Commonly used Synonyms on SSI — Hyperledger Indy,Aries-Agent

Rangesh Sripathi
3 min readAug 26, 2020

--

I had opportunity to work on SSI with Indy and Aries-Agent stack . I did get carried away with the terms that are listed below, The intention of article is to clarify and present clear cut definitions of the same. It might help folks trying to get started with Indy/Aries Agent.

What is Indy ?

Ledger that is tailor made per standards of SSI specifications — https://www.w3.org/TR/did-core/

What is Aries-Agent ?

Aries-Agent an interface that sits in the middle to interact with Indy Ledger.

Agent — As the term say’s its a facilitator that does work(could be User/Organization) on someone behalf.

What is DID ?

Decentralized Identifiers that uniquely identifies Users/Organization in Indy

Do you need Agents to interact with Indy ?

Hyperledger recommends using Aries Agent to interact with Indy, Indeed the other way to communicate to Indy is via Indy-sdk, but all of the codes are been imported /moved to Aries agent.

How does Aries-Agent communicates to other Aries-Agent ?

Aries Agent communicates to each other via DID-COM protocol.

What is DID-COM protocol ?

Pairwise DID that is exchanged between two Agents to uniquely identify when they communicate with each other.

Will one have same connection-id when connection is established between two Agents ?

No, Each Agent has unique connection-id ,since Pairwise DID are different for each Agent connection-id would be different.

Are there any extra features available with Aries-Agent or Its just plain Indy-sdk?

yes , Aries team has provided attribute/config based functionalities that can auto-accept invitation ,verify-proof etc.. Intention is to make developer job easy.

What is Credential Schema and how do you generate one ?

Credential Schema- This is required for Credential Issuing Authority/Agent which specifies structure of how the credentials is represented.They are essentially a json attributes

They can be generated when creating /spinning up Agents

Can Credential Schema be updated ?

Yes,but you would have to use different version number ,since ledger is immutable.

Can Issued Credential be revoked ?

Yes , Credentials can be revoked

What is Steward ?

A organization approved by Sovereign to operate a node . The respective organization should follow the policies /agreement per SSI Standards. Intention is not to make any one create Identity, but only approved organization following legal /regulation per standards.

A side note , If your organization wants to issue Credential, it has to follow Sovereign Standard

What is Trust Anchor ?

Issuer who is considered to be an Government authority or relatively authority responsible for Issuing Credentials.

Lets assume you have a degree issued by X university , “X” is relatively termed as Trust anchor in SSI world .

What is NYM ?

Creation of DID that is known to the ledger is known as Verinym and the transaction used for creating a Verinym is NYM transactions.

https://stackoverflow.com/questions/52667471/what-is-a-nym-and-how-does-this-relate-to-a-verinym

What is Verkey ?

Verification key of Interest — Public verification key you could see it along with wallet.

What is Wallet ?

A safe storage place to store credential,DID etc..

Does Agent provides Wallet ?

yes, every agent has wallet associated with it.

Does Agent support multi-tenancy ?

No, its a work in progress, at the moment one Agent can hold one Wallet

How does one prove that credentials is issued to correct holder/prover or respective wallet ?

Blinded link secret ensures that credentials are given to respective prover /holder .

https://lists.hyperledger.org/g/indy/topic/clarification_of_reason_for/31820386?p=,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,0,31820386

How does Credential Holder(Prover) prove himself to the Verifier ?

Prover will share the requested proof to the Verifier. Prover will share the following to Verifier

a) Who issued the Credential- DID of Issuer

b)Credentials is not revoked and its active

c) Credentials Issued is not tampered (Contains Credential Definition)

Verifier scans each attributes public key from the Credential Definition and ensures data is not tampered.

Do you need to have an Agent tied to every users ?

Yes , In SSI eco-system every user needs an agent to interact with other participants.

You heard it right Users are proportional to Agents. Lets say if you have 1000 Users you must have 1000 Agents .

Aries -Agent supports Mobile Agent(.NET / Xamarin) ,Cloud Agent(Python)

Identity world / SSI is evolving fast , If you organization is trying to experiment with Indy/Aries-Agent stack , I would strongly recommend using Trinsic (https://trinsic.id/) , It does support multi-tenancy and would take most of developer effort on setting up SSI eco-system rather let focus on developing SSI apps.

--

--