How many times have you answered, “What’s your mother’s maiden name?” or named your first pet when setting up a new account? Today, those common knowledge-based authentication questions have become the most vulnerable forms of customer identification as financial institutions are being increasingly hit by fraudsters in the call center.
CULedger, a credit union service organization (CUSO) that began when a group of credit unions came together in 2016 as a direct response to the increasing threat of fraud, took up the challenge of improving the member identity authentication process across all delivery channels. CULedger was formed specifically to bring a decentralized identity solution product for credit unions to market. Hence MemberPass™—a digital identity credential held by credit union members that protects credit unions and their members from identity theft and fraud in all financial interactions, from call center authentication to lending to opening new accounts—was born.
CULedger worked with decentralized identity organization, Evernym, to build MemberPass™ (formerly called MyCUID) with Hyperledger Indy—a distributed ledger software project that is interoperable with other blockchains or can be used on its own to power the decentralization of identity. With Hyperledger Indy at its core, MemberPass™ serves as a permanent and portable digital identity that reduces member friction and injects more trust in digital interactions within credit unions.
During a pilot program with three credit unions in 2019, initial results for MemberPass™ were promising. Whereas authentication in the call center could take anywhere from 90 to 120 seconds—or sometimes even up to five minutes depending on the transaction—MemberPass™ reduced that process down to 15 seconds or less.
There are now thousands of MemberPass™ credentials in live production, with the expectation that number will grow year after year as the focus shifts to scaling and evolving the network. Credit unions recognized the advantages of MemberPass™ from the get-go and are looking to get more of their members using the digital identity credential. One participating credit union is working with CULedger on a strategy for issuing new MemberPass™ accounts inside its branch locations as part of their new member onboarding process. Other credit unions have expressed interest in implementing MemberPass™ in its Internet banking channel and its mobile banking channel. More use cases are being defined as more credit unions begin to understand the power of this privacy-enhancing technology.
Hyperledger teamed up with CULedger to capture the details behind the launch of MemberPass™ as well as steps that are underway to grow adoption and interoperability. Find out more in the full case study.
Just before the age of COVID began in earnest, The New York Times ran a feature on “How Technology Is Changing the Future of Higher Education.” The rise of remote learning and other pandemic-related changes and challenges have added to the need and opportunity for technology-driven advances.
The Hyperledger community is doing its part to help the higher education market adapt to an increasingly digital world. Below we look at five Hyperledger-powered solutions that are at work now in the education market. They are helping colleges and universities modernize how they tackle a number of core tasks, including issuing and verifying academic credits, automating on-campus payments and managing students’ identity and privacy.
Read on for more about these #HyperledgerEdu solutions, built using a mix of Hyperledger technologies:
Byacco, an on-campus payment system
Soramitsu has officially released Byacco, a payment system based on Hyperledger Iroha, for the University of Aizu, Japan. Byacco is a system that allows students and staff of the University of Aizu to use an application on their phones to pay for goods in the cafeteria and university store and to transfer funds within the campus. To make a transaction, all they need is to scan or to provide a QR code, depending on the operation. Byacco’s technology also has high standards for transfers: it follows the EMV® QR Code specification and has bank application level financial security protocols. The keys that are used to authorise transactions on the blockchain are stored only on the device, in a secure storage, so that no one except the owner can access the funds. Students of the university can join the development of the system, thus acquiring skills in creating financial systems based on Hyperledger technologies.
DoDream, a “Study Abroad Platform”
Dain Leaders is an education solution provider for universities in Korea. It serves more than 45 Korean universities by providing services for students’ career path development. As part of that effort, Dain Leader is introducing its “Study Abroad Platform,” called DoDream, to support the extended education ecosystem of the universities, accreditation and related agencies, and prospective employers. Based on Oracle Blockchain Platform Cloud Service (which is powered by Hyperledger Fabric), the platform is an O2O service that provides foreign students with information on studying in Korea and a matching service with Korean universities.
Oracle Digital Certificates Solution
In the face of fast-changing demographic and economic drivers and student expectations, the current processes for issuing and verifying student certificates are too inefficient and time consuming. They can also lead to fraudulent or counterfeit certifications.
The Oracle Digital Certificates Solution, built on the Oracle Blockchain Platform (based on Hyperledger Fabric), provides a complete, end-to-end solution for educational institutions to issue verifiable tamper-proof and secure credential certification that improves the student experience after graduation and improves operational efficiency. The solution enables institutions to issue digital certificates along with transcripts and provide self-sovereign capability to the students who can share them securely with third parties through an access token.
This solution has been successfully deployed in production by customers like China Distance Education Holdings Limited (CDEL) and Taibah Valley University. CDEL uses Oracle Blockchain to share educational records and professional certifications across many educational institutions to help employers and recruiters verify the educational credentials claimed by individuals.
Many other institutions like national universities, employment agencies, government organizations, professional skills academies and universities that provide student grants/scholarships are using this solution as part of ongoing or planned pilots.
PwC Smart Credentials
Data is the new gravity in the world today and organisations are gravitating to and concentrating around trust as the ultimate currency in this data driven world. This trust is crucial for people to exchange information, especially in this digital age when trust is often violated.
With that premise, PwC developed Smart Credentials, a credential issuance, sharing, reviewing and revocation platform levegering the inherent core benefits of blockchain technology such as immutability, tamper-proof nature, transparency, authenticity and security.
Built using Hyperleder Indy and Hyperledger Aries to support the verification process, Smart Credentials has two key pillars: Authentication (you are who you say you are) and Authorization (genuine claim). Both are crucial ingredients of building trust in any ecosystem.
Smart Credentials recently won a “Bronze” medal for the Best Global Blockchain Innovation 2019 at the Reimagine Innovation awards (Backed by Wharton and QS) and is a finalist in the DataIQ 2020 awards “Best data product/ service” of the year category.
Verified.Me
As higher education moves deeper into online and remote learning for traditional and non-traditional students, colleges and universities are now offering a broader array of services that extend the campus experience to the digital realm. Beyond the advent of digital programming, educational institutions are also privy to sensitive personal student, faculty and alumni data from income and payment information to disciplinary records, healthcare and insurance information.
SecureKey Technologies’ Verified.Me service is one approach that supports education’s new digital and data privacy demands. This new digital identity verification service can help verify students, alumni and faculty in a timely and secure manner, strengthening educational institutions’ ability to expand their digital offerings with confidence – while also providing much-needed cost savings. Verified.Me is built using the IBM Blockchain Platform, which is based on Linux Foundation’s open source Hyperledger Fabric.
Interoperability and integration are top of mind issues across the blockchain space right now. From new projects to new solutions, the Hyperledger community is taking on the challenges of cross-chain and cross application communication and data flow.
Here are some of the most recent #HyperledgerInterop developments from across the community.
New Project – Hyperledger Cactus
The newly announced Hyperledger Cactus is a blockchain integration tool designed to allow users to securely integrate different blockchains. This pluggable architecture helps enable the execution of ledger operations across multiple blockchain ledgers, including Hyperledger Besu, Hyperledger Fabric, Corda, and Quorum available today, with the aim of developers continually adding support for new blockchains in the future.
Cactus started as a Hyperledger Labs project six months ago and has attracted significant attention and become a locus of collaboration between developers from teams at Accenture and Fujitsu, and dozens of others working on DLT platforms both inside and outside Hyperledger.
Member applications
DAML, the open source smart contract language created by Digital Asset, enables application portability across three major Hyperledger frameworks: Besu, Fabric and Sawtooth. Blockchain Technology Partner’s Sextant for DAML supports both Hyperledger Besu and Sawtooth, as well as Amazon QLDB and Aurora cloud databases, allowing the same distributed application to be easily deployed across all four platforms. Hear more about the “Write Once, Interoperate Anywhere” approach in this presentation on how DAML smart contracts connect networks, especially Hyperledger Besu, Fabric and Sawtooth.
Hyperchain Labs created an oil and gas ticketing blockchain network to help companies reduce costs, improve performance and maintain compliance. The network is built using the Hyperledger Fabric framework and is run on the IBM Blockchain Platform. BlocWatch software is used to ensure the Hyperchain Labs network is running optimally and securely. As a monitoring and security tool, BlocWatch seamlessly integrates with Hyperchain Labs and IBM, empowering users to easily manage all platforms in one place. Explore how Hyperchain Labs uses BlocWatch in conjunction with the IBM Blockchain Platform in this short video.
Smart Block Laboratory built the Hyperledger Fabric-powered distributed register Cryptoenter, blockchain infrastructure for digital banking that unites banks into a single digital space for transmitting financial messages and brings a new level of interaction to the financial market. The platform is designed for p2p interaction between consumers of financial services, safe execution of payment transactions with cryptocurrencies, fiat currencies and cryptocurrencies, user interaction within a social network for investors / distributed crowdfunding platform.
The basis of the platform is the Rubicon Blockchain, a cloud platform for the blockchain economy, built on Hyperledger Fabric. Cryptoenter has a dual security system: at the Hyperledger blockchain network level and at the Rubicon Blockchain (also based on Hyperledger Fabric) network level. The solution uses an SRP authentication system. TLS (transport layer security) protocol based on SSL (Secure Sockets Layer) protocol is also included. This dual security system allows Cryptoenter to authenticate the person who signed the message, control message integrity, protect the message from fakes and prove the authorship of the person who signed the message.
Technical talks from Hyperledger Global Forum
Nathan George from the Sovrin Foundation offers his take on “Standards and Interoperability for Identity”
Identity platforms have made significant advances leveraging blockchain technology and standards developed at Hyperledger. In his talk, Nathan covers the latest in trusted information flows and the standards being incubated to promote interoperability and create network effects across multiple blockchains and identity platforms.
Key topics include the advancements incubated in Hyperledger Indy, Hyperledger Aries, the W3C Credentials Community Group and at the Decentralized Identity Foundation for Verifiable Credentials, Decentralized Identifiers (DIDs), DID Communications, Identity Hubs, Authentication, and the data models that power them.
Panelists Rich Meszaros and Sarah Banks from Accenture, Melanie Nuce from GS1 US, David Cecchi for Cargill and Patrick Erichsen from Target discuss “Business Interoperability – The Key to Supply Chain Traceability”
Technology such as blockchain has the power to solve complex challenges and achieve improved supply chain traceability. In order to tap into this powerful technology, interoperability, enabled by robust data and transaction standards, are a must! Segments of the supply chain, such as the food industry, have made significant progress leveraging data standards to support food safety and product transparency use cases. The panelists discuss their companies’ work on improved supply chain traceability, the importance of standards and the role business interoperability plays in accelerating the success of new technologies like blockchain.
Join the conversation about blockchain-based identity technologies and solutions with #HyperledgerInterop this month on social channels.
Digital identity is gaining a lot of traction as a driver for blockchain adoption. There is growing recognition across many markets that reshaping how digital information is managed and verified can simultaneously increase online trust and privacy. The Hyperledger community is working hard to develop and deploy blockchain-enabled identity technologies and solutions with an eye towards decentralizing control of information and creating new models for verifying identities.
To illustrate where this technology can take us, we are showcasing some applications where it’s already being put into action:
Known Traveller Digital Identity
Known Traveller Digital Identity, or KTDI, is a World Economic Forum initiative with Accenture that brings together a global consortium of individuals, governments, authorities and the travel industry to enhance security in world travel. The pilot leverages cryptography, blockchain technology and biometrics and aims to allow cross-border travel without presenting physical documents, accelerating the flow of passengers through airports, improving passenger experience, and enabling authorities to better focus limited resources on security improvements.
QDX™ HealthID platform
QDX™ HealthID platform is a service from Quantum Materials Corp that leverages self-sovereign identity technology to provide end-to-end visibility to support testing and immunization for infectious diseases, including COVID-19, at scale. The platform enables multiple methods of authenticating the individuals being tested, those who are administering the test, as well as the test kits themselves, whether to detect the presence of the virus itself or associated antibodies.
The QDX™ HealthID platform uses Hyperledger Sawtooth as the backing distributed ledger technology, which is deployed and managed using Blockchain Technology Partner’s platform Sextant for Sawtooth. The platform is also readied for integration with other distributed ledger applications via DAML, the smart contract language open sourced by Hyperledger member, Digital Asset.
MemberPass™
Provided by CULedger, MemberPassTM is a digital credential held by credit union members that protects credit unions and their members from identity theft and fraud in all banking interactions, from call center authentication to lending to new account opening. MemberPass is a simple, secure replacement for user IDs and passwords, and supplants the traditional knowledge-based interrogation contact centers employ today to authenticate members calling for telephone banking services. MemberPass seamlessly authenticates both, the member and the credit union to each other, in any call-in, log-in or walk-in exchange, providing a consistent, frictionless experience across all channels.
Sovrin Network
Operated by independent Stewards, the Sovrin Network uses the power of a distributed ledger to give every person, organization, and thing the ability to own and control their own permanent digital identity. With recent advancements in digital identity standards, Sovrin provides a secure and private network for identity holders to collect, manage and share their own verifiable digital credentials.
The Sovrin Network is governed by The Sovrin Foundation, a nonprofit organization established to administer the Governance Framework for this open source decentralized global public network enabling self-sovereign identity on the internet.
Trust Your Supplier
Trust Your Supplier is a production Hyperledger Fabric blockchain network, running on the IBM Blockchain Platform, that provides suppliers with a trusted digital passport to streamline on-boarding with their customers.
The Trust Your Supplier network is a cross-industry source of supplier information and identity helping to simplify and accelerate the on-boarding and lifecycle management process. TYS was built to be a cross-industry blockchain network to facilitate procurement functions within an organization. The network’s first use case is focused on supplier onboarding and validation.
VerifiedMe
Verified.Me is a service offered by SecureKey Technologies Inc., in conjunction with a consortium of seven of Canada’s major financial institutions – BMO, CIBC, Desjardins, National Bank of Canada, RBC, Scotiabank and TD. Verified.Me is a privacy-respecting digital identity and attribute sharing network. The service simplifies identity verification processes by allowing individuals (subjects) to share identity and attribute information from trusted sources (including financial institutions, mobile operators, credit bureau, and government) with the services that they wish to access.
The network is based on permissioned distributed ledgers operated by the consortium. It is built using the IBM Blockchain Platform which is based on Linux Foundation’s open source Hyperledger Fabric and is aligning with W3C decentralized identity standards, to enable interoperability with other networks. SecureKey’s Triple Blind® approach means that no network participant alone, including SecureKey, can have a complete view of the user journey – the subject can’t be tracked.
The service is free for consumers to use, either using their web browser, or by downloading the mobile app through the App Store (iOS) or Google Play (Android).
Join the conversation about blockchain-based identity technologies and solutions with #HyperledgerIdentity this month on social channels. Also, Hyperledger has an Identity Working Group that is open to all. Learn how to get involved via this video.
To be or not to be is not a question nowadays. To the normal citizen, you have your birth certificate that enables you to have an identity, a driver’s license, a passport and voilá: You are.
Even that digitally seems quite common and straightforward. Most of the western citizens have not one but many digital identities with them: a Google account, a Microsoft account, a Facebook account, etc.
This is not the case for a large segment of mankind: A group that has no identity, knows little or nothing about their roots and cannot provide any proof of them. By not being able to prove their identity, they cannot open a bank account, access healthcare or enroll in university. They cannot have a “normal” life. Unfortunately, for this group, it is easier to buy a pizza using Bitcoin than to prove their names, origins and history.
This happens because we lack a common ground for identities. Governments have strong agreements on how each of them will “understand” documents issued by other nations. Internal conflicts, commercial disputes or other political situations make it hard for some countries to be part of such agreements and they end up being left outside. In some cases, those excluded countries are the ones facing issues that force their populations to migrate. Without an identifying document recognized by their host countries, these migrants become “nobodies” in their new home.
Self-Sovereign Identity, Interoperability and Trust
Hyperledger Indy, a distributed ledger built for the purpose of decentralized identity, will be a powerful tool to overcome this issue. It will do so by being a carrier of trust.
Distributed Ledger Technology (a “blockchain”), in an identity management scenario, enables everyone in the network to have the same source of truth about which credentials are valid and who attested to the validity of the data inside the credential, without revealing the actual data.
Through the infrastructure of a blockchain, an identity verifying party does not need to check the validity of the actual data in the provided proof. Instead, the verifier can use the blockchain to check the validity of the attestation and attesting party to determine whether to validate the proof.
For example, when an identity owner presents a proof of his or her date of birth, rather than actually checking the truth of the date of birth itself, the verifying party will validate the government’s signature who issued and attested to this credential to then decide whether he trusts the government’s assessment about the accuracy of the data.
Hence, the validation of a proof is based on the verifier’s judgement of the reliability of the attestor.
But trust is not the only issue we face. Most of the identity credentials issued by an institution are particular to that institution. There’s no standard on those schemas. Through Indy and standards such as Verifiable Credentials (whose Data Model 1.0 was recently published as a W3C recommendation) interoperability between institutions and different identity management systems might be achieved.
Using this technology, Non-Governmental Organizations (NGOs) can help those “invisible people” gain access to services and expedite the humanitarian process. In the future, it may even enable NGOs to issue some sort of universally verifiable digital identity credentials to refugees. Credentials that refugee host countries could “understand” and accept because they use the same interoperable digital identity standards and trust the NGO that issued the credentials. This would allow refugees to fully access services in their host countries. They would be able to be included in society, open bank accounts, rent houses and be productive as any other citizen.
The key is interoperability and the decentralization of trust.
Hyperledger Indy
Hyperledger Indy is still quite young with a lot to be discussed and done. However, it has an engaged community around it, researching, asking questions and working towards the maturity of the ecosystem. The main tool to start using Indy is Indy-SDK. An SDK (Software Development Kit) is a “kit” that brings all-you-need tools in one library.
Today the solution still relies solely on said SDK. That can be tricky as it carries a lot of heavy-weight assumptions like using ZeroMQ, which browsers are not compatible with because of RAW TCP usage, to communicate with the node. That usually requires more recent mobile devices to work. Also, being a kind of all-in-one library it carries functionalities not always needed to everyone that uses it.
To be the solution for the problem that plagues 1.2 billion people around the world who do not have an identity, the current technology still needs improvements. It has to be easier to use on basic phones, easier to integrate and easier to develop. It still requires users to have powerful smartphones to hold wallets. It’s not possible to run on a browser. And, we are challenged with little and sometimes confusing documentation on the technical side.
There are a lot of initiatives tackling those issues. Hyperledger Aries, which is making it more modular, Indy-crypto, indy-vcx and other projects are working to make this tech more democratic, transparent and easy to use.
A lot of independent programmers are also experimenting with it, successfully creating, for example, a nodejs indy request that made a “sdkless” call to the node. I would personally love to see an HTTP with encrypted body request work over an Indy node and other “think outside the box” kind of tools.
Overcoming those issues will not be easy, but when we, the entire digital identity community, position ourselves in a united front to fight these problems, there’s a huge chance to succeed.
The identity community at Hyperledger is lucky to see the groundbreaking toolboxes, libraries, and resources grow by leaps and bounds in just a very short time. From Hyperledger Indy, then Hyperledger Ursa, to the new project Hyperledger Aries, widespread adoption of decentralized identity is closer than ever. It was this excitement and optimism for the growing industry of identity products and solutions being born out of this community from which the Self-Sovereign Identity Incubator (SSI Incubator) was launched. By combining the expert mentors from all over the decentralized identity world with some of the most passionate innovators in the identity startup scene today, the Hyperledger identity community is poised to see growth that we’ve all been waiting for.
The SSI Incubator is designed to remove barriers to startup financing and success within the self-sovereign identity (SSI) industry. More than just seed funding and high-profile pitching opportunities, participating startups also receive co-working space, educational workshops, mentorship, and networking events with some of the most influential voices in the decentralized identity community today. The startups in this program are nearing the end of this time-limited and mentor-focused program, with the 12 weeks culminating in a final evening devoted to exploring the future of SSI.
The five startup projects are:
Domi (Berlin): Digital passports for landlords and tenants that would create a fairer rental market.
HearRo (Los Angeles): A blockchain-powered phone system for trusted, effortless communication
MetaDigital Inc (Toronto): An Intelligent Healthcare Platform that would eliminate medical prescription and insurance claim fraud with real-time digital verification.
Spaceman ID Inc (Chicago): Tools for companies to easily implement private, secure, and portable digital credentials.
Xertify (Bogotá, CO): A network where people and institutions can exchange trusted information based on blockchain technology.
“The Hyperledger identity community holds the secret to growing the use and interoperability of SSI. The SSI Incubator has shined a light on the breadth of organizations of all types and sizes that see the value of decentralized identity,” said Heather C. Dahl, CEO & Executive Director of the Sovrin Foundation. “The mix of SSI solutions and startups focused on healthcare, enterprise adoption, the home rental market, telecommunications, and education joined us from around the world shows the widespread interest and development in self-sovereign identity technologies. This range of diverse solutions is what is driving SSI adoption.”
My name is Zixuan Zeng, a CS student from Zhejiang University. This summer, I was happy to join the Hyperledger Internship Program and had a very fulfilling experience. I was fortunate to work with my mentor Adam Burdett from the Sovrin Foundation on a project focused on building a Raspberry Pi Indy agent on Raspberry Pi.This project’s goals was to develop a Hyperledger Indy agent running on Raspberry pi, producing a customized Raspbian image that provides easy access to GPIO pins, enabling it to interact with external sensors, LED matrix, etc. With the new Hyperledger Aries project, our implementation was an Aries-cloud-agent (previously indy-catalyst) that can interact with Indy pool and create more interesting applications. This project also includes an Aries RFC defining the message format for interactions with Sense-Hat extension board as well as its messaging module implementation.
What I learned:
Open source community work style: Through this summer’s internship, I experienced the working style of open-source development from the Hyperledger community. For example, I opened a GitHub issue and got it resolved.
Blockchain knowledge: In this internship, I got to know more about not only the basic blockchain concept but its exciting applications in the future. I learned distributed ledger, zero-knowledge proof and decentralized identifiers during this summer. Additionally, I had the opportunity to set up and test blockchains myself.
Programming experience on IoT devices: I also gained hands-on programming experience on Raspberry Pi. Since it has ARM architecture, even compiling the SDK was a tough task for me at first. After many tries and looking up the documents, I finally made it on Raspberry Pi. Using Python to control an external GPIO port was also a fun and new experience to me.
Implementation of a working Hyperledger Indy agent: Working with Aries Cloud Agent, I developed messaging protocols and successfully implemented a working agent. Walking through the architecture of the agent project was really a learning experience for me. I felt very accomplished when I understood the structure of the whole project and developed sub-module based on that.
What comes next:
The next step for this project could be:
Extend to other IoT devices
Add support for more add-on boards
Add support for more messaging types
After this fulfilling experience, I determined that my plan is to become a software engineer, especially in blockchain area. I am happy to join the Hyperledger family and hope I can make more contributions to this vibrant community in the future.
Below are some screenshots from my project. To read my full report, go here.
Those who study decentralized or self-sovereign identity technologies quickly run into two important mental models. The Decentralized Identity Foundation promotes the notion of hubs—services that help an identity owner manage data and interact through it. Hyperledger Indy and the Sovrin Foundation talk about agents—pieces of software that hold delegated keys, exchange digital credentials, and otherwise do an identity owner’s bidding.
Overlapping descriptions of hubs and agents have fostered a perception that they’re competing technologies. This is unfortunate, because the truth is quite different. Hubs and agents are actually synergistic, as explored below. Like a drummer and a guitarist, they contribute in vital and complementary ways to the music of identity.
But if we want cryptographic primitives to yield practical benefits, we have to package decentralized identity so it’s easy for a child or a grandparent who thinks of tech in terms of clicks on a cell phone. That’s where hubs and agents come in.
Hubs are the data managers of decentralized identity. Like DropBox or Google Drive or iCloud, they let you put data into the cloud with confidence that it will be secure, available, and shareable anytime, anywhere. Unlike those familiar services, hub interfaces are vendor- and platform-agnostic. If you migrate from Apple to Android, your data is unaffected. If you close an account with Google, your data survives, because the data is tied to you, not to an email account or a piece of hardware. If a hacker or a malicious sysadmin or the machine learning algorithm of a data miner peers into your storage, they see data encrypted by keys that only you hold.
Agents are the personal assistants of decentralized identity. Remember how Iron Man delegates work to Jarvis? Agents are connected and digitally empowered like Jarvis. They are the mechanism for sophisticated delegation that gets work done—work like giving and retracting consent, buying and selling, scheduling and reminding, auditing, monitoring, proving things with credentials, enacting and fulfilling contracts, issuing receipts, and so forth. They speak bits and bytes, keys and crypto, and protocols and transports, so their masters don’t have to. Unlike Alexa and Siri, they are trustworthy fiduciaries, because they work exclusively for their owners. They don’t stream data about their masters back to a corporate data lake to be analyzed and mined.
Better Together
Rock music often begins with a percussion groove to set tempo and mood, with the guitar joining a few bars in, as storytelling begins. The opposite sequence is also used, where a guitar or voice leads out, and drums appear later to rev up the energy. Either way, the full power and synergy of a band manifests when each component is actively playing its part.
Similarly, agents and hubs make more powerful music when they work together. Most work that agents need to do is rooted in and informed by data; an agent that has a hub to work with is likely to be far more useful to its master. And data is an asset, but cultivating it for security and usefulness can drown us in details without powerful tools, as anyone who’s cataloged years of cat videos can attest. Having an agent to enact decisions and reference the data in appropriate, automated ways in interactions is a no-brainer.
The straightforward ability to dovetail is part of what differentiates the hub+agent combination from more specialized SSI technologies like Solid, which have a more standalone vision. Solid’s features are similar to hubs. An integration path between it and the identity, credential, and protocol features of agents undoubtedly exists, but is not a design goal.
We expect that the most useful decentralized identities will use both hubs and agents.
Harmony
How, exactly, are duties divided between hubs and agents?
To answer that question, it’s important to understand that both agents and hubs are intangible software constructs that interact over the network through APIs or messages–and that the DID communication mechanisms they use are common. In other words, they share large amounts of DNA. What separates a hub from an agent is which high-level protocols it is assigned. The division of work is manifest in which messages are sent to which component. This division used to be muddy, but it is now clarifying nicely and should become even crisper. We advocate dialog around remaining questions, and in the meantime, we suggest the rules of thumb that follow.
Hubs and agents focus on different things. Overlap is shrinking.
Hub protocols are data-oriented. They model operations as commits to a data object, or as reads of an object state. Several datatype interfaces can be read, written, or queried in similar ways: Profile, Permissions, Actions, Stores, Collections, and Services. Collections is the most foundational to the hub’s role as a data manager; it is where chunks of data of almost any type can be accessed, both by the data owner and (if the owner wishes) by others. Permissions control access to data. Profile describes the identity owner (think a universal, self-hosted gravatar). Services is the basis of a hub’s extensibility mechanism. Stores and Actions are for advanced use cases that we’ll gloss over in this high-level discussion.
One identity owner may use many hubs. Hubs make the physical topology transparent; to the owner, it just feels like data is always available on whatever device and whatever network is convenient. In keeping with the hub’s focus on data management, hubs are not deeply trusted or deeply informed about their owner’s behavior. They don’t take actions on the owner’s behalf, and they don’t hold keys. However, hubs can relay messages to other components, like agents, for processing. They are superb data managers.
Agents are flow-oriented. Their job is to get work done, and the unit of work management is a protocol. Agents might support protocols for issuing credentials, negotiating payment, or dozens of other personal and business processes. The messages that arrive at agents are routed to a protocol handler that looks up the persisted state of the flow and takes the next step, based on what the message says. Agents do take actions on the owner’s behalf; for example, when Alice digitally signs a lease with her mobile phone, an agent has to do the underlying crypto because Alice can’t handle modular exponentiation in her head, and she can’t speak bits and bytes over Wifi.
A component diagram that shows how hubs and agents deploy and interact in a credential-oriented interaction may help to provide a tangible example:
Hubs and agents work together to connect Alice to other parties on the digital landscape.
Agents should generally defer storage management tasks to hubs. The persisted state that an agent adds to, when taking the next step in an incomplete workflow, should be read from and written to a hub’s sophisticated storage layers–and by viewing messages as data, hubs can add reliable delivery guarantees to route or relay functions that propagate messages to all of Alice’s agents. When Alice wants to share her cat videos with Bob, she should point him to a URI backed by her hub(s). It is possible that some agents will operate without hubs (e.g., IoT devices that emit sensor data but that don’t store much); however, most sophisticated agents will have hub storage available to them.
Hubs should generally defer complex, non-data-management work to agents. When Bob wants to buy a car that Alice is selling, he engages in a buy~sell protocol that begins as Alice receives a message from him. This message arrives at the boundary of Alice’s world at an endpoint she designates. That endpoint might be hosted on a hub, where the message can be persisted and replicated—or it might flow directly to one of Alice’s agents. Either way, it is the agent’s interface that Bob interacts with and that provides interoperable workflow. It is possible that some hubs will operate without agents (e.g., doing nothing complex beyond sharing data); however, most hubs will collaborate with agents nearby.
Conclusion
Hubs and agents are complementary technologies. Hubs are the data relays and data managers of decentralized identity; agents are the personal assistants. Each solves complex problems for identity owners, and each gets more powerful when paired with the other. We expect flexible and powerful decentralized identities to use both.
After working on the problem of identity online for more years than we care to admit, it is heartening to see that we are not alone: The identity community we’ve longed to see is here, and it’s transforming the world. In the months since Hyperledger Indy graduated to ‘production ready’ active status, we’ve seen an outpouring of digital identity business solutions come to market.
These accomplishments are due, in part, to the growth and maturity of the Hyperledger Indy code; but, equally, they wouldn’t have happened without a collaborative community of dedicated contributors passionate about changing the way identity works online. And their outstanding work is not going unnoticed by the wider technology community: self-sovereign identity (SSI) has gone from “interesting idea” to “this looks promising” to “we need to implement this now.”
The Time for SSI Has Come
Forrester’s recent “Top Recommendations for Your Security Program, 2019,” testifies to this, describing SSI as a “win” for customers and businesses, and urged chief information security officers (CISO) to “Empower your customers to control their own identities via self-sovereign identity.”
They can do this because exchanging verifiable digital credentials is at the heart of SSI. This ends the need for massive data silos, honeypots, and unsecured data repositories housed at countless corporations and organizations. Instead, anyone can hold secure and verifiable information about themselves, and through Zero-Knowledge Proofs (ZKP), minimize the information they decide to share with others. (ZKPs are an important type of advanced privacy-preserving cryptography now available in the open source community within the recently announced Hyperledger Aries project).
This doesn’t just benefit consumers in terms of information sharing, businesses also get to avoid GDPR and regulatory compliance issues and benefit from much better security. Moreover, we’re finally starting to see the big tech companies come to the realization that the status quo isn’t working when it comes to data collection, and sooner or later, it will affect their bottom line. SSI is the disruptive technology that the industry has been waiting for.
The Indy and Aries communities are driving this disruption in privacy and personal data by designing and building the protocols, technologies, and code that makes SSI possible. But moving beyond the code and building real solutions will require new companies. Like the Web 20 years ago, most of these will be startups who have a vision for this new way of interacting online.
Nurturing the Digital Identity Community
This is why we’re excited to be supporting the valuable work of the SSI community with the launch of the Self-Sovereign Identity Incubator.
Designed to help organizations and companies learn how to use code from Hyperledger Indy to create verifiable credential exchange products and SSI solutions, this intensive 12-week program based in San Francisco will be a bootcamp for identity entrepreneurs and start-ups. It also gives participating companies $180,000 in investment and the comprehensive hands-on technical support and mentoring they need to realize their business ideas and bring their products to market.
At a point where SSI is reaching critical mass, we want to see the identity community grow bigger and stronger and build the products that take SSI to the masses. As Sovrin Foundation Executive Director and CEO Heather Dahl recently noted at the New Context Conference in Tokyo, an event founded in 2005 by Digital Garage co-founder and Director of MIT Media Lab, Joi Ito, “Self-sovereign identity is the next disruptive innovation; it changes the very nature of how people connect with the companies and services that they rely upon online.”
It’s great to see the SSI Incubator already receiving its first batch of applications, with many from the same Hyperledger community Sovrin first worked with to donate the source code to Hyperledger Indy. These are the same members who we see contributing and maintaining the code repositories for Hyperledger Indy and Aries today,
These products are poised to transform the fundamental way the Internet runs and the way we will use it to the benefit of everyone. With our years of experience and depth of knowledge about digital identity, supporting this community and these projects is not just something interesting for us to do in our spare time. It is our job as leaders in technology and identity to support, educate, and most importantly, fund the projects, that will change the future of identity forever.
About the authors
Greg Kidd is the Founding Partner of Hard Yaka, a fund investing in portable identity, payments and marketplaces necessary for digital transformation. He has invested in more than 100 startups, including Twitter, Square and Ripple.
Dr. Phil Windley is chair of the Sovrin Foundation and the co-founder and organizer of the Internet Identity Workshop. He is a passionate technology educator and is the author of the books The Live Web and Digital Identity.
Adds 10 More Members, Powers Half of the Blockchain 50, Hits Production Milestones for Hyperledger Indy and Hyperledger Iroha
SAN FRANCISCO (May 9, 2019) –Hyperledger, an open source collaborative effort created to advance cross-industry blockchain technologies, today announced 10 more organizations have joined its growing global community. These new members join just as the Hyperledger portfolio of production-ready projects doubles and Forbes documents the scope of Hyperledger deployments in leading global businesses.
Hyperledger is a multi-venture,
multi-stakeholder effort hosted at the Linux Foundation that includes various enterprise blockchain and distributed
ledger technologies. According to the recent Forbes Blockchain 50 list,
over half of the biggest companies deploying blockchain are doing so on a
Hyperledger platform. And now two more projects, Hyperledger Indy and Hyperleger Iroha, have hit development
milestones that make them production ready.
“As
the Forbes 50 shows, blockchain technologies and, specifically Hyperledger
projects, are now having real-world impact,”
said Brian Behlendorf, Executive Director, Hyperledger. “With four
production-ready frameworks and 270 members working to develop and deploy
Hyperledger technologies around the world, the rate of adoption and the rise of
production systems will only accelerate. Our newest members will further fuel
this growing community, deployment and development momentum.”
Hyperledger allows organizations to create
solid, industry-specific applications, platforms and hardware systems to
support their individual business transactions by offering enterprise-grade,
open source distributed ledger frameworks and code bases. The latest general
members to join the community are Consensus Datatrust Technology Co., Ltd., FRST Corp., Fusion Tech+, Hedera Hashgraph LLC,
INBLOCK Ltd, RealMarket and Xilinx, Inc.
Hyperledger supports an open
community that values contributions and participation from various entities. As
such, pre-approved non-profits, open source projects and government entities
can join Hyperledger at no cost as associate members. Associate members joining
this month include Arizona State University, Portland State University and
University College London.
“It is a great honor to join and be a
member of Hyperledger,” said Maolu Wang, Chairman, Consensus Datatrust.
“As a revolutionary new technology, blockchain has shown great potential
in the field of B terminal. We understand that the solution of digital letter
integrates blockchain and big data. We believe that blockchain technology can
be used as a link for multi-party data sharing to solve previous business
problems by technical means. As a member of Hyperledger, we will provide strong
technology promotion and product promotion support, and we look forward to
making continuous contributions to the community.”
“The open source dev ecosystem has a tradition
of testing assumptions, trying new things, and building important, evolving
codebases. FRST is excited to join the Hyperledger community, and we believe
participation will advance our work as a data-driven, blockchain-native
enterprise analytics company,” said Karl T. Muth, CEO of FRST. “We can’t
wait to share our questions and ideas with this community.”
“We are very happy to join Hyperledger and
look forward to collaborating with the community to provide innovative
solutions for our partners and customers,” said Yang Lu, CTO of Fusion
Tech+. “Fusion Tech+ is a smart technology company under Fusion Group.
Relying on the strong strategic layout of the IoT, Fusion Tech+ puts forward
the concept of Tech+ for enabling innovation and an integrated service platform
called ‘Fusionfintrade,’ which deeply integrates technology, finance and
scenarios to create a mutual enabling ecosystem. Our platform supports many
scenarios and, as we develop it, we will also be actively contributing to the
Hyperledger ecosystem and working with the other members to promote the
development of technology and industry.”
“We are excited to join the Hyperledger
community, which comprises some of the most forward-looking organizations
working on distributed ledger technology,” said Mance Harmon, CEO of Hedera
Hashgraph. “We know enterprises have been exploring DLT use cases with
Hyperledger technology. Hedera provides an enterprise-grade public
network that complements those existing and future projects.”
“It’s been a long-time
goal for us to join the Linux Foundation and Hyperledger,” said Jay Baek,
vice president at INBLOCK. “Since the introduction of Mainnet last year,
we’ve been cooperating with leading experts and allies in the blockchain
industry to develop and improve the global business value. While our focus in
on digital assets, we see that blockchain has the potential to revolutionize
all industries, and we hope to contribute to the technology’s wide, real world
impact.”
“RealMarket is a
FinTech/RegTech company producing innovative alternative finance solutions
using enterprise blockchain, machine learning, and big data. Our ultimate
vision is a fully programmable economy powering groundbreaking and sustainable
development worldwide,” said Dr. Dušan Gajić, CEO of RealMarket. “Thus, it is
natural for us to join Hyperledger and the Linux Foundation, and we are both
proud and excited to do so. Hyperledger is vital to our efforts as its suite of
technologies ensures that the store of business-vital data and the rules
governing their transformation are securely distributed. It is our aim to help
develop Hyperledger further as we build an innovative platform combining equity
crowdfunding, a private equity secondary market, cap table management, and
corporate governance automation. All of this is only possible because
Hyperledger Fabric is at the core of our system.”
About Hyperledger
Hyperledger is an open source collaborative effort created to advance cross-industry blockchain technologies. It is a global collaboration including leaders in finance, banking, Internet of Things, supply chains, manufacturing and Technology. The Linux Foundation hosts Hyperledger under the foundation. To learn more, visit: https://www.hyperledger.org/.
