ve all been waiting for.

The SSI Incubator is designed to remove barriers to startup financing and success within the self-sovereign identity (SSI) industry. More than just seed funding and high-profile pitching opportunities, participating startups also receive co-working space, educational workshops, mentorship, and networking events with some of the most influential voices in the decentralized identity community today. The startups in this program are nearing the end of this time-limited and mentor-focused program, with the 12 weeks culminating in a final evening devoted to exploring the future of SSI.

The five startup projects are:

Domi (Berlin): Digital passports for landlords and tenants that would create a fairer rental market.
HearRo (Los Angeles): A blockchain-powered phone system for trusted, effortless communication
MetaDigital Inc (Toronto): An Intelligent Healthcare Platform that would eliminate medical prescription and insurance claim fraud with real-time digital verification.
Spaceman ID Inc (Chicago): Tools for companies to easily implement private, secure, and portable digital credentials.
Xertify (Bogotá, CO): A network where people and institutions can exchange trusted information based on blockchain technology.

“The Hyperledger identity community holds the secret to growing the use and interoperability of SSI. The SSI Incubator has shined a light on the breadth of organizations of all types and sizes that see the value of decentralized identity,” said Heather C. Dahl, CEO & Executive Director of the Sovrin Foundation. “The mix of SSI solutions and startups focused on healthcare, enterprise adoption, the home rental market, telecommunications, and education joined us from around the world shows the widespread interest and development in self-sovereign identity technologies. This range of diverse solutions is what is driving SSI adoption.”

The SSI Incubator is a joint venture between the Sovrin Foundation and investment firm Hard Yaka. Join the SSI Incubator and startups for the culmination of their work by registering for their final event of the year.

Sep 19

Love1

2019 Summer Mentee Project Update: Raspberry Pi Indy Agent

By Zixuan Zeng Blog, Hyperledger Aries, Hyperledger Indy, Hyperledger Summer Mentorship Program

My name is Zixuan Zeng, a CS student from Zhejiang University. This summer, I was happy to join the Hyperledger Internship Program and had a very fulfilling experience. I was fortunate to work with my mentor Adam Burdett from the Sovrin Foundation on a project focused on building a Raspberry Pi Indy agent on Raspberry Pi.This project’s goals was to develop a Hyperledger Indy agent running on Raspberry pi, producing a customized Raspbian image that provides easy access to GPIO pins, enabling it to interact with external sensors, LED matrix, etc. With the new Hyperledger Aries project, our implementation was an Aries-cloud-agent (previously indy-catalyst) that can interact with Indy pool and create more interesting applications. This project also includes an Aries RFC defining the message format for interactions with Sense-Hat extension board as well as its messaging module implementation.

What I learned:

Open source community work style: Through this summer’s internship, I experienced the working style of open-source development from the Hyperledger community. For example, I opened a GitHub issue and got it resolved.
Blockchain knowledge: In this internship, I got to know more about not only the basic blockchain concept but its exciting applications in the future. I learned distributed ledger, zero-knowledge proof and decentralized identifiers during this summer. Additionally, I had the opportunity to set up and test blockchains myself.
Programming experience on IoT devices: I also gained hands-on programming experience on Raspberry Pi. Since it has ARM architecture, even compiling the SDK was a tough task for me at first. After many tries and looking up the documents, I finally made it on Raspberry Pi. Using Python to control an external GPIO port was also a fun and new experience to me.
Implementation of a working Hyperledger Indy agent: Working with Aries Cloud Agent, I developed messaging protocols and successfully implemented a working agent. Walking through the architecture of the agent project was really a learning experience for me. I felt very accomplished when I understood the structure of the whole project and developed sub-module based on that.

What comes next:

The next step for this project could be:

Extend to other IoT devices
Add support for more add-on boards
Add support for more messaging types

After this fulfilling experience, I determined that my plan is to become a software engineer, especially in blockchain area. I am happy to join the Hyperledger family and hope I can make more contributions to this vibrant community in the future.

Below are some screenshots from my project. To read my full report, go here.

Jul 23

Love1

Rhythm and Melody: How Hubs and Agents Rock Together

By Daniel Hardman, Evernym and Hyperledger Global Ambassador, Sam Curren, Sovrin Foundation and DIF, and Daniel Buchner, Microsoft and DIF Blog, Hyperledger Aries, Hyperledger Indy

Those who study decentralized or self-sovereign identity technologies quickly run into two important mental models. The Decentralized Identity Foundation promotes the notion of hubs—services that help an identity owner manage data and interact through it. Hyperledger Indy and the Sovrin Foundation talk about agents—pieces of software that hold delegated keys, exchange digital credentials, and otherwise do an identity owner’s bidding.

Overlapping descriptions of hubs and agents have fostered a perception that they’re competing technologies. This is unfortunate, because the truth is quite different. Hubs and agents are actually synergistic, as explored below. Like a drummer and a guitarist, they contribute in vital and complementary ways to the music of identity.

image from ArtsyBee / Pixabay license. http://bit.ly/2YYiGUP

What Decentralized Identity Needs

Identity that doesn’t depend on centralized silos is an emerging phenomenon. Instead of rooting digital selfhood in government-granted identifiers or in accounts owned by online behemoths, it uses primitives such as decentralized identifiers (DIDs) and verifiable credentials (VCs) to derive trust from cryptographic protocols. This has the potential to unlock many benefits, including cost savings, cross-silo authentication, improved cybersecurity, identity for the unbanked and digitally disenfranchised, enhanced privacy and autonomy, and satisfying solutions to regulatory pressures from GDPR, HIPAA, and the like. Impressive proofs of concepts and pilots are underway all over the globe.

But if we want cryptographic primitives to yield practical benefits, we have to package decentralized identity so it’s easy for a child or a grandparent who thinks of tech in terms of clicks on a cell phone. That’s where hubs and agents come in.

Hubs are the data managers of decentralized identity. Like DropBox or Google Drive or iCloud, they let you put data into the cloud with confidence that it will be secure, available, and shareable anytime, anywhere. Unlike those familiar services, hub interfaces are vendor- and platform-agnostic. If you migrate from Apple to Android, your data is unaffected. If you close an account with Google, your data survives, because the data is tied to you, not to an email account or a piece of hardware. If a hacker or a malicious sysadmin or the machine learning algorithm of a data miner peers into your storage, they see data encrypted by keys that only you hold.

Agents are the personal assistants of decentralized identity. Remember how Iron Man delegates work to Jarvis? Agents are connected and digitally empowered like Jarvis. They are the mechanism for sophisticated delegation that gets work done—work like giving and retracting consent, buying and selling, scheduling and reminding, auditing, monitoring, proving things with credentials, enacting and fulfilling contracts, issuing receipts, and so forth. They speak bits and bytes, keys and crypto, and protocols and transports, so their masters don’t have to. Unlike Alexa and Siri, they are trustworthy fiduciaries, because they work exclusively for their owners. They don’t stream data about their masters back to a corporate data lake to be analyzed and mined.

Better Together

Rock music often begins with a percussion groove to set tempo and mood, with the guitar joining a few bars in, as storytelling begins. The opposite sequence is also used, where a guitar or voice leads out, and drums appear later to rev up the energy. Either way, the full power and synergy of a band manifests when each component is actively playing its part.

Similarly, agents and hubs make more powerful music when they work together. Most work that agents need to do is rooted in and informed by data; an agent that has a hub to work with is likely to be far more useful to its master. And data is an asset, but cultivating it for security and usefulness can drown us in details without powerful tools, as anyone who’s cataloged years of cat videos can attest. Having an agent to enact decisions and reference the data in appropriate, automated ways in interactions is a no-brainer.

The straightforward ability to dovetail is part of what differentiates the hub+agent combination from more specialized SSI technologies like Solid, which have a more standalone vision. Solid’s features are similar to hubs. An integration path between it and the identity, credential, and protocol features of agents undoubtedly exists, but is not a design goal.

We expect that the most useful decentralized identities will use both hubs and agents.

Harmony

How, exactly, are duties divided between hubs and agents?

To answer that question, it’s important to understand that both agents and hubs are intangible software constructs that interact over the network through APIs or messages–and that the DID communication mechanisms they use are common. In other words, they share large amounts of DNA. What separates a hub from an agent is which high-level protocols it is assigned. The division of work is manifest in which messages are sent to which component. This division used to be muddy, but it is now clarifying nicely and should become even crisper. We advocate dialog around remaining questions, and in the meantime, we suggest the rules of thumb that follow.

Hubs and agents focus on different things. Overlap is shrinking.

Hub protocols are data-oriented. They model operations as commits to a data object, or as reads of an object state. Several datatype interfaces can be read, written, or queried in similar ways: Profile, Permissions, Actions, Stores, Collections, and Services. Collections is the most foundational to the hub’s role as a data manager; it is where chunks of data of almost any type can be accessed, both by the data owner and (if the owner wishes) by others. Permissions control access to data. Profile describes the identity owner (think a universal, self-hosted gravatar). Services is the basis of a hub’s extensibility mechanism. Stores and Actions are for advanced use cases that we’ll gloss over in this high-level discussion.

One identity owner may use many hubs. Hubs make the physical topology transparent; to the owner, it just feels like data is always available on whatever device and whatever network is convenient. In keeping with the hub’s focus on data management, hubs are not deeply trusted or deeply informed about their owner’s behavior. They don’t take actions on the owner’s behalf, and they don’t hold keys. However, hubs can relay messages to other components, like agents, for processing. They are superb data managers.

Agents are flow-oriented. Their job is to get work done, and the unit of work management is a protocol. Agents might support protocols for issuing credentials, negotiating payment, or dozens of other personal and business processes. The messages that arrive at agents are routed to a protocol handler that looks up the persisted state of the flow and takes the next step, based on what the message says. Agents do take actions on the owner’s behalf; for example, when Alice digitally signs a lease with her mobile phone, an agent has to do the underlying crypto because Alice can’t handle modular exponentiation in her head, and she can’t speak bits and bytes over Wifi.

A component diagram that shows how hubs and agents deploy and interact in a credential-oriented interaction may help to provide a tangible example:

Hubs and agents work together to connect Alice to other parties on the digital landscape.

Agents should generally defer storage management tasks to hubs. The persisted state that an agent adds to, when taking the next step in an incomplete workflow, should be read from and written to a hub’s sophisticated storage layers–and by viewing messages as data, hubs can add reliable delivery guarantees to route or relay functions that propagate messages to all of Alice’s agents. When Alice wants to share her cat videos with Bob, she should point him to a URI backed by her hub(s). It is possible that some agents will operate without hubs (e.g., IoT devices that emit sensor data but that don’t store much); however, most sophisticated agents will have hub storage available to them.

Hubs should generally defer complex, non-data-management work to agents. When Bob wants to buy a car that Alice is selling, he engages in a buy~sell protocol that begins as Alice receives a message from him. This message arrives at the boundary of Alice’s world at an endpoint she designates. That endpoint might be hosted on a hub, where the message can be persisted and replicated—or it might flow directly to one of Alice’s agents. Either way, it is the agent’s interface that Bob interacts with and that provides interoperable workflow. It is possible that some hubs will operate without agents (e.g., doing nothing complex beyond sharing data); however, most hubs will collaborate with agents nearby.

Conclusion

Hubs and agents are complementary technologies. Hubs are the data relays and data managers of decentralized identity; agents are the personal assistants. Each solves complex problems for identity owners, and each gets more powerful when paired with the other. We expect flexible and powerful decentralized identities to use both.

The Decentralized Identity Foundation (DIF: https://identity.foundation/) and Hyperledger Aries (https://github.com/hyperledger/aries-rfcs) are actively working to make these technologies converge in useful ways for the benefit of the whole decentralized identity community. If you’d like to be involved, contribute to the DIF Identity Hub project at: https://github.com/decentralized-identity/hub, or reach out to Aries developers at https://chat.hyperledger.org/channel/aries.

Jul 18

Love0

Strengthening Hyperledger Indy and Self-Sovereign Identity

By Phil Windley and Greg Kidd Blog, Hyperledger Aries, Hyperledger Indy

After working on the problem of identity online for more years than we care to admit, it is heartening to see that we are not alone: The identity community we’ve longed to see is here, and it’s transforming the world. In the months since Hyperledger Indy graduated to ‘production ready’ active status, we’ve seen an outpouring of digital identity business solutions come to market.

These accomplishments are due, in part, to the growth and maturity of the Hyperledger Indy code; but, equally, they wouldn’t have happened without a collaborative community of dedicated contributors passionate about changing the way identity works online. And their outstanding work is not going unnoticed by the wider technology community: self-sovereign identity (SSI) has gone from “interesting idea” to “this looks promising” to “we need to implement this now.”

The Time for SSI Has Come

Forrester’s recent “Top Recommendations for Your Security Program, 2019,” testifies to this, describing SSI as a “win” for customers and businesses, and urged chief information security officers (CISO) to “Empower your customers to control their own identities via self-sovereign identity.”

They can do this because exchanging verifiable digital credentials is at the heart of SSI. This ends the need for massive data silos, honeypots, and unsecured data repositories housed at countless corporations and organizations. Instead, anyone can hold secure and verifiable information about themselves, and through Zero-Knowledge Proofs (ZKP), minimize the information they decide to share with others. (ZKPs are an important type of advanced privacy-preserving cryptography now available in the open source community within the recently announced Hyperledger Aries project).

This doesn’t just benefit consumers in terms of information sharing, businesses also get to avoid GDPR and regulatory compliance issues and benefit from much better security. Moreover, we’re finally starting to see the big tech companies come to the realization that the status quo isn’t working when it comes to data collection, and sooner or later, it will affect their bottom line. SSI is the disruptive technology that the industry has been waiting for.

The Indy and Aries communities are driving this disruption in privacy and personal data by designing and building the protocols, technologies, and code that makes SSI possible. But moving beyond the code and building real solutions will require new companies. Like the Web 20 years ago, most of these will be startups who have a vision for this new way of interacting online.

Nurturing the Digital Identity Community

This is why we’re excited to be supporting the valuable work of the SSI community with the launch of the Self-Sovereign Identity Incubator.

Designed to help organizations and companies learn how to use code from Hyperledger Indy to create verifiable credential exchange products and SSI solutions, this intensive 12-week program based in San Francisco will be a bootcamp for identity entrepreneurs and start-ups. It also gives participating companies $180,000 in investment and the comprehensive hands-on technical support and mentoring they need to realize their business ideas and bring their products to market.

At a point where SSI is reaching critical mass, we want to see the identity community grow bigger and stronger and build the products that take SSI to the masses. As Sovrin Foundation Executive Director and CEO Heather Dahl recently noted at the New Context Conference in Tokyo, an event founded in 2005 by Digital Garage co-founder and Director of MIT Media Lab, Joi Ito, “Self-sovereign identity is the next disruptive innovation; it changes the very nature of how people connect with the companies and services that they rely upon online.”

It’s great to see the SSI Incubator already receiving its first batch of applications, with many from the same Hyperledger community Sovrin first worked with to donate the source code to Hyperledger Indy. These are the same members who we see contributing and maintaining the code repositories for Hyperledger Indy and Aries today,

These products are poised to transform the fundamental way the Internet runs and the way we will use it to the benefit of everyone. With our years of experience and depth of knowledge about digital identity, supporting this community and these projects is not just something interesting for us to do in our spare time. It is our job as leaders in technology and identity to support, educate, and most importantly, fund the projects, that will change the future of identity forever.

About the authors

Greg Kidd is the Founding Partner of Hard Yaka, a fund investing in portable identity, payments and marketplaces necessary for digital transformation. He has invested in more than 100 startups, including Twitter, Square and Ripple.

Dr. Phil Windley is chair of the Sovrin Foundation and the co-founder and organizer of the Internet Identity Workshop. He is a passionate technology educator and is the author of the books The Live Web and Digital Identity.

May 09

Love0

Hyperledger Community, Deployment and Development Momentum Continues

By Hyperledger Announcements, Hyperledger Indy, Hyperledger Iroha

Adds 10 More Members, Powers Half of the Blockchain 50, Hits Production Milestones for Hyperledger Indy and Hyperledger Iroha

SAN FRANCISCO (May 9, 2019) –Hyperledger, an open source collaborative effort created to advance cross-industry blockchain technologies, today announced 10 more organizations have joined its growing global community. These new members join just as the Hyperledger portfolio of production-ready projects doubles and Forbes documents the scope of Hyperledger deployments in leading global businesses.

Hyperledger is a multi-venture, multi-stakeholder effort hosted at the Linux Foundation that includes various enterprise blockchain and distributed ledger technologies. According to the recent Forbes Blockchain 50 list, over half of the biggest companies deploying blockchain are doing so on a Hyperledger platform. And now two more projects, Hyperledger Indy and Hyperleger Iroha, have hit development milestones that make them production ready.

“As the Forbes 50 shows, blockchain technologies and, specifically Hyperledger projects, are now having real-world impact,” said Brian Behlendorf, Executive Director, Hyperledger. “With four production-ready frameworks and 270 members working to develop and deploy Hyperledger technologies around the world, the rate of adoption and the rise of production systems will only accelerate. Our newest members will further fuel this growing community, deployment and development momentum.”

Hyperledger allows organizations to create solid, industry-specific applications, platforms and hardware systems to support their individual business transactions by offering enterprise-grade, open source distributed ledger frameworks and code bases. The latest general members to join the community are Consensus Datatrust Technology Co., Ltd., FRST Corp., Fusion Tech+, Hedera Hashgraph LLC, INBLOCK Ltd, RealMarket and Xilinx, Inc.

Hyperledger supports an open community that values contributions and participation from various entities. As such, pre-approved non-profits, open source projects and government entities can join Hyperledger at no cost as associate members. Associate members joining this month include Arizona State University, Portland State University and University College London.

New member quotes:

Consensus Datatrust Technology Co., Ltd

“It is a great honor to join and be a member of Hyperledger,” said Maolu Wang, Chairman, Consensus Datatrust. “As a revolutionary new technology, blockchain has shown great potential in the field of B terminal. We understand that the solution of digital letter integrates blockchain and big data. We believe that blockchain technology can be used as a link for multi-party data sharing to solve previous business problems by technical means. As a member of Hyperledger, we will provide strong technology promotion and product promotion support, and we look forward to making continuous contributions to the community.”

FRST Corp

“The open source dev ecosystem has a tradition of testing assumptions, trying new things, and building important, evolving codebases. FRST is excited to join the Hyperledger community, and we believe participation will advance our work as a data-driven, blockchain-native enterprise analytics company,” said Karl T. Muth, CEO of FRST. “We can’t wait to share our questions and ideas with this community.”

Fusion Tech+

“We are very happy to join Hyperledger and look forward to collaborating with the community to provide innovative solutions for our partners and customers,” said Yang Lu, CTO of Fusion Tech+. “Fusion Tech+ is a smart technology company under Fusion Group. Relying on the strong strategic layout of the IoT, Fusion Tech+ puts forward the concept of Tech+ for enabling innovation and an integrated service platform called ‘Fusionfintrade,’ which deeply integrates technology, finance and scenarios to create a mutual enabling ecosystem. Our platform supports many scenarios and, as we develop it, we will also be actively contributing to the Hyperledger ecosystem and working with the other members to promote the development of technology and industry.”

Hedera Hashgraph

“We are excited to join the Hyperledger community, which comprises some of the most forward-looking organizations working on distributed ledger technology,” said Mance Harmon, CEO of Hedera Hashgraph. “We know enterprises have been exploring DLT use cases with Hyperledger technology. Hedera provides an enterprise-grade public network that complements those existing and future projects.”

INBLOCK Ltd

“It’s been a long-time goal for us to join the Linux Foundation and Hyperledger,” said Jay Baek, vice president at INBLOCK. “Since the introduction of Mainnet last year, we’ve been cooperating with leading experts and allies in the blockchain industry to develop and improve the global business value. While our focus in on digital assets, we see that blockchain has the potential to revolutionize all industries, and we hope to contribute to the technology’s wide, real world impact.”

RealMarket

“RealMarket is a FinTech/RegTech company producing innovative alternative finance solutions using enterprise blockchain, machine learning, and big data. Our ultimate vision is a fully programmable economy powering groundbreaking and sustainable development worldwide,” said Dr. Dušan Gajić, CEO of RealMarket. “Thus, it is natural for us to join Hyperledger and the Linux Foundation, and we are both proud and excited to do so. Hyperledger is vital to our efforts as its suite of technologies ensures that the store of business-vital data and the rules governing their transformation are securely distributed. It is our aim to help develop Hyperledger further as we build an innovative platform combining equity crowdfunding, a private equity secondary market, cap table management, and corporate governance automation. All of this is only possible because Hyperledger Fabric is at the core of our system.”

About Hyperledger

Hyperledger is an open source collaborative effort created to advance cross-industry blockchain technologies. It is a global collaboration including leaders in finance, banking, Internet of Things, supply chains, manufacturing and Technology. The Linux Foundation hosts Hyperledger under the foundation. To learn more, visit: https://www.hyperledger.org/.

May 01

Love0

An overview of Self-Sovereign Identity: the use case at the core of Hyperledger Indy

By By Dr Phillip J. Windley, Chair of the Board of Trustees, Sovrin Foundation Blog, Hyperledger Indy

In the real world, most identity interactions are self-sovereign. We collect and hold various credentials that we keep in our possession and present at our discretion to prove things about ourselves. These could be collections of cards, certificates, or paperwork that prove various things about someone or something. Some credentials are obvious, like birth certificates, licenses to drive, employee ID cards, passports, university diplomas…the list goes on. We hold and present these to any anyone we want, without the permission of the organization who issued them. These credentials are kept and controlled by the holder, and only taken from her wallets and revealed with her expressed consent.

This is not what happens on the internet. Like the famous cartoon says – “On the Internet, nobody knows you’re a dog,” illustrating the very real issue with the lack of an easy, secure, standardized system for a person to collect, hold, and ultimately present trustworthy, verifiable credentials online.

Unfortunately, online identity is very clearly broken. This is due to the fact that the internet was created without any way to identify the people who used it. Initially, it was a fairly small network of machines. Internet protocols are designed to identify machines and services, not people. People used the Internet through some institution (usually their company or university) and were part of that institution’s administrative identity system. This can still be seen in the format of email addresses that identify both recipient and sender as someone@someplace.

As the internet grew to include people who weren’t formally associated with an institution, every website and service created its own administrative identity domain. The result is the fractured profusion of identifiers, policies, and user experiences that constitute digital identity in 2019. Where early internet users had a handful of credentials and logged in occasionally, modern internet users typically have dozens, even hundreds, of usernames and passwords. Security has made these harder to use by encouraging or even forcing users to use more cryptic passwords and not share them between sites. And now multi-factor authentication adds to the cognitive burden. And then there’s the inconvenience of supplying the same information to application after application, all the while suffering the dangers that they might lose it or expose it to hackers.

One attempt to solve this problem is single-source or ‘federated logins.’ Social login systems from Google, Facebook, and others expedite logging into various websites, but these systems are limited in the kinds of attributes they use and the trustworthiness of those attributes. As a result, they aren’t as widely used as one might hope. Many companies don’t or can’t use social login and so the system of fractured administrative identity systems remains.

Traditional, identity systems have a single identity provider (IdP) administering an identity system for their own purposes. The rights of the so-called “identity subject” are subordinate to those of the identity provider. These systems are siloed, meaning the attributes you’ve shared with one organization are difficult to use with another. Each company asks for the same information, like your name, credit card, address, and so on. Users are required to provide that information to use the service – whether they like it or not. This single entity determines what information will be collected, decides who can participate, and how their data is stored – and that data is only as secure as the company or organization that keeps it.

Consequently, until now, the internet has lacked a universally available digital identity system that lets individuals collect and hold trustworthy verifiable credentials and present them to whoever they want, whenever they want – without the reliance on a third-party managing access.

What is SSI

Self-sovereign identity (SSI) gives individuals or organizations agency to control their identity information. SSI acknowledges that identity is about much more than logging in. Identity can be expanded to other uses by using verifiable attestations, called credentials, to prove things about yourself. SSI uses verifiable, trustworthy credentials. Identity owners autonomously use those credentials wherever they want. Privacy is a critical feature of SSI because, without privacy, there is no control. In SSI, the identity owner must be in control of who sees what. This represents a monumental shift in how identity functions on the internet.

Credential issuers, holders, and verifiers are peers on an SSI network. Any person or organization can play any or all of the roles, creating a decentralized system for the exchange of trustworthy, digital credentials.

Credential issuers determine what credentials to issue, what the credential means, and how they’ll validate the information they put in the credential.
Credential holders determine what credentials they need and which they’ll employ in workflows to prove things about themselves.
Credential verifiers determine what credentials to accept, and which issuers to trust.

In SSI, players independently determine the role they’ll play, who they trust, and what they will believe. While credentials can be revoked individually, the identity owner still controls her own identity wallet and all the other credentials she has collected. The result is an internet identity system that is more flexible, more secure, more private, less burdensome, and less costly.

About the author: Dr. Windley, an expert in decentralized digital identity and IoT and event-driven systems, is Chair of the Board of Trustees, Sovrin Foundation. The Sovrin Foundation open sourced the codebase used to create the Sovrin Network and contributed the initial code for Hyperledger Indy to Hyperledger, a project dedicated to blockchain hosted by the Linux Foundation.

Apr 25

Love0

Research Paper: Validating Confidential Blockchain Transactions with Zero-Knowledge Proof

By Hyperledger Blog, Hyperledger Indy

By: Carlo Gutierrez and Alex Khizhniak, Altoros

A new document explains how blockchain transactions can be verified without having to reveal the details. Some of the model’s implementations include Idemix and Hyperledger Indy.

Transparency is considered by many to be one of blockchain’s most important traits. However, there are businesses, such as those in finance, which deal with sensitive information. In these situations, transparency takes a step behind privacy. For organizations operating with confidential information, implementing blockchain transactions with zero-knowledge proof (ZKP) is a solution to consider.

Altoros, a General Member of Hyperledger and an expert in blockchain development and training, has released a research paper exploring how to ensure privacy while still providing transparency on a blockchain.

Who can benefit from ZKP?

In a nutshell, ZKP is a method in cryptography where a prover can convince a verifier that it knows a secret value, without actually disclosing any information apart from the fact that it knows the secret value. While this requires some input from the verifier (e.g., challenging a response), there is also a form of this model called noninteractive ZKP, which does not require such an interaction between the two parties.

Avoiding linkability between certificates using ZKP protocols such as Idemix (Image credit)

Applications that benefit from ZKP are those that require a measure of data privacy. Some of these example applications include:

Authentication systems. The development of ZKP was inspired by authentication systems, where one party needed to prove its identity to a second party through some secret information, but without revealing the secret altogether.

Anonymous systems. ZKP can enable blockchain transactions to be validated without the need to reveal the identity of the users making a transaction.

Confidential systems. Similar to anonymous systems, ZKP can instead be used to validate blockchain transactions without revealing pertinent information, such as financial details.

ZKP implementations: Idemix and Hyperledger

In Hyperledger Fabric, privacy-preserving authentication and transfer or certified attributes can be done using Identity Mixer (Idemix), a ZKP-based cryptographic protocol. Its implementation consists of the three components:

A core Idemix cryptopackage (in Golang), which implements basic cryptographic algorithms (key generation, signing, verification, and zero-knowledge proofs)

MSP implementation for signing and verifying transactions using the Identity Mixer cryptopackage

A CA service for issuing ECert credentials using the Identity Mixer cryptopackage

The Idemix architecture within Hyperledger Fabric

This combination provides:

anonymity (sending transactions without having to reveal your identity)

unlinkability (sending multiple transactions without revealing that all the transactions come from the same source)

Based on Idemix, the Hyperledger Indy project was built for managing decentralized, independent digital identity. It utilizes the so-called Indy-anoncreds to cryptographically secure credentials. Just a couple of days ago, it was announced that The Hyperledger Technical Steering Committee (TSC) had approved Indy to graduate from incubation to the active status.

For more details on ZKP, the zkSNARK protocol, and noninteractive ZKP implementations (such as Idemix and Indy), check out the full research paper.

Apr 10

Love1

Hyperledger Indy Graduates To Active Status; Joins Fabric And Sawtooth As “Production Ready” Hyperledger Projects

By Steven Gubler, Sovrin Infrastructure and Pipeline Engineer Blog, Hyperledger Fabric, Hyperledger Indy, Hyperledger Sawtooth

By Steven Gubler, Hyperledger Indy contributor and Sovrin infrastructure and pipeline engineer

The Hyperledger Technical Steering Committee (TSC) just approved Indy to be the third of Hyperledger’s twelve projects to graduate from incubation to active status.

This is a major milestone as it shows that Hyperledger’s technical leadership recognizes the maturity of the Indy project. The TSC applies rigorous standards to active projects including code quality, security best practices, open source governance, and a diverse pool of contributors. Becoming an active Hyperledger project is a sign that Indy is ready for prime time and is a big step forward for the project and the digital identity community.

Hyperledger Indy is a distributed ledger purpose-built for decentralized identity. This ledger leverages blockchain technology to enable privacy-preserving digital identity. It provides a decentralized platform for issuing, storing, and verifying credentials that are transferable, private, and secure.

Hyperledger Indy grew out of the need for an identity solution that could face the issues that plague our digital lives like identity theft, lack of privacy, and the centralization of user data. Pioneers in self-sovereign identity realized we could fix many of these issues by creating verifiable credentials that are anchored to a blockchain with strong cryptography and privacy preserving protocols. To this end, the private company Evernym and the non profit Sovrin Foundation teamed up with Hyperledger to contribute the source code that became Hyperledger Indy. The project has advanced significantly due to the efforts of these two organizations and many teams and individuals from around the world.

A diverse ecosystem of people and organizations are already building real-world solutions using Indy. The Sovrin Foundation has organized the largest production network powered by Indy. The Province of British Columbia was the first to deploy a production use case to the Sovrin Network with its pioneering work on Verifiable Organizations Network, a promising platform for managing trust at an institutional level. Evernym, IBM, and others are bringing to market robust commercial solutions for managing credentials. Many other institutions, researchers, and enthusiasts are also actively engaged in improving the protocols, building tools, contributing applications, and bringing solutions to production.

The team behind the project is excited about current efforts that will lead to increased scalability, better performance, easier development tools, and greater security. User agents for managing Indy credentials are under active development, making it easy to adopt Indy as an identity solution for diverse use cases.

If you’d like to support Indy, join our community and contribute! Your contributions will help to fix digital identity for everyone. You can participate in the discussions or help write the code powering Indy. Together, we will build a better platform for digital identity.A

Mar 27

Love1

Hyperledger Welcomes Nine New Members to its Expanding Enterprise Blockchain Community

By Hyperledger Announcements, Hyperledger Fabric, Hyperledger Indy

Advances Collaboration with Growing Portfolio of Working Groups and Cross-Industry Special Interest Groups

SAN FRANCISCO (March 27, 2019) – Hyperledger, an open source collaborative effort created to advance cross-industry blockchain technologies, today announced that nine organizations have joined the community. The new members, which includes the first general members from Malaysia and Saudi Arabia, further strengthen the global support for the leading enterprise blockchain project.

Hyperledger is a multi-venture, multi-stakeholder effort hosted at the Linux Foundation that includes various enterprise blockchain and distributed ledger technologies. With the support of its fast-growing and increasingly diverse community, the organization announced the expansion of its portfolio of Special Interest Groups (SIGs), with the addition of the Hyperledger Social Impact SIG, Hyperledger Trade Finance Special Interest Group and, most recently, Telecom SIG. Hyperledger also welcomed the Smart Contract Working Group. Additionally, Hyperledger released two case studies offering a detailed look at Walmart’s unprecedented advancement of the food supply chain industry using Hyperledger Fabric and British Columbia’s efforts to cut government red tape with Hyperledger Indy.

“Our growing line-up of members and cross-community and cross-industry groups all point to the value of collaborative development, particularly for enterprise blockchain technologies,” said Brian Behlendorf, Executive Director, Hyperledger. “As our Walmart and British Columbia case studies demonstrate, blockchain creates common ground for a network of stakeholders, adding value for everyone in the process. We view our community-based, open source approach in the same light, encouraging cross-industry collaboration at every turn. We welcome our newest members and look forward to their contributions to the community’s efforts.”

Hyperledger allows organizations to create solid, industry-specific applications, platforms and hardware systems to support their individual business transactions by offering enterprise-grade, open source distributed ledger frameworks and code bases. The latest general members to join the community are Altavoz, Flowchain, Limar Global, PeerNova, Inc., Quant Network, ReGov Technologies Sdn. Bhd, Securitize and Silicon Valley Bank.

New member quotes:

Altavoz

“When Altavoz began accepting Bitcoin in 2013, we came to understand the importance of blockchain through the forest of cryptocurrencies,” said Altavoz CEO Nelson Jacobsen. “This led to work with the entertainment trade group, MusicBiz.org, on crypto and blockchain educational issues for artists, labels and music distribution companies. Joining the Linux Foundation and Hyperledger is the right next step for the growth of blockchain in the entertainment industry, and we look forward to being a part of Hyperledger’s efforts to create an open standard for distributed ledger technology.”

Flowchain

“Flowchain is excited to be a Hyperledger member,” said Jollen Chen, founder & CEO, Flowchain. “As a distributed ledger for peer-to-peer IoT networks and real-time data transactions, Flowchain’s design and architecture achieve advanced performance in both time and messages size compared to traditional distributed ledger technologies. By joining Hyperledger, Flowchain is ready to move to the next level and build up more application scenarios for IoT and AI industries. We are also looking forward to collaborating with more open-source based teams to evolve blockchain solutions.”

Limar Global

“We are pleased to join Hyperledger and to be the first Saudi company to join this global member community,” said Abdulellah M. Alnahdi, co-founder/director of Limar Global Technology. “Our team has been inspired by the Vision of 2030 for digital transformation of our country. Limar Global Tech aims to be a leader in the technological developments of Saudi Arabia and we realize that Hyperledger is the perfect community for our government and private sector to leverage for this digital transformation. We strive to bring forth the best for our people and working with the Hyperledger community will allow us to accelerate the use of DLT in our country. Whether its eHealth, Supply Chain management, or government services, we strive to adopt use cases that will ultimately make people’s lives easier. Our mission is to simplify life with advanced technologies and to help create a digital state that serves the greater good in our country. We look forward to collaborating with the Hyperledger community members and contributing to the greater cause of trusted networks.”

PeerNova, Inc.

We are excited to join the Hyperledger community,” said Gangesh Ganesan, PeerNova President & CEO. “Our Cuneiform® Platform is built on principles of interoperability across existing financial and market infrastructures. Joining the Hyperledger community allows us to continue developing a solution that works seamlessly with internal, external, and all emerging DLT networks to achieve end-to-end visibility in real-time while ensuring privacy and confidentiality.”

Quant Network

“We are honored to join Hyperledger and the Linux Foundation to contribute to open source software and provide domain expertise,” said Gilbert Verdian, CEO and founder, Quant Network. “We see the immense value of collaborating to bring mass adoption for blockchain technology and contributing with our Overledger operating system, which helps unlock the potential of blockchain technology by addressing interoperability between blockchains as well as existing networks. Our work is driven by the belief that collaboration makes the blockchain ecosystem stronger, which is why the majority of our code is open source. We believe it’s crucial to support the development of DLT solutions and Hyperledger projects for enterprises and developers. We are excited to join this community to both contribute and help customers and users around the world benefit from this transformational technology.”

ReGov Technologies Sdn. Bhd.

“We are excited to be the first general member of Hyperledger in Malaysia,” said Datuk Paul Khoo, Founder and CEO of ReGov Technologies Sdn Bhd. “The goal is to infuse and grow the capabilities of Hyperledger within the Malaysian public and private sector to build trust and accountability while streamlining processes to reduce cost. Leveraging the ecosystem of Hyperledger, ReGov will drive change using this next-generation technology to improve transparency and governance within all organisational spheres in Malaysia.”

Securitize

“At Securitize, we believe all financial products will eventually adopt blockchain,” said Carlos Domingo, CEO & co-founder, Securitize. “As a leading technology platform for financial products, we see our membership in Hyperledger as a logical, evolutionary step in order to properly provide services to financial institutions on both permission-based and private blockchains.”

Silicon Valley Bank

“We could not be more excited to join the Linux Foundation and Hyperledger and do our part to advance the Open Source community,” said Dave Kochbeck, Chief Scientist, Silicon Valley Bank. “As the leading financial services institution for the innovation economy, it is critically important that we go beyond the transaction to engage deeply in the technical communities that will help shape the future of financial services and how we work with and support our clients.”

About Hyperledger