@canadaduane — what a fantastic follow-up! :) We elaborate on selective disclosure of verifiable credentials as well as what measures we take to prevent reverse correlation in our website's FAQ section (starts about halfway down).
I've copied some relevant snippets from our FAQ below which should offer a general overview on these issues (of course, please feel free to share any further questions here or via email to email@example.com).
Why do you use blockchain?
What measures do you take to avoid reverse correlation of anonymous or pseudonymous digital identities to their real world counterpart?
@blazedarwin Thanks, this is useful! It would be helpful if I could outline a system I'm a little more familiar with--Sovrin in this case--and perhaps you can compare/contrast the architecture and correlation protections that Jolocom provides?
Sovrin is working on a way to create unique, pairwise DIDs for each relationship/connection that a person establishes. The benefit here is that if you establish unique DIDs representing yourself to each of your contacts (friends, businesses, governments), these unique identifiers can't be used in a collusion scenario to automatically correlate information about you. (Currently, Sovrin requires registering DIDs on the Indy public ledger, but their future direction is "microledgers." These will allow each individual to keep their own private database of their relationships, so that--while optional and useful in some scenarios to make DIDs public--DIDs need not be shared publicly in most cases).
In addition, verifiable credentials associated with one of your DIDs can still be used by you as proof to someone else who knows you by a separate DID. The magic that enables this is a "Link Secret" (formerly a "master secret") that only you know. This allows you to sign blinded proofs that a verifier can see as a claim/credential about "you," even if the claim was made about a different DID belonging to you.
All of this means that in general, the "default setting" in Sovrin will be to provide correlation protection by default--essentially a new "persona" for every relationship--but all while enabling connecting the many personas' credentials in a useful way. (Apologies if I'm overloading the term "persona" here.)
@katszwn Thanks for your answers. Let me get this together:
In order to issue a claim, a user share a webservice his/her did (e.g. through a QR code showed in the examples). 2) The issuer can create what-ever claim he wants to issue to the user in the form of a QR code which the user 3) scans and accept this claim (in order to use it, or deny it)
A direct issue of a claim (like I thought with the screenshot I provided) to a specifc identity is not possible without a communication (e.g. in form of a QR code).
That is correct! We experimented with encoding entire credentials in QR codes, but eventually the character limits get to us (decreasing the error correction level is a potential solution, but leads to unreliable scans, and does not provide that much space).
We intend to focus on enabling users to issue signed credentials to other users directly (e.g. via NFC / Bluetooth) in a peer to peer / web of trust fashion, but as of now, a middleman / server is required.
2018 has been a great year at Jolocom, we...
👉🏽 doubled our team
👉🏿 launched our SmartWallet Alpha
👉🏻 released our Whitepaper
👉 contributed to the #SSIpaper
👉🏼 expanded our universal identity protocol
& saw a remarkable 👆🏾in activity in the #decentralization community on & offline.
Thx to all who we met along the way, and who helped us get the message for self-sovereign identity and decentralization, at large, across.
Read up on where we were, who we partnered with, and what we're reading in our downtime this holiday break: http://bit.ly/Jolocomin2018
We're giving away 10 tickets to the Deutsche Telekom T-Labs #blockchain #identity hackathon happening 19-20 January here in Berlin - register here using the code JOLOCOM at https://www.universe.com/events/blockchain-identity-hackathon-t-labshack-tlabs-in-berlin-tickets-berlin-2435H6
🥇$3000 🥈$2000 🥉1000
Jolocom devs will be there mentoring on both days so come say hi to Eugeniu, Natascha, Charles and Ira 👋🏼
An update from our devs from January ➡
we helped hack #SSI use cases at #TLabsHACK in Berlin - stay tuned for more #TLabsHACKing from us in Barcelona next month
one of our newest devs, Charles, integrated Jolocom with the DIF universal resolver
we added language support for German & Dutch to the SmartWallet
we onboarded two new members to the dev team, Lukas & Charles
were seen at 5 community events
➡ Take a look: http://bit.ly/januarydigest
An important note to developers working with our libraries:
We are in the process of updating the dependencies of jolocom-lib and this will require node users to use version node 10+. If you are using an older version, you may encounter errors. If you do, please upgrade node.
Hi @BenchToMarket, you can find our deployed contract here.
If you inspect any transaction sent to it (example), and view the
Input Data as
UTF-8, you'll see something along the lines of:
Zµî73>uÊnwOepiN\ýú9¢ªdjî»°ö§´@.QmQiLVrYjtH1nATYdXzEun2JeZnTLt6nXD7Ed2hZhaqCRJ. (The first section is of type
The IPFS hash anchored in this transaction is
You can then query any public ipfs gateway, for instance:
to get the DID Document
Along with above: how can i view my did on Rinkeby Etherscan? ~is there 1 did for me AND 1 for every credential?
Each agent (e.g. user, service, device) has a
did. Credentials contain the
did of the issuer and subject, but are not themselves assigned
Hi. Analogous to @BenchToMarket question, I'd like to know the steps the EthereumConnector and IPFSConnecter takes how to create an identity and anchoring it to the Ethereum Chain und IPFS.
I wrote some Custom Connector for both (Ethereum and IPFS), which just implements the default connectors. I run some console.log() to see, which function gets called why and when. For example, after I call the registry.create(vaultedKeyProvider, password) function to create a new IdentityWallet, I get this output:
Intercepted request for did:jolo:.... -> (which return some 46-length string like 'QmYb...'
Intercepted catJSON IPFS
Intercepted storeJSON IPFS
Intercepted request for did:jolo:... , updating to QmYb...
My question is, what does the 'resolveDID(...)' function excatly do, when it returns a string like 'QmYb...' etc? What is stored on the Ethereum-Blockchain? It is a key-value pair like did:jolo -> QmBy...?
In case of resolving a did:
Calling resolveDID on Ethereum Resolver which calls the getRecord method on the identity contract with the DID as an argument to get back the IPFS hash,
Call catJSON on the IPFS connector with the IPFS hash as an argument to get the associated DID document.
Pasting an answer I gave some days back in our Telegram channel for a bit of context on the custom connector stuff:
Eugeniu admin, [16. Apr 2019 at 11:26:11 (16.04.19, 11:26:25)]:
...We are currently integrating the wallet / lib with some custom deployments as well, and it's becoming apparent that the abstractions put in place when the lib was written, although sufficient for now, are a bit restrictive.
We will be spending some time next sprints looking at how the components (e.g. registry, storage, contracts support) can be abstracted further, in a more natural way. (E.g. currently there's no reason the ipfsConnector should be specific to ipfs in any way, and some bits of the interface [e.g. requiring the "pin" arg on the storeJSON, which is an implementation detail] should be updated).
Ideally actually making use of the abstractions will highlight inconsistencies / redundancies in our model, which we can address in further releases.