6H/ Indy DID Method & Network of NetWorks

From IIW

Indy DID Method & Network of NetWorks


Session Convener: Daniel Bluhm

Notes-taker(s): Markus Sabadello

Tags / links to resources / technology discussed, related to this session:

Hyperledger Indy, DIDs, Sovrin, Indicio


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

https://github.io/hyperledger/indy-did-method


Goals:

  • Align Indy networks with W3C DID spec (original HL Indy existed before DID standardization and had earlier concepts)
  • More and more Indy networks (Sovrin, Idicio, Findy, IDunion, Candy) -> desire to use VCs issued on one network on another network
  • DID URLs for Anoncreds objects


Example:

did:indy:indicio:…

  • Who decides what the names under did:indy are? -> That’s a question of governance frameworks
  • Could be built into a resolver similar to hosts.txt file
  • Could be resolved dynamically using a config file from a Github repository


Example DID URL:

did:indy:example:123abc/anoncreds/V0/SCHEMA/seq_NO

Also for CLAIMDEF, RevRegDEF, Deltas

This didn’t require any changes in HL Indy, only in resolvers.

Has been implemented in indy-vdr library.

Introduced a new “didDocContent” ATTRIB.

Now we have explicit rules for how to join data from NYM and ATTRIB into a DID document.

Updates are possible -> you rewrite the whole DID document with w new ATTRIB transaction.

Question about scale, what if I want to create a million DIDs?

-> HL Indy networks may have to be tweaked to support scale, but it doesn’t really affect the DID method rules.

In HL Indy, personal DIDs are not written to the ledger; instead, peer DIDs as implemented in HL Aries are typically used.

The namespacing inside the did:indy method opens up the possibility of the “network-of-network”.

This also made it easy to add a driver for the Universal Resolver.

If you want to add a network to did:indy, there’s a Github repo where you can raise a PR with the new network. This repo is managed by the did:indy community.

There is an idea of cross-registration, so on one network you could have a directory where you look up other networks. Is this still the plan? This pattern may also apply to other networks.

Maybe the network name “local” should be reserved.

At some point there was also a proposal to use hashes of genesis files, instead of human-readable network names.

Maybe HL Indy will become popular as “government networks”.