In this video, Drummond Reed, Chief Trust Officer at Evernym Inc and co-author of the book ‘Self-Sovereign Identity’ provides a deep discussion of SSI and the ‘The Trust over IP Stack’.
Interviewed by Prabath Siriwardena, Deputy CTO (Security) @ WSO2, Drummond begins with the excitement that revolves around SSI and the verifiable credentials trust triangle.
The W3C verifiable credentials data model specification model shows the data flow among the issuer, holder and verifier. The issuer digitally signs attestations, packages and gives the credentials to the Holder.
The Holder will be the one who manages the credentials and presents them as proofs to the verifiers. At 10.10 Drummond states that the idea of SSI is similar to that of the mobile boarding pass on smartphones.
From 12:20 Drummon explains the ‘Verifiable data registry’, highlighting that Blockchain technology is one implementation method but not the only one.
He adds that an issuer who wants to start issuing digital credentials writes the DID (Decentralized Identifiers) to a verifiable data registry. The associated DID documents have the public key and the other cryptographic metadata that are required for the process.
At 13:17 he describes that the Decentralized identifiers (DID’s) are the address of that DID document on the verifiable data registry. The data registry can be blockchain, distributed ledger, or the distributed file system. The issuer can now ‘Sign’ the verifiable credentials that are issued off ledger to the ‘Holders’. The ‘Holder’ can now present the proof of that credential to the ‘Verifier’.
At 25:05 Drummond mentions that it is possible that the holder can just share the credentials received from the issuer without any proof of possession in some rare cases. Drummond now emphasizes the special role of the peer to peer connections. He adds that sharing the public DID’s are very much prone to data leakage and that there is no guarantee that your sensitive information is kept private.
Using public DID’s to sign the credentials is definitely not a good practice. At 28:05 he states that there is another category of DID’s known as the private pairwise peer DIDs. Both the issuer and the holder generate key pairs for the other. He also adds that there will be a separate pair of private pairwise peer DID’s between the holder and verifier.
Role of biometrics and frameworks
From 35:35 Drummond moves on to the special role of biometrics. Biometrics plays a major role in verifying the ‘Holder’.
Fingerprints or face-scanning are common ways to unlock the wallet. He adds that there are four different ways of integrating biometrics. The different options are introducing a liveness checking function in the wallet, using the biometrics on a local device to unlock the holder’s wallet, verifying remotely using a biometric service provider (BSP) and including biometrics directly in a credential for the verification process by the verifier.
From 41:30 Drummond explains the special role of the governance frameworks. The only way the verifiers know all the issuers is through another trust triangle which is famously referred to as the governance trust triangle and the role associated with it is the governance authority.
He states an example where Mastercard or Visa is the governing authority and they are the ones who authorize all the banks and credit unions in the world to issue a credential called the credit card to cardholders. The merchants need not know the intricate details of the banks or credit unions, they just trust the governance authority.
At 46:49 Drummond answers the important question: ‘How can we standardize SSI for universal interoperability. This is where the concept of trust over the IP stack is introduced.
Here, the four-layer architecture along with their unique characteristics and functionalities are discussed. The two frameworks are the technology and governance frameworks. The trust over IP governance stack comprises the utility governance frameworks, provider governance frameworks, credential governance frameworks and ecosystem governance frameworks. The trust over IP technology stacks comprises 4 layers namely public utilities, DIDComm peer-to-peer protocol, data exchange protocols and application ecosystems.
At 54:09 Drummond reiterates the major purpose of ‘Trust over IP Foundation’. The prominent purpose is to define a precise architecture for the internet-scaled digital trust which combines cryptographic trust at the machine layers with the human trust at the business, legal as well as social layers.
This video, presented by Drummond Reed thus illustrates the way the Self-Sovereign Identity works and the great positive impact it could create on securing the user’s sensitive information privately. In addition, the video also illustrates the concept of ‘Trust over IP stack’ and the way it functions in the real world.