Identity Archives – Hyperledger Foundation

Jul 26

What’s on the agenda at Hyperledger Global Forum 2022

By Hyperledger Blog, Climate, Finance, Hyperledger Global Forum, Identity

We are just weeks away from gathering in Dublin, Ireland, for Hyperledger Global Forum 2022. The hard-working programming committee has put together a packed agenda with a line-up of business and technical talks and panels as well as workshops, demos and more.

There will be more than 100 speakers covering everything from DLT operations to the future of NFTs & tokenomics and from the Metaverse to interoperability. Below are just a sampling of the topics and sessions on tap for the largest global gathering of the Hyperledger community, taking place September 12-14:

Climate

Blockchain – Sustainable Supply chain, SDG, Climate & Carbon Credit Tokenization – Kamlesh Nagware, Snapper Future Tech
Cactus Helps Cross-Industries Collaboration to Tackle Climate Change – Shingo Fujimoto, Fujitsu
Panel Discussion: Carbon Accounting Digital Trust Pilot With Hyperledger Indy/Aries – Nancy Norris, Government of British Columbia; Martin Wainstein, Open Earth Foundation; Kyle Robinson, Mines Digital Trust
Under National Strategy of Carbon Neutralization, How To Build Up a Whole MRV System With Hyperledger Fabric – Dong Ning, China Mobile

CBDC

Hyperledger Iroha: Enabling CBDC and FinTech Use Cases (Bakong CBDC in Cambodia) – Makoto Takemiya, Soramitsu
Towards a Scalable, Privacy-Preserving, and Regulatable CBDC Framework – Mark Rakhmilevich, Oracle
US Digital Currency: Opportunities, Challenges and Strategies – Jim Mason, DTCC
Creating a Retail CBDC Prototype With Hyperledger Fabric – Imre Kocsis, Budapest University of Technology and Economics
Making Distributed Ledgers Interoperable Using Weaver (Hyperledger Labs) – Venkatraman Ramakrishna, IBM
Workshop: Moving Central Bank Digital Currency from Conception to Reality with Hyperledger Technologies – Elli Androulaki & Angelo De Caro, IBM

Digital Identity

Enabling Interoperability and Multi-Ledger Support for Decentralized Identity Platforms – Hitarshi Buch, Wipro Technologies
Findy Agency — Highway to Verified Data Networks – Laura Vuorenoja & Harri Lainio, OP Financial Group
Digital Identity Using the vLEI – Christoph Schneider, Global Legal Entity Identifier Foundation (GLEIF)
Blockchain, Biometrics and Geo-Location: Lessons Learned from the Implementation of Innovative Technologies at the United Nations Joint Staff Pension Fund – Dino Cataldo Dellaccio, United Nations Joint Staff Pension Fund & Shashank Rai, United Nations International Computing Centre (UNICC)
Hosted Discussion: Rhode Island Leads on Digital Identity Solutions with Hyperledger – Liz Tanner, State of Rhode Island & Jim Mason, DTCC
Last Mile Problem in Self-Sovereign Identity – Biometric Authentification and Device Independent Wallet for Hyperledger Indy – Non Kawana & Ken Naganuma, Hitachi, Ltd.
Workshop: How To Build a Self-Sovereign Identity Agent With Hyperledger Aries Framework JavaScript – Timo Glastra & Berend Sliedrecht, ANIMO & Jakub Koci, ABSA

Enterprise Blockchain

Taking on Challenges of Enterprise Blockchain Infrastructures – Dr. Ravi Chamria & Ghan Vashishtha, Zeeve
Latest Technology Adoption Trends in Enterprise Blockchain Projects – Jim Zhang, Kaleido & Tracy Kuhrt, Accenture
Solving Market Problems With Open Source Verifiable Credentials – Heather Dahl, Indicio & Mike Vesey, IdRamp
Design Patterns to Practically Scale Blockchain Networks – Deepika Karanji & Arun S M, Walmart Global Technology Services
Why You Shouldn’t Just Trust Your Blockchain – And Apply Critical System Design – Imre Kocsis, Budapest University of Technology and Economics

Hands-on ½ Day Workshops

Workshop: Moving Central Bank Digital Currency from Conception to Reality with Hyperledger Technologies – Elli Androulaki & Angelo De Caro, IBM
Workshop: How to Build Full-Stack Web3 Apps Faster with FireFly SuperNodes – Nicko Guyer, Kaleido
Workshop: Developing Interoperability Applications with Hyperledger Cactus – Peter Somogyvari, Accenture
Workshop : Developing Applications with Hyperledger Fabric – Josh Kneubuhl, IBM
Workshop: Hyperledger Bevel – Sownak Roy & Suvajit Sarkar, Accenture
Workshop: How To Build a Self-Sovereign Identity Agent With Hyperledger Aries Framework JavaScript – Timo Glastra & Berend Sliedrecht, ANIMO & Jakub Koci, ABSA

Come join us for these sessions and more as well as non-stop networking, knowledge sharing and collaboration. And a night of celebration at the historic Guinness Storehouse! View the full schedule, sponsors and activities at: https://events.linuxfoundation.org/hyperledger-global-forum/program/schedule/

Registration details are here. Save 20% registration with the code HGF22NWSLTR and, if you are not already a subscriber, please subscribe to our newsletters for the latest news and developer insights.

Still not sure why you should attend? Watch our Hyperledger Global Forum Returns video thanks to our returning Diamond Sponsor Accenture.

Jul 21

Love0

Developer showcase series: Daniel Bluhm, Indicio

By Hyperledger Blog, Developer Showcase, Hyperledger Aries, Hyperledger Indy, Identity

Back to our Developer Showcase Series to learn what developers in the real world are doing with Hyperledger technologies. Next up is Daniel Bluhm, Software Engineer at Indicio.

Give a bit of background on what you’re working on and how you got into blockchain

I am currently working on Hyperledger Aries Cloud Agent – Python and other agent implementations. I spend most of my days working on agents and protocols. I first got into blockchain at the Sovrin Foundation where I got my start as an associate software engineer. I was actually around at the founding of the agent ecosystem, back when we all collaborated in the Hyperledger Indy Agent Working Group. I was one of the first implementers and continued working with it as the community grew. Eventually it snowballed into the Hyperledger Aries project.

What Hyperledger frameworks or tools are you using in your projects? Any new developments to share? Can you sum up your experience with Hyperledger?

I really like where things are going with the Aries Cloud Agent – Python repo, driving towards more pluggability and making it so we can extend functionality without changing the core project itself. I am also excited to get did:indy method support into Hyperledger Indy, as well as multi-ledger support in ACA-Py.We already have reads down, so now we’re just working on the writes.

What do you think is most important for Hyperledger to focus on in the next year?

We have a really diverse and thriving community in the Hyperledger Aries space; what we really need going into 2022 is a push for greater adoption of the technology and getting it into the hands of people who aren’t engineers. I would also really like to see a focus on encouraging more interaction with the Hyperledger Indy project, especially after seeing how positively this affects our work with Hyperledger Aries.

What advice would you offer other technologists or developers interested in getting started working on blockchain?

The biggest piece of advice I could give is to not be afraid to step in, contribute, and break stuff. It doesn’t matter if your pull request isn’t perfect.The maintainers of the project will work with you to get it right.

As Hyperledger’s projects continue to mature, what do you see as the most interesting technologies, apps, or use cases coming out as a result?

The technologies that are most interesting to me are the ones that allow us to use multiple different technologies at the same time – which is exactly what we’re striving for in Hyperledger Aries. This enables us to take advantage of the strengths of one technology – be it blockchain, communication, protocol, crypto suite, or something else – and use those strengths to shore up the places where another technology might fall short. Beyond that, anything that makes it easier and more efficient for the end user will be a huge step in the right direction.

What’s the one issue or problem you hope blockchain can solve?

The biggest problem that I would like to see blockchain solve is power imbalances. This applies across the board, to finance, representation in government, data used and collected by big orgs, and other scenarios we just haven’t thought up yet. I’d like to see blockchain enable individuals to have a say in how they are treated and be more self-deterministic – they should have at least some level of control over what’s running their lives.

Where do you hope to see Hyperledger and/or blockchain in five years?

I would like to see Hyperledger and blockchain technology in general in the hands of real people. They don’t necessarily need to be aware that they are using a blockchain. In fact, I think there are some really good arguments to the contrary. But it should be a positive influence in their lives as it is used day to day. I would like to see the blockchain space settle down, drop some of the hype, and just be used for what it’s good at.

What is the best piece of developer advice you’ve ever received?

No one gets it right on the first try. Don’t be afraid to make mistakes, break tests, crash CI/CD pipelines, or push broken code. Don’t do it intentionally, of course, but the faster you can get at shortening the “experience a failure, find the problem, implement the fix” cycle, the faster you’ll learn and master your code. In short, don’t be afraid to break stuff. Just give it a shot and learn from the result.

When a problem or change needs to be made in the future, the developer then can see what your thought processes were for writing the code you did.

What technology could you not live without?

I could not live without Git. Without it it would be nearly impossible to get any code written and submitted. It’s part of my everyday workflow and even crucial in my hobby projects.

Jul 06

Love2

Introducing Hyperledger Aries Framework JavaScript 0.2.0

By Karim Stekelenburg, Hyperledger Aries Framework JavaScript Maintainer and Animo Solutions Co-founder Blog, Hyperledger Aries, Identity

About half a year before we started Animo Solutions, my co-founders and I discovered Hyperledger Aries Framework JavaScript, an open source JavaScript/TypeScript framework designed to create interoperable self-sovereign identity solutions. At the time we were just getting acquainted with the concept of SSI. Just the idea that we could use TypeScript to build made our lives so much easier and the tech so much less daunting. It turned into one of the building blocks of our company, and I would end up becoming a maintainer and strong advocate of Hyperledger Aries Framework JavaScript. Now, after two years of hard work by the community, we’re excited to announce the 0.2.0 release of the framework. In this article, I’ll take you through what this newest release entails and why it will change the way self-sovereign solutions are built.

Hyperledger Aries Framework JavaScript (AFJ) is a framework written in TypeScript for creating interoperable self-sovereign identity (SSI) solutions. The framework has two main focus points. It aims to be as accessible as possible for any developer whether new or experienced in the world of SSI. It is also designed specifically for multi-platform development, so both server-side and mobile solutions can be built with the framework.

The framework has gained a lot of momentum lately. The community has been growing quickly with various governments and organizations stepping in. Our current contributor count is 37, and the working group calls now have around 10 active participants (as opposed to the two we had two years ago). The potential of the framework has become clear to developers other than us (the fanatics). For example, at Animo we recently received funding from the EU NGI eSSIF-Lab initiative to lift the framework to the next level regarding mobile development options.

The new Hyperledger Aries Framework JavaScript release (0.2.0) contains some incredible steps forward. Especially in our goal to make the framework AIP 2.0 compliant. AIP 2.0 compliance will not only ensure the framework supports the latest standards and protocols, but it will also greatly increase interoperability and make it more useful outside of the Hyperledger Indy ecosystem. Specifically, this release contains:

Full support for the out of band and did-exchange protocols
Postgres wallet support
- Previously the framework only supported SQLite. This addition ensures the framework is better suited for cloud infrastructure.
Wallet import/export support
- This addition enables users to migrate their wallet data to and from other Hyperledger Indy-based wallets.
Pickup protocol v2 for better control over interactions with the mediator
Support for the issue-credential-v2 protocol
- The issue credential and present proof v2 extend the framework with the ability to support multiple credential and proof formats. Instead of adding a separate API for the v2 protocols, we have put a lot of effort in designing a single, easy-to-use API that works with both versions and is extensible for later versions in the future. In the next release we’ll be adding support for the present proof v2 protocol.
Credential revocation and revocation notifications for holders and verifiers
- This allows holders to prove that a credential hasn’t been revoked and verifiers to verify this. The revocation notifications allow the holders to be informed about the fact that one of their credentials has been revoked, rather than discovering this when trying to present proof.
Full did:peer support
A generic DID resolver that currently supports did:key, did:web, did:sov and did:peer.
An upgrade assistant to help users update their wallets to newer versions of the framework
- As the framework evolves over time, some of the underlying data structures may change. With the upgrade assistant, we aim to make it as easy as possible for users to migrate.

We’re already working hard on version 0.3.0 that will, just like the 0.2.0 release, be packed with new features such as support for the W3C Verifiable Credential Format and BBS+ Signatures 2020, making the framework fully AIP 2.0 compliant.

Check out the 0.2.0 release here and the update instructions here. For general documentation, please see aries.js.org.

If you’re interested in Hyperledger Aries Framework JavaScript and its developments, we recommend you join the working group call (07:00 MT / 14:00 UTC on zoom) and check out the GitHub repo. If you want to discuss building a solution with the framework, feel free to reach out to me at karim@animo.id.

For hands-on experience with AFJ, join us at Hyperledger Global Forum (HGF) for the half day workshop: How To Build a Self-Sovereign Identity Agent With Hyperledger Aries Framework JavaScript. To get a 20% discount to attend HGF and learn more about Hyperledger Foundation Identity projects, use the code: HGFHLFWG22.

May 31

Love1

Hyperledger Ursa code review

By IDLab Blog, Hyperledger Ursa, Identity

(Le français suit l’anglais)

Hyperledger Ursa is a shared cryptographic library used to avoid duplicating cryptographic related code. The library is an opt-in repository (for Hyperledger and non Hyperledger projects) to place and use crypto.

Broad deployment of digital identity will depend on strong security to deliver the high levels of assurance required in many consumer transactions with their governments, their financial institutions, and other trusted organisations.

Leading advancements in decentralized identity, several originating in Canada, rely on the Hyperledger family of technologies. As such, Hyperledger Ursa is a central component depended upon to provide the security overlay for decentralized identity.

Rooted in a “trust but verify” mindset, several Canadian public sector entities and Interac (Canada’s interbank network) sponsored a project at the Digital Identity Laboratory of Canada (IDLab) to perform a security and cryptography code review of Hyperledger Ursa (full report is available here).

Those commissioning this project deemed it important to have an arms-length third party assessment of this foundational component of the Hyperledger family to understand the risks (if any) being assumed with the deployment and use of Hyperledger-base technology in the domain of decentralized identity.

Overview of Hyperledger Ursa library code review scope:

A code review that examined:

Entry points
Coding standards
Data storage and transfer
APIs and their security
Third party library usage
Programming language issue
Logic flaws

Cryptography best practices including examination of:

Cryptography and key management
Entropy
Best practice cryptography usage

The review did not include an assessment of the cryptographic algorithms foundation themselves, or their suitability. Examination was limited to assessment of sound implementation within Ursa.

Following the code review and the findings documented, the IDLab team worked closely with key Ursa contributors and the Hyperledger Foundation community to review and assess results. As a result, a number of enhancements were identified to address report findings.

Ultimately, the exercise concluded that Ursa provides a solid security footing for projects dependent on the Hyperledger family of technologies applicable to digital identity.

Review findings summary:

In general, the review noted a few relatively minor security defects, some implementation guidance, and some general observations for library improvement.

These can be briefly described as follows:

Minor build issues
Cautions to consider when building, primarily with third party libraries or integrations
Minor issues related to lack of support for message augmentation
Minor issues related to subgroup validation
An issue related to public key validation

For those interested in the full report, please have a look here. You can also learn more by viewing this webinar:

If you have any questions about Hyperledger Ursa, you can engage with the community on the Hyperledger Foundation’s Discord server for Ursa. If you want to learn more about IDLab, please visit www.idlab.org.

Revue de code Hyperledger Ursa

Hyperledger Ursa est une librairie cryptographique partagée utilisée pour éviter la duplication du code lié à la cryptographie. La librairie est un répertoire opt-in (pour les projets Hyperledger et ceux qui ne le sont pas) pour placer et utiliser la cryptographie.

Le déploiement à grande échelle de l’identité numérique dépendra d’une forte sécurité afin de fournir les niveaux d’assurance élevés requis dans de nombreuses transactions des consommateurs avec leurs gouvernements, leurs institutions financières et d’autres organisations de confiance.

Les principales avancées en matière d’identité décentralisée, dont plusieurs proviennent du Canada, reposent sur la famille de technologies Hyperledger. En tant que tel, Hyperledger Ursa est un composant central sur lequel on compte pour fournir la couche de sécurité pour l’identité décentralisée.

Dans un esprit «de confiance et de vérification» (en anglais, trust but verify), plusieurs entités du secteur public canadien et Interac (le réseau interbancaire du Canada) ont parrainé un projet au Laboratoire d’identité numérique du Canada (IDLab) pour effectuer une revue de code de sécurité et de cryptographie d’Hyperledger Ursa (le rapport complet est disponible ici, en anglais seulement).

Les initiateurs de ce projet ont estimé qu’il était important d’avoir une évaluation indépendante par un tiers de ce composant fondamental de la famille Hyperledger pour comprendre les risques (s’il y en a) assumés avec le déploiement et l’utilisation de la technologie basée sur Hyperledger dans le domaine de l’identité décentralisée.

Aperçu de la portée de la revue de code de la librairie Hyperledger Ursa :

Une revue de code qui a examiné :
- Les points d’entrée
- Les standards de programmation
- Stockage et transfert de données
- Les interfaces API et leur sécurité
- Utilisation de librairies de tiers
- Problèmes de langage de programmation
- Défauts de logique
Les meilleures pratiques en matière de cryptographie, y compris l’examen :
- De la cryptographie et la gestion des clés
- De l’entropie
- Des meilleures pratiques en matière d’utilisation de la cryptographie

L’examen n’a pas inclus une évaluation de la fondation des algorithmes cryptographiques eux-mêmes, ni de leur aptitude. L’examen s’est limité à l’évaluation de la bonne mise en place dans Ursa.

Après l’examen du code et la documentation des résultats, l’équipe d’IDLab a travaillé en étroite collaboration avec les principaux contributeurs d’Ursa et les membres de la communauté de l’Hyperledger Foundation pour examiner et évaluer les résultats. En conséquence, un certain nombre d’améliorations ont été identifiées pour répondre aux conclusions du rapport.

Ultimement, l’exercice a conclu qu’Ursa fournit une base de sécurité solide pour les projets qui dépendent de la famille de technologies Hyperledger applicables à l’identité numérique.

Résumé des conclusions de l’examen :

En général, l’examen a relevé quelques défauts de sécurité relativement mineurs, quelques conseils de mise en place, et quelques observations générales pour l’amélioration de la librairie.

Celles-ci peuvent être brièvement décrites comme suit :

Problèmes mineurs de construction
Précautions à prendre lors de la construction, principalement avec des librairies ou des intégrations de tiers
Problèmes mineurs liés à l’absence de prise en charge de l’augmentation des messages
Problèmes mineurs liés à la validation des sous-groupes
Un problème lié à la validation des clés publiques

Pour ceux qui souhaitent consulter le rapport complet, veuillez cliquer ici. Vous pouvez également en savoir plus en visionnant le webinaire ci-dessus (en anglais).

Si vous avez des questions sur Hyperledger Ursa, vous pouvez vous adresser à la communauté sur le serveur «Discord server for Ursa». Si vous souhaitez en savoir plus sur IDLab, veuillez consulter le site www.idlab.org.

May 02

Love0

Hyperledger identity community completes development of DID:Indy Method and advances toward a network of networks

By Char Howland and Daniel Bluhm Blog, Hyperledger Indy, Identity

New Hyperledger Indy updates pave the way for verifiable credentials to be issued and read on different networks, affirming Hyperledger as the most advanced framework for interoperable, decentralized identity

Earlier this year, the Government of British Columbia announced the “Indy DID Method Code With Us” challenge. The goals were to align the content that can be written in the DIDDocs published on Hyperledger Indy networks with the current World Wide Web Consortium (W3C) Decentralized Identifier (DID) Specification and to add a namespace element to DIDs (and other object identifiers) published on Hyperledger Indy networks, so users know on which of the many Hyperledger Indy networks the DID was created.

Hyperledger Indy is an open source project housed at the Hyperledger Foundation providing the codebase to create distributed networks, purpose-built for SSI and verifiable credentials. Networks built on Indy are some of the most mature and tested networks with self-sovereign identity (SSI) capabilities; but since they were developed before the publication of the World Wide Web (W3C) DID Specification, they needed to be brought into alignment.

While the Indy DID Method began as a community development effort within Hyperledger Indy, it needed a push to completion; hence the Code With Us challenge from the government of British Columbia. Indicio was awarded the challenge and went on to develop and complete several of the remaining components.

The result is that a credential issued using any Hyperledger Indy network (such as Indicio, Sovrin, Findy, Bedrock, IdUnion, etc.) can be processed by any verifier. This is because the objects in the verifiable presentation reference the Hyperledger Indy network used by the issuer. The Indy:DID Method lays the groundwork to make this possible.

This advancement in interoperability is significant. While issuers still need to be anchored in the specific Indy ledger of their choice, holders can seamlessly receive verifiable credentials from issuers rooted in different Hyperledger Indy networks, and be able to create verifiable presentations from any combination of those credentials. Likewise, verifiers will be able to verify presentations that include claims derived from credentials rooted in multiple Indy networks. The Indy:DID Method paves the way for Hyperledger Indy credentials to scale by allowing Indy networks to seamlessly interoperate, creating a global “network of networks” effect.

With the groundwork complete, networks and agent frameworks now need to incorporate the Indy:DID Method. This community adoption will increase the viability of the Indy and Aries project stack and position it to be the globally dominant way to issue and share verifiable credentials in a multi-ledger world.

To learn more about did:indy and the next steps for implementation, you are welcome to join the leading contributors from Indicio and BCGov at the Hyperledger Identity Implementers Call taking place, Thursday, May 5, 8:00 AM US Pacific (3pm UTC)

Note:

The Indicio team would like to thank BC Gov for funding this work and Dominic Wörner, another contributor to the Code With Us challenge, for his work on Indy VDR.

Where to find the work:
- PR to Indy Node: https://github.com/hyperledger/indy-node/pull/1740
- PR to Indy VDR: https://github.com/hyperledger/indy-vdr/pull/84
- Indy HIPE about did:indy: https://github.com/hyperledger/indy-hipe/tree/main/text/0164-did-indy-method
- Demo: https://github.com/Indicio-tech/did-indy-demo
Where to ask questions:
- Daniel Bluhm (Indy Node questions)
  - Discord: dbluhm#9676
  - GitHub: https://github.com/dbluhm
- Dominic Wörner (Indy VDR questions)
  - Discord: domwoe#9301
  - https://github.com/domwoe

Mar 14

Love0

Interoperability in the Open Source community

By Tim Spring, Indicio Blog, Healthcare, Hyperledger Aries, Hyperledger Indy, Identity

Without interoperability, you wouldn’t be able to read this article. Websites, computers, and servers must be able to recognize and share information with each other, and shared standards and protocols allow them to do so, thereby giving us the web. On a smaller scale, companies have their own intranets, and, on the smallest scale, you might have your own private thumb drive for personal documents that can interact with whatever machines you typically work on.

Interoperability is not a technological given or an inexorable process. It is a choice that needs to be actively made, and it can sometimes take considerable effort to make work. Think of electronic health care records and the years it has taken to make it easier for a patient to access their health data, something originally provisioned in a 2000 Privacy Rule to the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

Crises, however, can accelerate the slog to technological convergence—and that’s precisely what we’ve seen as a result of the global COVID-19 pandemic. In April 2021, a data-sharing provision of the 21st Century Cures Act came into effect: Patients must be able to have direct digital access to eight categories of clinical notes in an electronic health record, notably—given the need for COVID testing—lab test results.

Cometh the legislation, cometh the tech. Indicio and SITA had already been working on a decentralized, verifiable credential solution to integrate passenger health data with air travel in a privacy-preserving way. Built on Hyperledger Indy and Hyperledger Aries, the technology solved the problem of patient privacy by eliminating the need for a centralizing party to store patient data in order to facilitate verification.

With the Cures Act provision, there was now no obstacle to passengers in the US accessing their COVID test data directly from a Health Information Exchange in the form of a digital credential. They could use this credential to prove their test status without having to share personal information. In situations where it was important to know which test they had taken and when, they could choose to share this information with a verifier, such as the border control or health agency of the country they were visiting.

This solution is now known as the Cardea Project. Successfully trialed in Aruba, its codebase has been donated to Linux Foundation Public Health as an open source solution for sharing health data through verifiable digital credentials. It has an active community group, led by Indicio and Shatzkin Systems, that is working on expanding its features and, critically, its interoperability.

To do this, Cardea launched a hackathon for interoperability— dubbed an “Interop-a-thon”— in September 2021. The goal was to get companies using Aries agents to test those agents against a reference implementation of Cardea and each other. Over a half day, SITA, Liquid Avatar, IdRamp, GlobalID, Canadian Credentials Network, and Network Synergies all successfully interoperated. That’s the headline; the story, however, is that it took work to make this happen—it was an exercise in uncovering glitches, unexpected problems, and overcoming them. That’s what made the Interop-a-thon so valuable for all the participants—and that’s why Cardea is holding a second Interop-a-thon on March 17.

This time, in addition to agent testing, Cardea is going to field “out-of-band” invitations (a critical change coming to Hyperledger Aries at the end of March) and a simple reference implementation of machine readable governance (a way of adding governance rules at the agent level, thereby making governance portable and available offline).

Participants see interop-a-thons as a testing ground for interoperability, and therefore a way to ensure that the products and services they are building have the capacity to scale. This is a critical step toward achieving a network of networks effect. Not surprisingly, the number of participants signed up for the next Interop-a-thon is much greater than the first.

For Cardea, there are more and bigger trials on the way. And with each solution delivered, the scope for expansion becomes greater. If we can successfully implement a system for incorporating health data in travel, what about all the other clinical notes described by the Cures Act? What’s the roadmap to creating a decentralized health record?

This is the perfect challenge for an open source community to solve. And by testing the solution through an interop-a-thon, we can figure out how to make the many function as one.

If you want to learn about interoperability first hand, I highly encourage you to watch the video of their last Interopathon here: https://www.youtube.com/watch?v=KVywPPLhG0U. For more details or to register for the next event on the 17th of March, go here: https://docs.google.com/forms/d/e/1FAIpQLSdpQmjxnYqohk0SfleulNOJXYsi1bhVhMjeGP5MxBMxCa-9TA/viewform

Apr 29

Love1

Hyperledger-Powered Digital Identity Solutions at Work

By Hyperledger Blog, Hyperledger Fabric, Hyperledger Indy, Identity

As the world continues to grapple with COVID-19, there is an upswing in interest in digital identity technologies and their potential to underpin new health passes, travel credentials and other pathways to restarting economies that are effective, secure, accessible and privacy preserving.

For more on these efforts, read up on the work of the Good Health Pass Collaborative.

Stephan Curran’s post on Why Distributed Ledger Technology (DLT) for Identity? also offers a good explanation of sudden and urgent issues driving interest in identity and the role of Hyperledger technologies in delivering solutions.

Advances on these fronts are fostering important new developments. However, digital identity solutions are reshaping other industries as well. Read on for a sampling of Hyperledger-powered solutions that are in production now, bringing innovation to the telecom, supply chain, education and training and financial services markets:

Alastria ID over Red H+

Alastria ID, a project of Alastria, the Spanish association that promotes the development of solutions based on decentralized ledger technologies, is focused on decentralized identity management. It is a self-managed identity model based on the World Wide Web Consortium (W3C) Verifiable Credentials standard designed to facilitate compliance with the General Data Protection Regulation (GDPR) for individuals, companies, organizations and entities. The use of credentials issued on different networks will enable interoperability across multiple applications.

Telefonica and Inetum have partnered to implement Alastria ID in a Hyperledger Fabric production environment in Alastria. Named “red H+” (H+ network), this implementation gives more than 500 members of Alastria access to a production grade infrastructure based on Hyperledger Fabric technology. Red H+ offers a free of charge Hyperledger Fabric environment for Alastria members, designed for the deployment of proofs of concept or production projects without demanding requirements, and a production-ready paying platform for those members interested in having certain levels of service and personalised and guaranteed response times, as well as value added services such as Alastria ID.

(Note: You can learn more about Alastria’s mission to promote the digital economy and how the Hyperledger community is involved in this May 5 webinar.)

MemberPass®

MemberPass is a digital credential solution that enables financial institutions to instantly verify financial credentials seamlessly across all consumer contact points in a highly secure and privacy-preserving manner. It is the flagship product of Bonifii, the financial industry’s first verifiable exchange network designed to enable trusted digital transactions using open standards and best-of-breed security technologies. Because MemberPass is built on Hyperledger Indy, credit union members can retain full control of their private personal information. The credential is secure and flexible. It allows the member to reveal only the data necessary for a given transaction. (See more on MemberPass adoption here.)

SnapCert

SnapCert is a blockchain-based Credential Authentication platform for universities, colleges and institutes. Offered as a SaaS platform by Snapper Future Tech, SnapCert equips education customers to issue and verify credentials on a blockchain, ensuring no fraudulent credentials can be issued in their name.

Customers include Kushal, a social organization that trains unskilled labour under Indian government National Skill Development program. With SnapCert, verifiers can get real-time verification of Kushal credentials directly from the primary source of the data simply using the last four digits of the credential holder’s Aadhaar id and the name. The solution solves the problem of misplaced paper credentials and reduces the trust deficit by providing easy access to credible credentials that prove the holder’s construction training. It also helps Kushal manage long term record keeping for the skilled workers, connect stakeholders that need the data and increase transparency and ease of doing business.

SnapCert is built using Oracle Blockchain, which is powered by Hyperledger Fabric.

Trust Your Supplier

Built on Hyperledger Fabric blockchain technology, Trust Your Supplier provides organizations a trusted exchange of information across an encrypted blockchain environment to minimize risk and fraud throughout the onboarding and life cycle of partnerships.

A single, digital identity for suppliers can be shared with multiple buyers and business networks. This two-tiered supplier profile approach allows suppliers to be discovered by new customers without handing over unlimited access to their data. The Trust Your Supplier cross-industry blockchain network provides clear provenance and a single, shared, tamper-evident ledger. This is ideal for supporting auditing capabilities as it provides an immutable relationship history between parties.

Verified.Me

In our current digital landscape, securely accessing online services has never been more important. With Hyperledger Fabric, SecureKey Technologies established Verified.Me, Canada’s leading digital identity network which helps verify consumers’ digital identity so they can access the services and products they want. With Hyperledger’s support, SecureKey has put user consent at the forefront and in control of when, why and with whom their personal information is being shared. This collaboration is critical to progressing the digital identity landscape in Canada and globally.

Join the conversation about blockchain-based identity technologies and solutions with #HyperledgerIdentity this month on social channels. Also, Hyperledger has an Identity Working Group that is open to all.

Cover image by vectambulist from Pixabay.

Apr 29

Love1

MemberPass® is Gaining Adoption in Credit Unions

By Julie Esser, Bonifii Blog, Finance, Hyperledger Indy, Identity

Financial fraud isn’t anything new, and the extent of the crime can vary significantly. Forty-seven percent (47%) of US consumers experienced financial identity theft fraud in the past two years—in fact, every 15 seconds a financial fraud incident occurs. COVID-19 has only accelerated the growth of financial fraud. Losses due to identity theft increased by 42% from 2019 to 2020 primarily due to the COVID-19 pandemic, according to a recent study published by the Aite Group.

Today, there are multiple authentication steps in place in financial institutions thanks to the steady increase in cybercrimes. These high-tech frauds take assets from financial institutions and deliver a bit of reputation risk to their public image. Research demonstrates that consumers expect their financial institution to take active steps to mitigate financial risks. Consumers want protection, but they also want a fast and efficient user experience. Too often, each delivery channel is a silo with its own authentication method:

For example,

The call center uses knowledge-based questions
The lobby and drive-up require a driver’s license or other physical forms of identification
Online banking access calls for a username and password plus, often a two-factor authentication.

And consumers want more control over their personal data. In late September 2020, we commissioned a nationally representative survey to over 1,000 adults about their perceptions of MemberPass, Bonifii’s digital credential solution that enables financial institutions to instantly verify financial credentials seamlessly across all consumer contact points in a highly secure and privacy-preserving manner.

There were lots of noteworthy findings:

62% of credit union members said they would sign up for MemberPass if it were available.
56% of respondents who are satisfied with their financial institution would use MemberPass.
67% of consumers would feel more positive toward their financial institution if MemberPass was offered.
50% of consumers would sign up for MemberPass today if a security breach had impacted their account or if they had been identity theft victims.

There is a better way for financial institutions and consumers!

Since its launch in early 2020, MemberPass has been gaining momentum among credit unions and with the members they serve. MemberPass is the financial industry’s first digital credential solution that enables credit unions to instantly verify financial credentials seamlessly across all consumer member contact points. Because MemberPass is built on Hyperledger Indy, credit union members can retain full control of their private personal information. The credential is secure and flexible. It allows the member to reveal only the data necessary for a given transaction. Best of all, it’s impossible to hack or steal.

So far this year, we have seven active MemberPass implementations with another ten more credit unions planning their deployments in the next six months. Our active programs have gotten MemberPass credentials into the hands of about 20,000 members to date.

After we make a program sale, we continue to work closely with our credit union clients. We present each of them with a personalized copy of the MemberPass “Jump Start” playbook. This is a comprehensive toolkit to help the credit union increase the level of member adoption of MemberPass.

The playbook contains product benefits, consumer need identification tools, call center and drive-through workflow models, marketing strategies, incentive programs, and more. Our adoption goal is to get between 5-10% member adoption within six months of the “go live” date.

The demand for decentralized identity among financial institutions is only getting stronger—and, best of all, no one but the consumer owns his or her personal data!

Cover image: Hloom via Flickr / CC BY-SA, 401(K) 2013

Apr 21

Love1

Why Distributed Ledger Technology (DLT) for Identity?

By Stephen Curran, Hyperledger Aries Maintainer, Cloud Compass Computing Inc. Blog, Hyperledger Aries, Hyperledger Indy, Hyperledger Ursa, Identity

As we continue our pandemic journey that is 2021, more and more people are getting vaccinated against COVID-19. Once vaccinated, people are (finally!) able to do more “in the real world.” However, in some cases such as international travel, there is a need to prove that you have been vaccinated before you can participate. In the past, that proof has been accomplished in the form of the paper World Health Organization Carte Jaune/Yellow Card. But in our 21st century pandemic, a handwritten paper document is not particularly trusted. It’s just too easy to buy or make your own. The sudden, urgent need to be able to prove health information in a safe, privacy-preserving and secure way has brought the spotlight on the concept of verifiable credentials and, for Hyperledger, on the three identity-focused projects in the community, Indy (a distributed ledger for identity), Aries (data exchange protocols and implementations of agents for people, organizations and things), and Ursa (a cryptographic library underlying Indy and Aries).

While people understand that paper credentials are insufficient and that a trusted digital solution is needed, they don’t understand why verifiable credentials, or more generally, identity, works extremely well with distributed ledger technology (DLT)—a distributed database spread across multiple nodes, of which blockchain is an example. To be clear from the start, it is not to put the credentials on a public ledger so everyone can see them! We’ll reiterate that a lot in this post. No private data ever goes on the blockchain!!!

To understand why DLT is useful for identity, we need to go back to the basics—paper credentials, how that model has worked for 1000s of years, and how the use of DLTs with verifiable credentials allows us to transition the great parts—security and privacy—of that model to the digital age.

Since as far back as 450BC, people have used paper credentials to enable trusted identity. Legend has it that King Artixerxes of the Persian Empire signed and gave Nehemiah a paper “safe transit” authorization that he used in travels across the empire. People have been using such documents ever since. In technical terms, a credential is an attestation of qualification, competence, or authority issued to an entity (e.g., an individual or organization) by a third party with a relevant or de facto authority or assumed competence to do so. Examples of credentials issued to people include a driver’s license, a passport, an academic degree, proof-of-vaccination and so on. Credentials are also issued to companies, such as business registrations, building permits, and even health inspection certifications.

Examples of Paper Credentials
*By Peter Stokyo,* *peter.stoyko@elanica.com, Licensed under* *CC By 4.0*

The Paper Credential Model
By Peter Stokyo, peter.stoyko@elanica.com, Licensed under CC By 4.0

Verification in the paper credential model (ideally) proves:

Who issued the credential.
That the credential was issued to the entity presenting it.
That the claims have not been altered.

The caveat “ideally” is included because of the real possibility of forgery in the use of paper credentials. Back to our “proof-of-vaccination” problem.

Let’s see how the good parts of the paper credential model are retained in the verifiable credentials model. With verifiable credentials:

An authority decides you are eligible to receive a credential and issues you one.
You hold your credential in your (digital) wallet—it does not go on the distributed ledger!
At some point, a verifier asks you to prove the claims from one or more credentials.
If you decide to share your data with the verifier, you provide a verifiable presentation to the verifier, proving the same three things as with the paper credentials.
Plus: You may be able to prove one more thing—that the issued credentials have not been revoked.

As we’ll see, verifiable credentials and presentations are not simple documents that anyone can create. They are cryptographically constructed so that a presentation of the claims within a credential proves four attributes:

Who issued the credential–their identifier is part of the credential and they signed the credential.

Who holds the credential–there is a cryptographic binding to the prover.
The claims have not been altered–they were signed at the time of issuance.
The credential has not been revoked.

Unlike a paper credential, those four attributes are evaluated not based on the judgment and expertise of the person looking at the credential, but rather by machine using cryptographic algorithms that are extremely difficult to forge. Like the paper credential, the verifier does not go back to the issuer to ask about the credential being presented. Only the prover and verifier, the participants in the interaction, need to know about the presentation. So where do the prover and verifier get the information they need for their transaction? We’re just getting to that…

The Verifiable Credentials Model
By Peter Stokyo, peter.stoyko@elanica.com, Licensed under CC By 4.0

Compared to the paper credentials model, verifiable credentials are far more secure. When the cryptographic verification succeeds, the verifier can be certain of the validity of the data—those four attributes stemming from verifying the presentation. They are left only with the same question that paper credentials have—do I trust the issuer enough

So where does the DLT fit in?

Three of the four things that the verifier has to prove (listed above) involves published data from the issuer that has to be available in some trusted, public distributed place, a place that is not controlled by a central authority (hmm…sounds like a DLT!). In Indy and Aries, data published to a DLT is used to verify the credential without having to check with the issuer. In particular:

The verifier has to know who issued the credential based on an identifier and cryptographic signature. From the presentation, it gets an identifier for the issuer, looks it up on a DLT to get a public key associated with the issuer to verify the signature in the presentation. Thus, the identity of the issuer is known.
The verifier has to verify that the claims data has not been altered by verifying a cryptographic signature across the data. Based on an identifier for the type of credential, the verifier gets from a DLT a set of public keys and verifies the signatures. Thus, the verifier knows no one has tampered with the claims data.
The issuer periodically updates a revocation registry on a DLT indicating the credentials that have been revoked. If the holder’s credential is revoked, they are unable to create a proof of non-revocation (yes, that’s a double negative…). If the holder can generate that proof, the verifier can check it. Thus, the verifier knows the credential has not been revoked.

The fourth attribute (the binding of the credential to the holder) in Indy is done using some privacy-preserving cryptographic magic (called a Zero Knowledge Proof) that prevents having a unique identifier for the holder or credential being given to the verifier. Thus, no PII is needed for sharing trusted data.

So why DLT? First, we can get the good parts of paper credentials—private transactions between holders and verifiers and no callback to the issuer. Second, the issuer gets a trusted, open and transparent way to publish the cryptographic material needed for those private holder-verifier transactions. Third, there is no need to have a “Trusted Third Party” participating in the interactions.

And did I mention, no private data goes on the DLT!!!

Hyperledger Indy, Aries and Ursa are enabling this approach to “self-sovereign identity” in a big way, bringing about a new layer of trust on the Internet that will let us preserve our privacy and give us control over our identity and data—where it belongs. There is a lot to learn. If you’re curious, a great place to start is this Linux Foundation edX course.

Cover image by Nick Youngson CC BY-SA 3.0 Alpha Stock Images