1 Comment

Hyperledger Aries to Enable Blockchain-Agnostic, Self-Sovereign Identity

by Carlo GutierrezJuly 11, 2019
Developers can use Aries tools and libraries to make digital identity wallets, which can be configured to work on any blockchain network.

Focusing on interoperability

In two years since the introduction of Hyperledger Indy in 2017, the scope of work within its development community has far extended beyond what was initially set in its proposal. To clarify and keep track of new and existing peer-to-peer interaction code for secrets management, verifiable information exchange, and secure messaging across different blockchains and other distributed ledger technologies, Hyperledger Aries was set in motion.

During a self-sovereign identity (SSI) webinar in June 2019, Nathan George of the Sovrin Foundation explained how Aries stemmed from the Hyperledger Indy project to embrace non-blockchain components of a decentralized identity platform. By focusing on the information exchange, Aries looks to provide an infrastructure of tools for enabling data exchange, peer-to-peer messaging, and facilitating interactions between different distributed ledger technologies while remaining blockchain-agnostic.

Nathan George

“One of the things we found as the Hyperledger Indy community grew is that being a system that does blockchain identity means people often incorrectly focus on the blockchain component of the system. But as you start to build out applications and solutions, it turns out that this information exchange layer between different parties is the most important part of your infrastructure.”
—Nathan George, Sovrin Foundation


What is Aries?

Aries is the second project that spun out of Hyperledger Indy (the first was Hyperledger Ursa). It was proposed to the Hyperledger project in April 2019 and was later accepted into incubation on May 2. Similar to Indy and Ursa, the primary contributor of Aries is the Sovrin Foundation.

Aries is an infrastructure of interoperable tools for designing solutions that create, manage, and transmit digital credentials. It is a reference implementation of the agent, decentralized identifier (DID) communications, wallet, protocols, and key management technologies, which make decentralized identity possible.

According to the Sovrin Foundation’s announcement, Aries will enable developers to use interoperable tools and libraries to make their own digital identity wallets and configure these to work with different blockchains and other distributed ledger technologies. Additionally, Aries currently provides the following features:

  • support for multiple blockchains through the resolver interface
  • secure data store interface with a vetted cryptographic library
  • encrypted messaging for off-ledger communication
  • zero-knowledge proof verifiable credentials
  • decentralized key management system

Aries separates layers 2 and 3 from Indy (Image credit)

During the SSI webinar, Nathan detailed that the work done by the Aries community focuses on standards and interoperability in both the credentials exchange and agent-to-agent layers of the Sovrin Stack (the governance framework layer).

“It really doesn’t matter which public blockchain you use, you still need a verifiable credentials exchange and pairwise connections to exchange keys and have trust between parties, especially if you’re trying to do it in a non-correlatable way. Most of these interactions happen entirely independent of the blockchain or the public oracle, which means that the standards and interoperability work in the credentials exchange, and the agent-to-agent layers is just as important. If not more important than any interoperability and standards work that happens in the public oracle or the blockchain.” —Nathan George, Sovrin Foundation


How it works

With the separation of the credentials exchange and agent-to-agent layers from Indy, Aries focuses on interoperability among different agents, wallets, and credentials. Through the pluggable resolver interface, this interoperability also extends to other DID networks, such as Ethereum, Hyperledger Fabric, Sawtooth, etc.

Aries supports multiple ledger technologies (Image credit)

“The agent architecture inside Hyperledger Aries doesn’t require centralization in order to do what you need to accomplish. It actually enables a whole broader spectrum of semi-managed services, because it allows this construct of delegation and has more infrastructure for key management than what we’re used to from cloud cryptowallet providers.” —Nathan George, Sovrin Foundation

The diagram below depicts how Aries works in conjunction with Indy and Ursa. In this case, Aries leverages Ursa’s cryptolibraries to provide decentralized key management and secure secret management, such as zero-knowledge proof.

The Aries architecture within an information exchange platform (Image credit)

“Right now, we think of Aries as an agent extension that goes on top of a decentralized system like blockchain. Over time, we’ll start to think of that in the inverse where Aries is the infrastructure toolkit that you can use to build lots of different kinds of blockchains.” —Nathan George, Sovrin Foundation

With Aries just being recently incubated, most of the code repositories for Aries are still undergoing migration and development can be tracked in the project’s GitHub repo. Interested contributors can check out the working group, as well as the Aries and Indy Agents chat channels.


Want details? Watch the video!

In this video, Nathan George provides an overview of self-sovereign identity. He then talks about the history behind Hyperledger Aries and the work being done.

You can also check out his slides from the webinar.


Other Hyperledger projects


About the expert

Nathan George is the CTO of the Sovrin Foundation. He is also the chair of Hyperledger Indy’s Agent working group, championing Sovrin Foundation’s engagement in the open-source community through Hyperledger Indy. Nathan is a contributor to distributed identity and blockchain standards at the Decentralized Identity Foundation and the W3C. His development experience spans diverse systems—including robotics, GIS, file systems, big data analytics, and attribute-based security systems.