Category

Hyperledger Indy

Reducing Government Red Tape: British Columbia Creates New Business Identity Model with Hyperledger Indy

By Blog, Hyperledger Indy

In Canada, starting a new business can be like navigating a maze with three levels: local, provincial, and federal. A helpful checklist on starting a business in Canada offers 60+ links to explore. All this red tape frustrates entrepreneurs and governments alike.

To lighten that burden, teams from the governments of British Columbia (BC), Ontario and Canada have started an ambitious project to fight red tape using decentralized identities and trusted credentials. They are jointly building the Verifiable Organizations Network (VON), to provide an open source software stack that helps business people establish trusted and enduring digital identities and speed up applying for permits and licenses from government agencies.

The first project to emerge is OrgBook BC, an online directory that makes finding authentic and authoritative data about companies faster and easier. Launched in January of 2019, it is designed to reduce the time to do due diligence on a new supplier or client from hours down to a few seconds.

Of course the path to this launch included a number of key development challenges, strategic technology choices and partnership across governments and the larger Hyperledger community. For more on all of these steps, check out this detailed case study.

Now that OrgBook BC is live, the VON goals are expanding the applications, growing the footprint and encouraging more jurisdictions to use the software stack until the network effect takes hold. To get the larger developer and business community engaged, the team is hosting BootCampBC as part of #BCTechSummit. The Honourable Jinny Sims, Minister of Citizens’ Services and MLA for Surrey-Panorama, will be opening the event, underscoring the government’s commitment to driving the growth and adoption of VON.

BootcampBC, hosted by technology leaders from Hyperledger Indy, Verifiable Organizations Network (VON) and the Sovrin Foundation, will cover the concepts of self-sovereign identity and guide participants through building their own Hyperledger Indy agent to verify and issue verifiable credentials using VON’s technology.

All Are Welcome Here

By Blog, Hyperledger Burrow, Hyperledger Fabric, Hyperledger Indy, Hyperledger Iroha, Hyperledger Sawtooth

A Minneapolis coffee shop that has fueled or at least caffeinated a lot of Hyperledger commits.

One of the first things people learn when coming to Hyperledger is that Hyperledger isn’t, like it’s name may imply, a ledger. It is a collection of blockchain technology projects. When we started out it was clear almost immediately that a single project could not satisfy the broad range of uses nor explore enough creative and useful approaches to fit those needs. Having a portfolio of projects, though, enables us to have the variety of ideas and contributors to become a strong open source community. Back in January of 2016 Sawtooth and Fabric were both on the horizon followed shortly by Iroha, but we wouldn’t have predicted that we would have Hyperledger Burrow and Hyperledger Indy – two projects that bear no resemblance to each other. Burrow is a permissioned Ethereum-based platform and Indy is a distributed identity ledger. Burrow is written in Go, and Indy was created in Python and is porting to Rust.

Both of these platforms are interesting in their own rights, but Hyperledger is even more interesting for the combination of these projects with the others. Both Sawtooth and Fabric have already integrated with Burrow’s EVM. Now Hyperledger has a set of offerings that can simultaneously satisfy diverse requirements for smart contract language, permissioning, and consensus. Likewise Sawtooth and Indy have been working together at our last several hackfests. The results of that may unlock new use cases and deployment architectures for distributed identity. So it’s not that our multiplicity of projects has given us strength through numbers, but rather strength through diversity.

Hyperledger Hackfest – December 2017 at The Underground Lisboa

The hackfests that we mentioned are one of the rare times that we get together face to face. Most of our collaboration is over mail list, chat, and pull-requests. When we do get together though it’s always in a new city with new faces. One of our most recent projects was hatched inside one of those buses. It wasn’t the most ergonomic meeting I’ve ever had but there was room for everyone on that bus.

Hyperledger Hackfest in Chicago

Our hackfest in Chicago was in a lot more conventional surroundings (still a very cool shared creative space .. lots of lab equipment and benches out of view on the other side of the wall to the right). Looking back at this photo is fun for me. I can see a lot of separate conversations happening at each table… people sharing different ideas, helping ramp new contributors, working on advancing new concepts with existing contributors. I can see a lot of similarity but also a little variety. It’s a busy room but there’s still open chairs and room for more variety.

Our next hackfest won’t be until March 2019 (Hyperledger is hosting Hyperledger Global Forum in December in Basel though). The March hackfest will be somewhere in Asia – location to be settled soon. The dates and locations of the other 2019 hackfests aren’t set yet. I don’t know where they will be specifically, but I do know that there will be a seat available and you will be welcome there.

These face to face meetings really are more the exception than the rule at Hyperledger. There are now more than 780 contributors spread all across the globe. 165 of those were just in the last few months. That means that every day we have a new person contributing to Hyperledger. Most of our engagement is through the development process. People contribute bug fixes, write new documentation, develop new features, file bugs, etc. If you’ve never contributed open source code before getting started might be intimidating. We don’t want it to be, though. There are a number of resources to help you get started. You can watch this quick video from Community Architect, Tracy Kuhrt. There’s documentation for each project, mail lists, a chat server, working groups, and some of the projects even host weekly phone calls to help new developers get engaged. Everyone in Hyperledger abides by a Code of Conduct so you can feel comfortable knowing that when you join any of those forums you will be treated respectfully. Anyone who wants to get involved can regardless of “physical appearance, race, ethnic origin, genetic differences, national or social origin, name, religion, gender, sexual orientation, family or health situation, pregnancy, disability, age, education, wealth, domicile, political view, morals, employment, or union activity.” We know that to get the best ideas, best code, best user experience we need your involvement. Please come join our community.

Image created by https://allarewelcomehere.us/ for Hyperledger

As always, you can keep up with what’s new with Hyperledger on Twitter or email us with any questions: info@hyperledger.org.

Five Hyperledger Blockchain Projects Now in Production

By Blog, Hyperledger Fabric, Hyperledger Indy

IT leaders have been hearing a lot about blockchain and its potential in the enterprise for the last few years, but until now they may not have heard much about how it is actually being used today for real-world business processes inside and between enterprises. So, we compiled this list of five intriguing, Hyperledger blockchain initiatives that are in production today across a wide range of industries, including food supply, fine art, insurance, aviation and accounting.

  1. Food source tracking using blockchain

Ensuring the safety and quality of a vast portion of the nation’s food supply is a huge undertaking, especially since incidents have occurred over the last several decades in which consumers have become sickened or died after eating tainted foods. IBM Food Trust is powered by Hyperledger Fabric to create unprecedented visibility and accountability in the food supply chain. It is the only network of its kind, connecting growers, processors, distributors, and retailers through a permissioned, permanent and shared record of food system data.

The IBM Food Trust network represents the continuation of more than a year of pilot tests with major retailers and food suppliers, including Golden State Foods, McCormick and Co., Nestlé, Tyson Foods and Wal-Mart Stores Inc. These companies formed a consortium in collaboration with IBM to use its food safety blockchain in order to protect consumers and enhance trust the food supply.

The solution provides authorized users with immediate access to actionable food supply chain data, from farm to store and ultimately the consumer. The complete history and current location of any individual food item, as well as accompanying information such as certifications, test data and temperature data, are readily available in seconds once uploaded onto the blockchain. Learn more here.

2. Blockchain for the airline industry

To help airlines improve passenger ticketing processes, NIIT Technologies developed its new Chain-m blockchain application using Hyperledger Fabric that can report on a wide range of critical information, from the number of tickets sold to fare amounts, commissions, taxes collected and more. Using a web-based interface, Chain-m adds transparency to ticketing processes, which is expected to help improve record-keeping, save money and improve security and agility in a complex business.

3. Follow the trail of Cambio Coffee with blockchain

Direct trade organic coffee seller Cambio Coffee provides a clear, traceable supply chain path for its products–from harvesting to roasting, packaging, and shipping–so customers could learn the exact details of what they are buying and drinking. To do that, the company began adding QR scan codes from ScanTrust to its coffee packaging, which when scanned records those details onto a Hyperledger Sawtooth blockchain network. Tying the QR codes together with the blockchain data lets coffee buyers scan the codes to see exactly where their coffee originated and how it arrived to their local store and into their grocery carts. The idea, according to Cambio Coffee, was to give its customers trust in its products and to provide transparency and traceability throughout their journey to customers. Watch the webinar here to learn more.

4. Blockchain for better enterprise operations management

China’s largest retailer, JD.com, offers its own JD Blockchain Open Platform to help enterprise customers streamline a wide range of operational procedures by creating, hosting and using their own blockchain applications. The platform uses Hyperledger Fabric and is an expansion of the company’s Retail-as-a-Service strategy, which offers some of its own internal initiatives to other companies as a service. The China Pacific Insurance Company is using the platform to deploy a traceable system for e-invoices, which are official receipts required in China for business. The system strengthens the security governance of e-invoices by applying unique blockchain IDs to each document, increasing efficiency and streamlining the accounting process, according to the company.

The platform allows users to create and update smart contracts on public and private enterprise clouds, while also enabling companies to streamline operational procedures such as tracking and tracing the movement of goods, charity donations, authenticity certification, property assessment, transaction settlements, digital copyrights and more.

5. Blockchain for insurance compliance data

Insurance companies are required to regularly report a significant amount of regulatory data that is subject to a wide range of compliance requirements and must be shared securely with regulators. The American Association of Insurance Services, a not-for-profit insurance advisory organization, has developed openIDL (open Insurance Data Link), which is designed to automate insurance regulatory reporting. Built on IBM Blockchain thus powered by Hyperledger Fabric, openIDL can help streamline regulatory and compliance requirements while improving efficiency and accuracy for both insurers and state insurance departments. The openIDL is the first open blockchain platform focused on the collection and sharing of statistical data between insurance carriers and regulators, according to the group. Using this blockchain network, insurers can contribute data directly onto the secure platform, which satisfies state regulatory requirements, while historical and current data is stored on an immutable blockchain ledger. Regulators are then provided permissioned access to view only the information they need to see for compliance purposes.

If you’re interested in learning about other ways Hyperledger technologies are used today to solve interesting problems, you can read through our case studies and/or visit the Blockchain Showcase.

(10.1.18) InfoQ: Implementing Privacy by Design in Hyperledger Indy

By Hyperledger Indy, News

In a recent Hyperledger blog post, Daniel Hardman talks about Hyperledger Indy and its ‘Privacy by Design’ approach to address decentralized identity management. Unlike many systems that add privacy to their product or service after the fact, Hyperledger Indy has been built using a privacy first approach. As the world shifts to more regulation, including GDPR and ePrivacy requirements, Indy can minimize the amount of details a user shares when having their data validated by a third-party system.

More here.

Privacy By Design in Hyperledger Indy

By Blog, Hyperledger Indy

The Scope and Limits of Indy’s Privacy Tech

Guest post: Daniel Hardman, Evernym

Privacy is a hot topic in blockchain circles–and across the entire digital landscape. GDPR, ePrivacy, and similar regulatory regimes have the world thinking hard and smart. Modern systems must bake privacy into their DNA; it can’t be bolted on after-the-fact. I’ve written elsewhere about why this is true, and how it must be done–and I’ve spent the last couple years helping Hyperledger Indy embody all the privacy goodness I know. I’m encouraged to hear a swelling chorus of blockchain practitioners opine that certain things must NOT go on a blockchain.

Perhaps you have heard a claim that Indy “solves” privacy. Or perhaps you’ve seen skeptics roll their eyes, muttering about how we’re all going to be correlated by the surveillance state, no matter what we do.

The truth is that both of these perspectives distort reality. Indy does offer some wonderful features to aid privacy, and these features matter! But institutions are certainly going to know some things about us, no matter what Indy does. Indy can minimize this in exciting ways. Nonetheless, what privacy we have, now or in the future, will emerge from a combination of technology, social and legal constructs, market forces, and human behavior; it can’t be trivialized as a tech problem.

What “Privacy Tech” Are We Talking About?

Today, Hyperledger Indy’s approach to privacy includes elliptic curve cryptography, pairwise DIDs, semi-trusted agents, agent-to-agent communication using techniques such as libsodium’s sealed box and authenticated encryption, zero-knowledge proofs, a separation between credentials and proofs, privacy-preserving credential revocation features, an affinity for data and key storage at the edge, and a carefully constructed wallet interface that manages personal secrets with industry best practices. In addition, privacy-preserving agent (device) revocation has been demonstrated as a proof of concept.

Indy’s roadmap includes additional privacy-enhancing features such as a user-friendly SSI tool (mobile app) with smart and safe defaults, microledgers, sophisticated policy and/or AI for agents, mix networks for transaction submitting and agent routing, and so forth.

Some of these technologies exist in other identity technologies, but Indy combines more of them, in far more powerful ways, than any similar technology I know.

What All This Tech Does NOT Deliver

Except for people who live in remote, technology-scarce  places, all of us are constantly observed and recorded. Google maps may have a picture of our front door; cell phone towers track the location of our mobile devices; credit card companies see what we spend; closed-circuit cameras watch us on the road or subway.

In such an environment, much will be known about us, even if we use Indy to prove things in zero knowledge. And, if we choose to use Indy to disclose something identifying–our email or phone number or name+birthdate, for example–then the disclosing interaction is correlatable to a much bigger digital footprint, no matter what fancy math did the proving. Even less perfect correlators like first name + fuzzy place + fuzzy time may correlate us, given sufficient context.

It might be tempting to say, then, that there’s no point to Indy’s elaborate privacy posture. But there is more to the story.

What Hyperledger Indy Privacy DOES Deliver

Hyperledger Indy allows you to construct interactions where the degree of disclosure is explicit and minimal–much smaller than what was previously possible. Nothing about the mechanics of connecting, talking, or proving in Indy is leaky with respect to privacy; vulnerabilities that emerge must come from the broader context. No other technology takes this minimization as far as Indy does, and no other technology separates interactions from one another as carefully. If privacy problems are like a biohazard, Indy is the world’s most vocal champion of wearing gloves and using a sharps container for needles–and it provides the world’s best latex and disinfectants.

Of course, this does not give perfect protection. Like a needle stick, mistakes can ruin Indy’s carefully sanitized interactions, and contamination is always a possibility. In 2017, the layouts of US army bases in some of the most dangerous locations in the world were compromised because soldiers had been using the Strava running app to track where they exercised (https://wapo.st/2J6DQqU). If this can happen when stakes are so high, and when the organization is as careful as a sophisticated army, then similar fiascos will undoubtedly occur, both with and without Indy technology, for the foreseeable future. These are serious problems that are not to be underestimated.

Despite the imperfect guarantees, doctors consider it worthwhile–even vital–to wear gloves. And despite risk, Indy’s privacy tech can deliver real value, if we are careful about constraining behavior and understanding use cases. Any interaction that does not leak is a tiny bit of personal, private space–and chaining such interactions together can accrue significant benefits. Indy makes it possible to prequalify for a loan at a thousand banks, in a way that proves credit worthiness, income, and citizenship, without forfeiting privacy. Used correctly, it can insulate cautious whistleblowers; it can enable secure, private voting; it can make online dating safer. Many other use cases exist. In each situation, we must carefully assess privacy beyond the narrow context of Indy’s proving mechanics. Gloves are less helpful when a disease vector is airborne; the government still needs to know who you are when you pay your taxes.

Intentions And Incentives

Besides discussing what protections Hyperledger Indy offers on the technical level, and what ways there might be to defeat such protections, we can also make an argument that architectures, algorithms, data models, and cryptography always carry a certain “intention” towards the parties we interact with. In our case, this intention is to maintain the individual’s privacy, sovereignty, etc. Whether or not the technology can strictly enforce this intention, or to what extent, is an important question, but not the only argument for building it in a certain way.

If we use pairwise DIDs and zero-knowledge proofs, the message is clearly “don’t try to correlate me,” even if you could find a way to do it if you try hard enough. An HTTP Do-Not-Track header says “do not track me,” but it doesn’t offer any actual protection from tracking. The VRM community has been talking about user-defined terms for a long time. In a relationship, you can express “don’t use my data for advertising,” or “delete my data after 14 days,” or “use my data for research, but not commercially.”

Simply expressing these intentions in code and architecture has value by itself. It bears a message that privacy and sovereignty “should be honored,” even if it cannot always be guaranteed technically that it will be. Over time, we expect that through regulation, trust frameworks, reputation, and similar mechanisms, not honoring such intentions will be discouraged. Of course we must always communicate clearly the limits of intentions and guarantees, lest we create a false sense of security that can lead to severe consequences.

One of the main reasons for the growth of Internet’s re-decentralization movement (Diaspora, Bitcoin, etc.) was not only to achieve more privacy and independence, but also to build architectures that better mirror the way we want society to work in the real world (not client/service aka. master/slave). At the same time, the point of view that “technology is neutral” is getting less prevalent, being more and more replaced by an assumption that “technology has built-in values.” From this perspective, privacy tech is valuable not only as a technical defensive mechanism, but also to make a point, to convey an intention.

Importantly, Indy’s technology also enables the transformation of privacy incentives. Companies that once stored PII can now store an opaque identifier for a customer, and contact the customer’s agent to learn more–then throw away the data after they use it. This has the potential to eliminate many centralized data troves as hacking targets, and it empowers people instead of impersonal and conflicted corporate guardians. Indy also provides meaningful advances in the world’s answers to privacy regimes like GDPR. We believe that in the future, social, software, and legal constructs will evolve to take advantage of the privacy features offered by Hyperledger Indy, and that this will lead to ever more creative types of business models and digital interactions not possible before.

 

Developer Showcase Series: Ian Costanzo, Anon Solutions Inc

By Blog, Developer Showcase, Hyperledger Composer, Hyperledger Fabric, Hyperledger Indy

We return back to our Developer Showcase blog! This series serves to highlight the work and motivations of developers, users and researchers collaborating on Hyperledger’s projects. Next up is Ian Costanzo from Anon Solutions Inc. Let’s dig in!

What advice would you offer other technologists or developers interested in getting started working on blockchain? 

Learn the fundamentals, and then get involved in an interesting open source project.

Working with Bitcoin is one of the best ways to learn the fundamentals of blockchain. The original white paper lays the groundwork in a clear and concise way, and there is a significant amount of documentation and examples available. Once you have a good understanding of the basic cryptography, merkle trees, proof of work, etc, it is much easier to work with more complex frameworks, which tend to layer on additional functionality (and complexity).

Then find an open source project and get involved. No matter what your interest there is probably a existing project in with a need for contributions in a number of areas. Documentation, introductory tutorials and testing are common needs. I’ve been involved in a few projects, and I’ve found there is always enthusiastic support (via slack, rocketchat, telegram, etc.) for new participants.

Also check for local meetups – I’m fortunate that in Vancouver there are a lot of blockchain enthusiasts, many meetups, and I’ve met quite a few interesting characters.

Give a bit of background on what you’re working on, and let us know what was it that made you want to get into blockchain?

I’m working with the BC Government on their Verifiable Organizations Network (VON) project (https://github.com/bcgov/von) using Hyperledger Indy.  I got involved in a roundabout kind of way.

Originally I was working with a homeless shelter in Calgary (https://www.calgarydropin.ca/) – they had recently implemented a new CRM and were looking at ways they could improve service to their clients by (securely) collaborating with other service providers. Their primary concerns were security of personal information, and respect for the sovereignty of individuals to control their own information, where possible. I did a survey of the technology space, and found that the Sovrin network (and Hyperledger Indy) was a clear fit for their requirement. I was lucky enough to get in touch with the BC group who were working with the same technology, and then fortunate to be able to participate in their project.

I’m interested in how blockchain can be used to help protect our personal information, and give us more autonomy and control over how our information is shared and used.

What project in Hyperledger are you working on? Any new developments to share? Can you sum up your experience with Hyperledger?

I’m working with Hyperledger Indy, with the BC Government. My role has been to scale up the solution to handle enterprise requirements, including large data volumes and transaction throughputs.  It’s been a fascinating experience, because I get to work with a lot of very smart people in the BC Government, as well as at Sovrin, Evernym and the whole Indy community.  The technology is new, which is interesting, but we’re also exploring new ways in how the technology is being applied, which creates lots of challenges and opportunities.

Specifically I’ve been working on an Enterprise Wallet for the central credential “holder.” I’ve updated the wallet to support multiple identities and millions of credentials, and to run in an enterprise micro-services deployment. I’m excited for the next round of SDK wallet development, which is going to introduce wallet meta-data, native encryption and improved search capabilities, which are all going to support functionality the team is planning to add in the coming months.

I’d also like to mention that the BC team is working in partnership with the governments of Ontario and Canada. In Victoria we work out of the government’s “Innovation Center”, which is focussed on public/private partnerships and support for the open source community. All the work we are doing is open source, available for use, and we welcome new collaborators.

What do you think is most important for Hyperledger to focus on in the next year?

Ease of use for new developers, as well as scalability. Ease of use is something that Ethereum (for example) has done a very good job with. Solidity is pretty simple to learn, and you can write very sophisticated blockchain applications without having to get too deep into the weeds. This is why Ethereum is one of the most widely used blockchain platforms. The downside of Ethereum is scalability (Crypto Kitties almost brought down the whole network) but that is something they are putting some resources into.

I’ve worked with Hyperledger Fabric and Hyperledger Indy, and I think anyone will agree that these are very complex technologies!  In order to get more widespread adoption documentation, training and tooling are critical. Their strength is that they are more specialized networks, however they come with a very steep learning curve, and this is something that needs to be addressed.

For Hyperledger Fabric, the introduction of Composer for application development was a huge step forward. Hyperledger Indy (what I am mostly working with now) could use similar tooling. There is work in progress on documentation and developer tools, but the more focus in this area the better!

As a private network, Hyperledger Fabric may not suffer from the same scalability concerns as public networks, but Indy supports a public network (Sovrin) so scalability is definitely a concern.

What’s the one issue or problem you hope blockchain can solve?

I like to think that blockchain can be used for the benefit of humanity, rather than just providing a living for those of us fortunate enough to be working with the technology.

Self sovereign identity has a lot of potential, putting information under the control of the individual rather than large corporations, allowing us to (selectively) share with our friends and colleagues, without having to worry about our information being mined and mis-used.  Also being able to benefit disadvantaged populations, like refugees and the homeless.

Privacy is another potential benefit of blockchain, having the ability to secure personal information, as well as being able to communicate and transact anonymously.

I’ve seen a lot of other really interesting applications proposed or prototyped, like using cryptocurrency to distribute aid directly to recipients (reducing the risk of graft), or using blockchain to track ethically captured tuna. I’m excited (and hopeful) for the future of this technology.

What technology could you not live without?

I resisted getting a smartphone for a long time, because I have a bit of a technology addiction. (I also don’t own a TV because I would just end up watching it all the time.) Now I have an Android phone, and I’m in constant communication. I always know the answer to every question (thanks Google) and where to go for lunch or the best route to get to the ferry. When I get involved in an interesting technology (like blockchain!) I become a bit of a workaholic and spend far too much time on the computer.

So the best technology for me is sometimes no technology at all. Leave the phone behind and go for a walk, to clear my mind. Sit down with a pen and paper to solve some problems, rather than try to work it out at the computer (This forces me to do some actual programming for a change, rather than just cut and pasting from StackExchange.) Read the newspaper rather than my news feed online.

Until the nervous twitching starts and I have to reach for my phone!

 

Questions from Decentralized Identity Webinar

By Blog, Hyperledger Indy

Guest post: Daniel Hardman, Evernym

During our recent webinar on decentralized identity, we accumulated a large backlog of questions. We thought it might be nice to cluster them by topic, and see if we could provide follow-up answers.

Q. How are decentralized identity, DIDs, and similar technologies compliant with (or not compliant with) GDPR, HIPAA and similar regulations?

Done right, decentralized identity can solve many gnarly problems. However, it’s not always done right. The decentralization is an opportunity, not a guarantee. For example, if you put personal data on the blockchain, you have a problem with GDPR’s right to be forgotten–but if you put personal data on a personal microledger, and not in a public place, you have no problem. See http://bit.ly/2taHIR8 for more details.

Q. I do not understand ‘permissioned public’ or ‘permissionless private’. Can you give examples? And why permissioned instead of permissionless?

Permissioned vs. Unpermissioned describes who can operate the network. Bitcoin is unpermissioned because anybody can download the software and run it, without asking permission first. Sovrin and Indy are permissioned, because although anybody can download and run the software, the network won’t accept your node’s vote about consensus on transactions unless/until your node receives permission to join the official validator pool.

Note that this Permissioned/Unpermissioned distinction DOES NOT affect who can use the network to do transactions. That’s a whole different question, addressed by the Public/Private distinction. A public network can be used by the general public; a private one requires special access. Permissioned/Unpermissioned just refers to who can operate the network.

A non-blockchain example of a network that is public but permissioned is ATMs. Anybody in the world can walk up to an ATM and use it, without special access. Thus it is public. But it is not the case that anybody in the world can operate an ATM. You might buy an old ATM second-hand, power it up, and turn it on–but unless banks agree to honor the transactions it does, it’s not going to work. A private permissionless network is one where only a few people can use the system, but anybody in the world can operate the node (or nodes can be configured and participate without any centralized help). An example of this would be a large conglomerate deciding to run a private instance of Ethereum for the benefit of all its subsidiaries. The conglomerate might announce that any division or department can set up a node, but say that only transactions submitted from IP addresses in its corporate intranet IP address range will be honored. Private permissionless is a little bit odd, and often permissions creep into them gradually.

Permissioned networks are helpful when you are worried about regulation (permissionless means there are few levers to control the behavior of the network providers). Permissioned are also capable of greater speed and scale than permissionless (broad generalization). Permissionless systems are naturally censorship-resistant.

Q. What is the user experience like in this brave new world of decentralized identity? How can I use decentralized identity (eID, etc) to get real work done? How do I keep track of all the keys and identity fragments that would be created in such a world?

Here’s a recorded demo that you might find interesting. It shows two sides of a decentralized identity ecosystem–a company, and a private person. The company is using a web application; the private person is using a mobile app. The person is trying to accomplish goals like buying an airplane ticket, proving things with credentials, and so forth. The web application is clunky; the user experience focus here is on the mobile app used by the private person. This demo assumes Sovrin (Indy) is the underlying plumbing. https://vimeo.com/262596133

Q. Most talk about identity centers on human beings. How do organizations and IoT things fit into the identity ecosystem?

Many decentralized identity approaches (including Sovrin and Indy, where I come from) explicitly welcome IoT things and organizations into the ecosystem. There are discussions underway on several fronts about using Sovrin for various IoT use cases, such as proving provenance of devices, securing device communication, and so forth. Organizational use cases are even more mature, with many companies and governmental organizations deploying. One public and advanced example is the Verifiable Organizations Network sponsored by the government of British Columbia in Canada.

The Sovrin Trust Framework (the constitution that Sovrin uses to run an instance of Indy) discusses the relationships of all these types of entities in section 3.2.

Q. Can a decentralized identity that is based on an immutable blockchain be deleted?

(This may relate to the question about GDPR compliance; see above for more on that.)

It depends on what you mean by “deleted”, and what you mean by “based on blockchain.” If an identity owner writes key personal info to an immutable ledger, then deleting such info will be a problem. Indy solves this problem by using the public ledger only for information about entities that don’t have a right to privacy (such as organizations or IoT devices), and requiring private individuals to store their info in a private file called a microledger. This microledger has some nice ledger characteristics–it is tamper-resistant and append-only–but the individual can always delete the file to remove all evidence of themselves.

Q. This is all utopian. Why should businesses give away their data and cooperate in this fashion? Will it take forever for the world to adopt decentralized digital identity? What about vulnerable populations who don’t own a lot of tech?

One incentive that institutions have to adopt this technology is regulation. GDPR, HIPAA, ePrivacy, and other legal requirements are forcing companies to adopt some sort of game-changing identity solution, because traditional approaches are simply too expensive or too hostile to the privacy and user-control standards that governments are demanding.

Another incentive is cybersecurity. If you were the CISO of a large company with many customers, would you feel more secure using traditional identity, where you have a large trove of information about customers that represents a juicy hacking target (including for malicious insiders)–or would you prefer to leave sensitive data in the hands of customers, with the option of looking it up from them whenever you needed it? Leaving it with customers shifts legal burdens in a huge way…

A third incentive is the possibility of eliminating middlemen. Every company would prefer to have a rich, direct interaction with its customers. Today, however, most companies are forced to have a relationship that’s mediated or brokered by some third party. They buy demographic data from data brokers; they contract with ad networks who profile and qualify people to see advertisements; they pay credit reporting agencies to identity proof customers by asking the customers when they last bought a home. All of these relationships cost businesses money and diminish the richness and power they’d like. What they’d prefer, instead, is to reach out to customers directly, knowing they can trust what customers tell them, and to have unfettered interactions with very high trust and a wonderful experience for customers.

These changes are expensive, but their benefits are so attractive that many large organizations are actively exploring the possibilities. This includes multinational banks, the travel industry, the healthcare industry, national governments, universities, and so forth.

Regarding vulnerable populations, the UN and numerous NGOs that work with vulnerable populations are striving to make this technology free and accessible to refugees, children, and those who are displaced or who live away from the internet. The Sovrin Foundation has an Identity for All committee that has interesting stories to tell…

Q. How does Indy compare to Showcard, Civic, uPort, and similar offerings? Is there any effort at compatibility or cooperation or standards?

There are efforts to cooperate. Some of them are taking place in the open, at the W3C, the DIF, and Hyperledger. Most of these efforts are midway through their lifecycle–not brand new, but not frozen into a standard yet. I am feeling very hopeful that these efforts will bear substantial fruit. You are welcome to attend community meetings at Hyperledger; see the community calendar.

I tried to take a platform-neutral stance on decentralized identity in my webinar. I can’t be perfectly objective, though, since I am a practitioner in the space. So please filter my comparison of these technologies through that lens.

All of these technologies are similar in the sense that they involved identity and blockchain. However, they use blockchain differently. They have different beliefs about what belongs on the blockchain, which blockchain to use, how to pay for the blockchain, who should control the ecosystem (if anybody), how to achieve privacy, how much privacy to aim for, and so forth. These differences manifest in different business models, different costs, different assumptions about the basis for trust, and so forth. I respect their people as bright, informed thinkers. I hope they view me as a collegial competitor. 🙂

It’s worth noting that Indy is not a product; it is an Apache 2-licensed codebase that anybody can use for free. Sovrin (an instance of Indy running with a specific constitution) is closer to being a direct analog to these commercial offerings than Indy is. Sovrin is also free.

FWIW, I believe that only Sovrin has a compelling, mature story about personal privacy, and about GDPR compliance. See http://bit.ly/2taHIR8 for more details.

Q. Isn’t there a better onboarding story than “scan your driver’s license and we’ll have our AI check it for fraud–then magically you get a digital identity”? Can we help people develop decentralized identities from birth?

Yes! Sovrin believes that digital credentials should be issued directly, and there are several initiatives underway that demonstrate exciting progress. For example 3 states in the United States are exploring the issuance of digital birth certificates. There is also effort underway among NGOs working with the United Nations to onboard vulnerable persons with a decentralized, self-sovereign, digital identity.

Q. Indy maturity — when will Android support be available, is Fabric further along, can we build something with this today?

The first network built on Indy launched publicly on July 31, 2017, running version 1.0 of Indy. Its SDK released in August of 2017. The demo mentioned above runs against software that’s now about a year old. Parts of the system are moderately mature.

That said, it is true that Indy (and really almost everything in the blockchain space, except for the core Bitcoin and Ethereum ledgers) is a very young technology, and it continues to evolve rapidly. Indy is just now finishing up the due diligence to graduate from Hyperledger incubator status. iOS support for Indy has existed for about 9 months, and Android support comes online in the next month or so. Standards efforts are forcing some evolution. If you’re a programmer, the SDK for this environment supports some common programming languages (python, java, C#, Rust, Go, Node.js) but not every language you might want. In addition, the Indy ledger, despite running as Sovrin for a year, still lacks some experience doing battle with hackers and spammers. So this is a good question; only a specific evaluation of your use cases will tell you whether it’s a good foundation for a business solution today.

Q. What consensus algorithm does Indy use?

Indy uses a modified version of RBFT called Plenum.

Missed the live webinar? Watch the on-demand replay of Decentralized Identity, Distilled today.

Developer Showcase Series: Markus Sabadello, Danube Tech

By Blog, Hyperledger Indy

We have another Developer Showcase blog ready! This series serves to highlight the work and motivations of developers, users and researchers collaborating on Hyperledger’s projects. Next up is Markus Sabadello from Danube Tech. Let’s see what he has to say!

What advice would you offer other technologists or developers interested in getting started working on blockchain?

You probably already have a good technical understanding of how blockchain works. You already know that blockchain is more than Bitcoin. You know that there are many different types of blockchains with different features and properties. You also know that blockchain is not a panacea, that it is sometimes over-used, and that blockchain is often just a small piece of a bigger solution.

Since you know all that already, my advice would be, let’s now try to understand why there is such high interest in blockchain, and why so many individuals and companies are working with this technology. Is it because blockchain is a novel solution for technical challenges such as security and stability? Or is the rise of blockchain mostly about profit and new business models? Or is it about a desire for a utopian new world with more democracy, transparency and without authorities?

Today, it is becoming clearer that technology is not always neutral. It tends to have built-in assumptions and objectives. The design of technical architectures and algorithms can imply and support certain world views and values. Some of the currently existing digital infrastructure is perhaps based on paradigms and assumptions that has resulted in adverse effects for our political and social structures.

As engineers and developers, we have a special responsibility here. Therefore, when you start working with blockchain, try to not only find the best technical solution for your use case, but also consider what deeper human effects your algorithms and data structures will have once they get deployed and used in the real world.

Give a bit of background on what you’re working on, and let us know what was it that made you want to get into blockchain?

I have worked on digital identity technologies for a long time, the question of who we are, how we present ourselves, and what do others know about us in the digital world. There’s this concept of user-centric identity, and more recently self-sovereign identity, which places individuals at the center of their online relationships and transactions, and gives us all the ability to create, manage, use, and destroy our online identities according to our own rules.

In classic identity technologies such as OpenID, SAML, WebID, etc., the act which establishes a digital identity for an individual always introduces a dependency on an external entity that has to be trusted in some way. In these systems, digital identity is always represented as an account in some service provider’s database, or as an identifier managed by some registration authority.

With blockchain or distributed ledger technology, we realize that now for the first time we have a way to establish digital identity without such dependencies on identity service providers.

In a joint effort of several communities such as the W3C Credentials Community Group, the OASIS XDI Technical Committee, the series of Rebooting-the-Web-of-Trust workshops, and the Internet Identity Workshop, we then began developing the concept of a Decentralized Identifier (DID), which will become a base building block for higher-level identity data formats and protocols. This is currently my focus at Danube Tech.

What project in Hyperledger are you working on? Any new developments to share? Can you sum up your experience with Hyperledger?

The only Hyperledger project I work on is Hyperledger Indy, and I am not among the most active direct contributors, but everything I work on is connected to it. It is a codebase for a distributed ledger, which unlike most others is specifically being built for digital identity that is decentralized, independent, and follows privacy-by-design principles. Indy offers functionality and components for registering DIDs on a ledger, for privacy-preserving cryptography, and for so-called agents, which are off-chain components that exchange verifiable identity data on an identity owner’s behalf.

I can share that there are currently dozens of proof-of-concepts happening around the world using the Indy software, involving well-known major corporations, but also non-profits, academic institutions, and governments. Here in Austria, we have a consortium of several large companies jointly experimenting with Indy, and I think we will soon see plans for concrete products, applications, and services, that will transform the way how identity works online.

I was already part of this project and its community before it was accepted into Hyperledger incubation, but I can definitely say that Hyperledger has really accelerated Indy both in terms of the provided infrastructure, but also credibility and community support.

What is the best piece of developer advice you’ve ever received?

One good advice for developers I have received a few times is “sleep is more important” – but then again, it’s not always true, is it? 🙂

What technology could you not live without?

My pen that I use for writing down thoughts and taking notes during conferences.

Developer Showcase Series: Jean-Louis (JL) Marechaux, JDA Labs

By Blog, Hyperledger Composer, Hyperledger Fabric, Hyperledger Indy

Image: Jean-Louis (JL) Marechaux, JDA Labs

We return back to our Developer Showcase blog series, which serves to highlight the work and motivations of developers, users and researchers collaborating on Hyperledger’s projects. Next up is JL Marechaux from JDA Labs. Let’s see what he has to say!

What advice would you offer other technologists or developers interested in getting started working on blockchain? 

The first advice I would offer is what I give on every single new technology adoption: Clearly identify the business need, and make sure that blockchain is appropriate to meet business needs. Blockchain is not a silver bullet. There are a couple of use-cases where blockchain is absolutely not the right answer. Be sure you assess blockchain applicability in your context.

I would also recommend to take an incremental and iterative approach for new Blockchain initiatives. Decompose your business problem to identity a simple use-case, something that can be described as an agile story. Implement this first story in a small prototype, to get familiar with core blockchain concepts. Then incrementally add new capabilities to your blockchain solution.

There are plenty of resources to help when you start a blockchain project. I personally recommend the Hyperledger online documentation, as it cover the key concepts and provide practical tutorials. Moreover, a tool like Hyperledger Composer is an easy way to define and test a business network with minimal investment. To me, Composer is a pretty good platform for an early blockchain prototype.

Give a bit of background on what you’re working on, and let us know what was it that made you want to get into blockchain?

I work at JDA Labs, which is the R&D entity of JDA Software. The company has a focus on the supply chain and the retail industry, and we provide software solution to support the digital transformation of our customers. Because we are interested in digital transactions between multiple parties, blockchain seems to be a natural fit to address some automation and traceability problems. When products transit all over the world, through multiple countries and multiple companies, I believe that blockchain can help provide a better end-to-end visibility of the supply chain.

I started to be interested in blockchain when I was working at IBM. Around 2015 or 2016, I was part of an internal initiative to identify blockchain use cases for different industries. I had the opportunity to discuss with people far more knowledgeable than me in this area, and to learn basic concepts. When I started at JDA, I was exposed to a new business domain, and it quickly became obvious that blockchain could improve supply chain transparency and traceability. So I decided do more research and experimentation in this area.

As Hyperledger’s incubated projects start maturing and hit 1.0s and beyond, what are the most interesting technologies, apps, or use cases coming out as a result from your perspective?

I see a lot of value in all the Hyperledger projects, so it is difficult to mention just a few.

But given my current job and my focus at this time, I would select Hyperledger Fabric and Indy.

Because it supports permissioned networks, Hyperledger Fabric seems appropriate in a supply chain environment where participants are usually known and vetted. The channel capability in Fabric provides a data partitioning mechanism to restrict visibility to some participants, which is required for some some business transactions. Hyperledger Fabric is based on a modular and scalable architecture to support most business needs.

I have not explored Hyperledger Indy capabilities yet, but given the nature of a blockchain business network, it seems important to have a strong mechanism to manage decentralized identities.

In addition to the blockchain frameworks, I am quite interested in the different tools (e.g. Composer , Explorer) that are developed under the Hyperledger umbrella to facilitate and accelerate blockchain adoption.

What’s the one issue or problem you hope blockchain can solve?

As a consumer, I always wonder where the products I buy are coming from. I can sometime get that information reading the product label, but can I really believe what is written? Why should I trust the organic certification body? Organic food fraud is massive. Traceability on fair trade products is weak. Provenance of consumer goods is nearly impossible to obtain.

Blockchain technologies can solve this problem by enabling full transparency and traceability on products. As a consumer, I would love to be able to scan a product in a store with my smartphone and get the proof of origin through a blockchain.

What is the best piece of developer advice you’ve ever received?

“If you want to eat an elephant, do it one bite at a time.” This comes from an old saying, but I remember receiving that advice for software development, long before Agile practices were popular. To be able to deliver complex software solution, it is important to have the big picture first, to understand the end goal. But then the best approach to deliver the solution is to adopt a step by step approach to incrementally develop the software.

And of course, I was told many times to read the manual. The “RTFM” acronym cannot be repeated often enough.

I think those two tips are relevant for any blockchain project.