Two weeks ago, I joined Hyperledger Executive Director Brian Behlendorf at the Consensus blockchain conference in New York City to announce the newest addition to the Hyperledger family of blockchain-powered projects: Hyperledger Aries.
Aries was born out of the work on identity agents and identity wallets that began in the Hyperledger Indy project. As a company focused entirely on decentralized identity, Evernym was one of the original founders of the Sovrin Network and contributed the first code to the open source project Hyperledger Indy.
Aries is, in fact, the second Hyperledger project to spin out of Hyperledger Indy. The first was Hyperledger Ursa, announced in December 2018. Ursa consolidated crypto code from all Hyperledger projects into a single shared crypto library that can be used by all Hyperledger projects (and anyone else) to perform advanced crypto operations (including the Camenisch-Lysyanskaya zero-knowledge proofs used by Indy credential exchange).
Aries is the next step, splitting out the Indy agent and wallet code into a new project that will be entirely blockchain- and DLT-independent.
The rationale for splitting out Aries is apparent from the four-layer self-sovereign identity (SSI) architecture diagram below (based on Appendix D of the Sovrin Glossary).
When it first began, the Hyperledger Indy project included code for all three of the lower layers—for the Indy SSI ledger at layer 1; for SSI agents, wallets and DID-to-DID communications at layer 2, and for ZKP-based credential exchange at layer 3.
This was very powerful, but also somewhat overwhelming for new developers. And it gave the impression that layers 2 and 3 were tied to the Hyperledger Indy permissioned blockchain code at layer 1.
Separating out layer 2 and 3 code into a new independent project brings clarity to the fact that the goal of this four-layer stack is universal interoperability among all SSI ledgers, agents, wallets, verifiable credentials, and governance frameworks. This includes new DID networks such as the Bitcoin-based ION network announced by Microsoft at Consensus, the Ethereum network, the Veres One network, or any other modern blockchain capable of supporting DIDs and the other cryptographic primitives necessary for the DID Communications protocol at layer 2.
The following diagram shows how Aries has factored out the agent and wallet components into standalone code bases that will use the Ursa crypto library for crypto operations and run the DID communications protocol on top of the Indy ledger or any other DID method that supports DID communications, including the P2P did:peer: method that does not require a ledger.
Self-sovereign identity based on DIDs requires strong interoperability and pluggability at the infrastructure level. It also requires great applications that offer end-to-end functionality so that users can accomplish jobs with greater security, flexibility, and privacy. Aries will be a major step forward in this direction, and Evernym products like Connect.Me and Verity that build on Aries will become even more useful for our customers.
Aries is especially exciting to us as it will be the industry’s first implementation of interoperable open source wallets for digital credentials that use the DKMS (Decentralized Key Management System) architecture that Evernym pioneered under a contract with the U.S. Department of Homeland Security. We believe this is critical for true SSI because the contents of your digital wallet (DIDs, credentials, private keys, etc.) need to be portable to any vendor’s implementation just like your money should be portable to any bank.
This is another major step towards a world of truly interoperable, ubiquitous SSI, and we’re delighted and proud to do our part in making this technology accessible to a wider audience.
Thanks for reading!
Want more resources on all things self-sovereign identity?