Evernym Commits to Open Source

Self-Sovereign Identity Without Barriers

Openness and freedom are two of the foremost pillars of self-sovereign identity (SSI), and central to our vision here at Evernym. Since our inception, we’ve been passionate about creating a world where individuals are in control over their identity data, where intermediaries don’t extract rent from our interactions, and where we can all benefit from relationships, interactions, and transactions rooted in trust.

This is why, in 2016, we set out to put an end to ‘digital serfdom.’ We sought an end to the notion of individuals ‘renting’ their identity and aimed to, instead, arm them with a set of digital, portable credentials they could own and use anywhere.

Yet, it quickly became clear that consumers aren’t the only ones suffering from siloed experiences. Savvy organizations desire the same sense of digital freedom. They want to know that they won’t be locked into any wallet, network, or identity service provider.

In other words, for verifiable credentials to become ubiquitous, both individuals and organizations need the freedom that comes with openness. This is why we created the Sovrin Network and Hyperledger Indy, as well as why we’re contributing to Hyperledger Aries and Ursa. We help maintain the open source projects that we leverage, and we participate actively in shaping the open standards that benefit the entire industry.

Today, we’re proud to say we’re doubling down on our commitment to open source by making the source code available for our commercial products with a binding commitment that they will be open source in three years. These products include our enterprise credential exchange platform Verity, our digital mobile wallet Connect.Me, and our Mobile SDK for building custom digital wallets.

Introducing the Business Source License

Guided by our values, we knew we wanted to continue open sourcing our products. At the same time, we need to ensure that our business remains healthy enough to continue innovating and sustaining the open source SSI ecosystem.

To achieve both of these goals, we are leveraging the Business Source License, which was created to help companies commercialize open products, while also guaranteeing users that the software will become fully open source within a reasonable time frame.

The Business Source License guarantees:

  • The source code will be public;
  • The software is available for non-production uses without a commercial license;
  • The software will be available for many production uses without a commercial license, so long as they comply with any stated restrictions; and,
  • After a period of time, the software converts to a traditional open source license and is no longer encumbered by any commercial restrictions.

We want Evernym’s commercial products to be available at no cost for research, evaluation, development, internal use by small organizations, and providing unpaid credentials to the public. As such, our license only restricts production use cases that are:

  1. beyond 500 monthly active users, or
  2. for revenue-generating commercial activity.

A commercial license would still be required for those looking to monetize credentials or scale their production use case. After three years from when code is made publicly available, these restrictions will be removed and the software will be available under the Apache 2.0 license.

The SSI ecosystem is new and evolving quickly, so we will pay attention to how these restrictions impact those who are interested in adopting our products and tweak them to strike the right balance between open source values and commercial viability.

Evernym Embraces Open Innovation

As part of our commitment to open innovation, the source code for Evernym products will be publicly available by the time those products are available to our general customer base. We may make limited exceptions in the following circumstances:

  • When selling integrations with proprietary services (where users have already chosen not to value software freedom);
  • Code tied closely to our hosting infrastructure (where it is unlikely to be useful outside of our environment and is likely to contain security-sensitive information);
  • Code to enforce our commercial licenses or authorize access to our hosted services; and,
  • Fixes to old versions of our products, though interested parties could backport fixes from newer releases.

By using our software under the Business Source License, anyone can evaluate our products at no cost and explore how they work for their use case. Customers, partners, and community users can also help the products meet their needs by contributing to the development. And most importantly, all users benefit from knowing that they are in control of their verifiable credential technologies and can either embark on a commercial relationship with Evernym or use an older version of the product that is completely free and open source.

We are committed to further contributing to the open source community at large:

  • We will continue to prioritize interoperability with the many open source solutions available in the SSI ecosystem (see our latest milestone in interoperability through the Trust over IP Foundation).
  • We will continue our sizable investments in liberally licensed infrastructure components shared by all commercial providers in the Hyperledger Aries and Indy ecosystems, and we will continue supporting the Sovrin Network and the Trust over IP Foundation.
  • We will continue participating in the standardization efforts at the Decentralized Identity Foundation and the W3C standards committees related to verifiable credentials to ensure that they support privacy-preserving credentials and that we remain aligned with other digital identity vendors.

Comparison with Other Business Models

Unlike a traditional proprietary business, this approach preserves for our customers the essential freedoms of open source and guarantees that the work we do will become part of the liberally licensed open source ecosystem that benefits everyone.

However, this time-based approach to commercial open source is also simpler than the open core model adopted by many vendors, as it doesn’t require a complicated discussion of what is open and what is closed and whether the proprietary components undermine the viability of the open solution.

Stepping Stones to Public Repos

Over the next few weeks, expect to see some new repos published to Evernym’s organization on GitHub. These will initially be read-only repos synchronized with our internal GitLab instance where our CI / CD runs, and then we will improve the process for accepting contributions.

This effort is part of a project that has received funding from the European Union’s Horizon 2020 research and innovation program under grant agreement No 871932 delivered through our participation in the eSSIF-Lab, which aims to advance the broad adoption of self-sovereign identity for the benefit of all. eSSIF shares our vision for a world of more trusted digital relationships, and we are incredibly grateful for their support.

Achieved with the generous support of eSSIF-LAB

Hosted or Open Source — The Choice Is Yours

While we believe that a thriving open source ecosystem is critical to the global adoption of verifiable credentials, we know that many developers appreciate a hosted service where they can rapidly explore the tech without needing to first set up Verity from a source repository.

To address this group, we’ve launched a hosted Verity offering through our new Sandbox Plan, which is completely free for exploration and evaluation purposes. In addition to product and documentation access, Sandbox users are eligible for standard email support and will be among the first to know of upcoming products/features and new developer tutorials.

Additionally, once you are ready for pilot or production support, we make it easy to scale up with a paid plan tied to your monthly active user growth.

An Open Future

We are confident that our commitment to open solutions will result in better products, but we also acknowledge that to remain healthy we will have to evolve in ways we cannot predict. We commit to communicating publicly about changes we may make to our product licensing or how we engage in the various open source communities and standards bodies that intersect with our products.

We’re excited about this next chapter in creating a more open world for our customers, their stakeholders, and the developer community at large. We hope you will play with our hosted Verity Sandbox and then check out our repos on GitHub. Let us know what you think and join us in creating a more open, more trusted world.

Steve Havas & Richard Esplin
About the author

Steve Havas, CEO / Richard Esplin, Director of Product Management