On Friday, enterprise alliance Hyperledger announced that Hyperledger Aries is the latest initiative to transition to active from incubation. Given the push towards COVID-19 health credentials, the timing is opportune as Aries provides a set of tools to implement decentralized identity (DID).
“Convergence on common libraries for the exchange of credentials will help speed the development of urgently-needed solutions and systems, ranging from education to finance to the fight against the pandemic. Aries is key to that convergence,” said Brian Behlendorf, GM for Blockchain, Healthcare and Identity at the Linux Foundation.
The production-ready Hyperledger Aries is a relatively new initiative that was motivated but another identity project, Hyperledger Indy. The two communities have the common goal of decentralized identity and verifiable credentials but focus on different technology areas.
Indy provides the network protocol and enables a limited amount of non-private data to be saved on a blockchain. For example, if a COVID-19 testing lab issues a verifiable credential for a test, you might want to check it really was them that provided the credential. To do so, your app would check the public key matches what’s on the Indy-based chain. Indy stores other information such as a list of credentials that have been revoked, for example, if a driver’s license expires.
Turning to the Hyperledger Aries project, it provides a set of tools to create decentralized identity apps. Those tools fall into three buckets, agents, DID communications and protocols.
A mobile app wallet that stores your credentials is an agent. Agents are the technology ‘actors’ that work on behalf of real people or institutions. Some people are happy with self-hosted wallets, while others use cryptocurrency exchanges and banks to store their assets. Likewise, people might decide to store their credentials in the cloud, where another set of tools is needed for this type of agent. In these examples, both the cloud and mobile agents act on behalf of credential holders. But the credential issuer – a lab or the passport office – will also need a technical ‘agent’ to issue the credentials on its behalf.
And the other part of the story is how the agents communicate with each other, which is usually one-to-one or P2P communication.
Some assume the credentials are stored on a blockchain. But with the Hyperledger protocols, that’s not the case. Instead, if a test lab issues a health credential, it would be sent directly to your wallet. For that to happen requires a secure communication method between the lab and your wallet and some agreement about the content of the messages.
Simplistically, DID Communications are the generic ways to communicate. Protocols are a layer on top that involves specific ways applications communicate. For example, how you receive your credentials from a lab, and how you can share them at the airport.
And interoperability is an important part of communication.
Another slightly confusing aspect is how Hyperledger Aries fits in with the Trust over IP Foundation (ToIP), which like Hyperledger, is also part of the Linux Foundation.
ToIP focuses on the bigger picture of what is needed to get decentralized identity more broadly adopted. So it involves the human aspects or, more specifically, the governance that’s needed for various aspects in a DID network, as well as the technology stack.
Meanwhile, ID2020 recently launched the Good Health Pass Collaborative, where both Hyperledger and ToIP are members alongside many other providers. The aim is to ensure credentials are interoperable.
Three examples of travel credentials being rolled out are the IATA Travel Pass, GE’s TrustOne, and the International Chamber of Commerce’s ICC AOKpass.