Re: [Hyperledger Indy] Hyperledger Indy and Ethereum DIDs interoperability through decentralized universal resolvers on Ethereum/Indy - Nathan Aw from Singapore from Markus Sabadello on 2018-12-16 (public-credentials@w3.org from December 2018)

From: Markus Sabadello <markus@danubetech.com>
Date: Sun, 16 Dec 2018 21:41:12 +0100
To: Nathan Aw <nathan.mk.aw@gmail.com>, Oliver Terbu <oliver.terbu@consensys.net>
Cc: W3C Credentials CG <public-credentials@w3.org>
Message-ID: <7ad5069c-dbb7-d8df-111c-1cdebc0e12cd@danubetech.com>
Nathan,

One thing to point out is that https://uniresolver.io/ is running one
public instance of the Universal Resolver (I assume that's why you call
it "centralized").
Of course you should NOT use this public, centralized instance for
anything other than simple testing and debugging, precisely because you
don't want to trust that hosted service with anything important.

The whole point is that you should run your own instance of this
Universal Resolver (or other DID resolver implementations). It's open
source, so you can deploy it yourself. This makes it "decentralized":
https://github.com/decentralized-identity/universal-resolver/

Regarding your point 2.:
- "Getting hold of one's DID" is strictly speaking method dependent.
Typically a DID is controlled by a private key, and if you lose access
to the private key, then you lose control over your DID and DID
document. But "control over a DID" can also be implemented in a more
nuanced way, e.g. there could be different keys with different
"capabilities", and if you lose access to one private key, then there
may be ways to still recover control over your DID and DID document in
other ways. Again, this is DID method dependent.
- The DID document is considered public, anyone in the world can read
it, just like anyone in the world can resolve a domain name to its IP
address. This means you shouldn't have any sensitive/private information
in the DID document anyway.
- Losing control over your DID and DID document does not necessarily
have implications on the services that are discoverable from the DID.
For example, if an attacker "gets hold of your DID", then that attacker
may still not be able to access an ActivityPub service, or XDI service,
or Sovrin agent that is associated with the DID.

Markus

On 12/16/18 12:19 PM, Nathan Aw wrote:
> Hi Oliver, Markus,
>
> Many thanks. I took a deep look at the universal resolver and its
> specifications at https://uniresolver.io/. It is really great. Some
> questions I have.
>
> 1. Like a DNS system, is there some way that one can contribute to
> make the universal resolver a decentralized one? (Based on my limited
> understanding, the universal resolver is currently centralized.) 
> 2. If an attacker gets hold of one's DID, e.g.,
> did:sov:WRfXPg8dantKVubE3HX8pw, he or she gets all the DID document
> and its service endpoint and some public key -- is this potentially
> troubling?
>
> Thanks !
>
> Regards,
>
> Nathan Aw
>
> On Wed, Dec 12, 2018 at 2:47 AM Oliver Terbu
> <oliver.terbu@consensys.net <mailto:oliver.terbu@consensys.net>> wrote:
>
>     Hi,
>
>     Please note, that ERC 1056 is also supported (did:ethr).
>
>     Best,
>     Oliver
>
>>     On 10. Dec 2018, at 21:31, Markus Sabadello
>>     <markus@danubetech.com <mailto:markus@danubetech.com>> wrote:
>>
>>     Hello Nathan,
>>
>>     You're probably referring to the DIF Universal Resolver:
>>     https://github.com/decentralized-identity/universal-resolver/
>>
>>     It uses a set of "drivers" which can resolve different DID
>>     methods to their DID Documents.
>>     This is the basis for building ledger-agnostic, interoperable
>>     identity platforms.
>>     Sovrin/Indy as well as ERC725 are among the ones that are supported.
>>
>>     See here for more information:
>>     Blog post:
>>     https://medium.com/decentralized-identity/a-universal-resolver-for-self-sovereign-identifiers-48e6b4a5cc3c
>>     Public instance of the Universal Resolver: https://uniresolver.io/
>>     Webinar:
>>     http://ssimeetup.org/did-resolution-given-did-how-do-retrieve-document-markus-sabadello-webinar-13/
>>
>>     This is not the only implementation of a DID resolver out there,
>>     here are others:
>>     - https://github.com/digitalbazaar/did-cli
>>     - https://github.com/uport-project/did-resolver
>>
>>     Markus
>>
>>     On 12/10/18 6:04 PM, Nathan Aw wrote:
>>>     Hi all, this is Nathan Aw from Singapore. 
>>>
>>>     As one's decentralized identity can and should reside on
>>>     different ledgers/blockchain for maximum resilence and coverage,
>>>     I am working on blockchain interoperability solution between
>>>     Ethereum and hyperledger indy (Sovrin), specifically how DIDs
>>>     (Decentralized Identifiers) on different ledgers/blockchain can
>>>     be linked, established and implemented (roll out) on a planetary
>>>     scale.
>>>
>>>     1. Establishing the link between ethereum account ID (erc 1056,
>>>     erc 780, 725, 735) and Hyperledger Indy DIDs state variables
>>>     through Hyperledger Indy Universal Resolver / Universal
>>>     Registrar and/or an Ethereum-based universal DID resolvers
>>>
>>>     Is there some way to design and build a decentralized universal
>>>     DID resolvers in Ethereum that interfaces with Hyperledger Indy
>>>     DIDs Universal Resolvers?
>>>
>>>     Wondering if anyone could provide inputs to the possible ways of
>>>     integration between this 2 major decentralized identity platforms?
>>>
>>>     Thank you.
>>>
>>>     Nathan Aw from Singapore
>>>
>>>     https://sg.linkedin.com/in/awnathan
>>>
>>>     https://datatracker.ietf.org/meeting/103/materials/slides-103-dinrg-decentralized-identity-01
>>>
>>>     https://www.hyperledger.org/news/speakersbureau
>>>
>>>     https://erc725alliance.org/
>>>
>>>     https://www.hyperledger.org/community/technical-ambassador
>>>
>>>     https://www.meetup.com/BlockChain-Dapps-Technology/events/254556114/
>>>
>>>     https://www.hyperledger.org/blog/2017/12/05/developer-showcase-series-nathan-aw-ntt-data
>>>
>>>     https://www.meetup.com/Hyperledger-HK/events/248011521/
>>>
>>>     https://blockchain.ieee.org/newsletter/editorial-board
>>>     _._,_._,_
>>>     ------------------------------------------------------------------------
>>>     Links:
>>>
>>>     You receive all messages sent to this group.
>>>
>>>     View/Reply Online (#300)
>>>     <https://lists.hyperledger.org/g/indy/message/300> | Reply To
>>>     Sender
>>>     <mailto:Nathan.mk.aw@gmail.com?subject=Private:%20Re:%20%5BHyperledger%20Indy%5D%20Hyperledger%20Indy%20and%20Ethereum%20DIDs%20interoperability%20through%20decentralized%20universal%20resolvers%20on%20Ethereum%2FIndy%20-%20Nathan%20Aw%20from%20Singapore>
>>>     | Reply To Group
>>>     <mailto:indy@lists.hyperledger.org?subject=Re:%20%5BHyperledger%20Indy%5D%20Hyperledger%20Indy%20and%20Ethereum%20DIDs%20interoperability%20through%20decentralized%20universal%20resolvers%20on%20Ethereum%2FIndy%20-%20Nathan%20Aw%20from%20Singapore>
>>>     | Mute This Topic
>>>     <https://lists.hyperledger.org/mt/28715771/952282> | New Topic
>>>     <https://lists.hyperledger.org/g/indy/post>
>>>
>>>     Your Subscription
>>>     <https://lists.hyperledger.org/g/indy/editsub/952282> | Contact
>>>     Group Owner <mailto:indy+owner@lists.hyperledger.org> |
>>>     Unsubscribe <https://lists.hyperledger.org/g/indy/unsub>
>>>     [markus@danubetech.com <mailto:markus@danubetech.com>]
>>>
>>>     _._,_._,_
>>
>
Received on Sunday, 16 December 2018 20:41:42 UTC