What is decentralized identity?

Indicio Proven is a complete, “off-the-shelf,” end-to-end system for decentralized Verifiable Credentials that can be quickly integrated with existing identity systems in a cost-effective way.

Proven is designed to provide a fast, simply way to use this powerful technology to your team, so you can focus on building your business.

The Indicio Network often refers to the Indicio MainNet, but Indicio actually offers four different networks for the creation of decentralized identity solutions.

Indicio Test Net: The platform to get your proof-of-concept up and running. This network is also used to test the latest code before it can be deployed to the Indicio MainNet.

Indicio Demo Net: The stable platform to use for product showcases and demonstrations. Indicio provides support services for this network to ensure your demo runs smoothly.

The Indicio MainNet: The enterprise-grade network to run mission-critical verifiable credential products and services. Indicio also provides full professional support services for customers using this network.

The Indicio TempNet: This network is a private space to conduct any security or penn testing. We’ll spin up your very own space and clean up after you when you’re done.

The following information — and only this information — is, typically, stored on the ledger:

DIDs for an Organization, Company, or Institution

A Decentralized Identifier (DID) is an identifier that is linked to public cryptographic keys and a service endpoint. These are used to verify credentials from a particular issuer; the endpoint allows you to communicate with that issuer.

Generally, public organization DIDs comprise Issuer DIDs, Verifier DIDs, and the DIDs of other well-known authorities.

Credential Schemas

A credential contains information and Schemas define the different fields containing that information. For example, if you look at a physical driver’s license, it will have sections for birth date, address, height, and weight. Each of these fields would be attributes within a Schema for a driver’s license verifiable credential.

TDLR: The Schema stores the definition for the attribute but not the specific values for the attribute.

Credential Definitions

These are specific to the use of the AnonCreds credential format with Hyperledger Indy. Credential Definitions link a cryptographic key to each of the attributes in a Credential Schema. This allows a holder of a credential to share information in privacy-preserving ways, such as through selective disclosure (only a single attribute is shared) or a predicate proof (an attribute value can be numerically assessed without the actual value being disclosed, such as >21 or <21 for purchasing items that have legal age requirements).

Revocation Registry Accumulators 

This provides a way of signaling which credentials are valid by keeping track of which credentials have been revoked and which have not been revoked. It is called an accumulator because the information on non-revoked and revoked credentials is compiled into an aggregate value without revealing the underlying information. As a consequence, the accumulator does not directly reveal the revocation status of any individual credential. Instead, this aggregate value is used by the credential holder to prove that their credential has not been revoked. This calculation is called a “proof of non-revocation.”

Put simply, the revocation registry accumulator is a way of proving your credential is valid.

What’s not on the ledger

Personally Identifying Information (PII)

No PII or personal data of any kind is recorded on the ledger.

Credential Issuance

No information about the issuance of any individual credential is recorded on the ledger.

The Verifiable Credential

Verifiable credentials are not written to or stored on the ledger in any context.

One of the most powerful features of decentralized identity is that you can create an ecosystem of  millions of people using millions of credentials with only three or four writes to the ledger: the credential type, the schema, the credential definition, the issuer DID, and the revocation registry

Self-sovereign identity (SSI) is the concept where individuals or individual entities have complete “sovereign” control over their digital information, and how it is used and shared.

This control means the “sovereign identity” does not have to rely on third parties to hold and store their personal data for access to products or services or for verification purposes. 

DIDComm, or DID Communication, is a protocol designed to enable secure and private communication between parties by using decentralized identifiers (DIDs).

Unlike traditional methods for trusted connections, DIDComm provides mutual authentication and trusted communication, addressing the gaps in current technologies such as phones or email. DIDComm leverages Verifiable Credentials to add a verification element to digital relationships.

Indicio Holdr+ uses DIDComm as the basis for the messaging capabilities.

Learn more at https://didcomm.org/

Indicio allows financial institutions and other organizations that rely on KYC to store their completed KYC information inside tamper-proof Verifiable Credentials.

Once the information is stored inside a Verifiable Credential it can be re-used, or even shared across the organization or partner organizations to reduce the frequency that organizations need to complete this time consuming and expensive process.