Today Hyperledger announced the new Hyperledger Aries identity project. Hyperledger already has the Hyperledger Indy identity project which underpins the Sovrin Network. Going forward the emphasis of Indy will be on the blockchain or backend side. But for decentralized identities very little is stored on a blockchain. Much of the functionality is around the client side: the communication between organizations and individuals and how individuals manage their identity wallets. This work will now live in Hyperledger Aries.
Hyperledger says Aries is not a blockchain and not an application. Instead, it’s providing the infrastructure to create applications.
There’s also a realization that there won’t be one identity network, there will be many, and they need to be interoperable. Aries addresses this as well. The Aries group which is sponsored by the Sovrin Network has reached out to Ethereum-based decentralized identity initiatives and W3C participants to contribute to Aries’ code.
There’s an argument that Hyperledger Indy has been split into two, with the client aspects in Aries targeting being interoperable with non-Indy based networks.
What’s on the blockchain?
It’s worth stepping back and looking at what Hyperledger Indy previously covered to appreciate what Hyperledger Aries plans to do.
With Indy, simplistically there are two sets of functionality. The blockchain or server/backend side, and the client side or what happens in apps. The blockchain has limited functionality. It only stores public decentralized identities (DIDs) for organizations. For example, a passport office or a university. That way people can ensure credentials are signed by these organizations.
So a Hyperledger Indy blockchain would include organization DIDs, formats for different kinds of data like a passport or a college qualification, and a link between the organizations and the formats they support. Plus there are revocation registries for expired passports and the like.
If a prospective employer ABC Inc wanted to hire you, they might want to verify multiple aspects of your identity. For example, your passport number, your tax id, your college qualification and perhaps the periods you spent at previous employers.
Starting with previous employers, when you departed from your last company, they issued you with a credential which showed start date, end date and your salary. You have a specific decentralized identity (DID) just for your former employer, and it has one for you. But the employer also has a public identity available to anyone.
You’re happy to share the start and end dates of your last job with ABC Inc, but not your previous salary. So your wallet presents a zero-knowledge proof to ABC Inc of the start/end dates. This is a communication between your wallet and the app run by ABC Inc. In other words a peer-to-peer communication.
ABC Inc needs to verify the credential. So its app will check the public key of your former employer against a blockchain and also the format of the credential. Plus it will make sure the credential has not been revoked.
But ABC Inc will also want to check with the passport office to make sure you are, well, you. There’s a good chance that the passport office and your previous employer store data on different identity networks. The idea behind Aries is that the wallet can still work, even if it has to talk to various networks, and even if the networks are not based on Hyperledger Indy.
Almost all the tools to create the above functionality would live in Aries, apart from managing the blockchain. But communication with blockchains is included.
The nitty gritty
So Hyperledger Aries aims to provide a wallet and an encrypted messaging system so that apps can talk to wallets. Plus there will be a Zero-Knowledge-Proof (ZKP) capable credential. There will be a mechanism to enable the creation and signing of blockchain transactions and a Decentralized Key Management System (DKMS). And it will be possible to build API-like use cases based on the Aries functionality.
Additionally there are plans for a storage layer for example to store pictures, health records, or other personal information.