Hyperledger Aries to Enable Blockchain-Agnostic, Self-Sovereign Identity
Focusing on interoperability
In two years since the introduction of Hyperledger Indy in 2017, the scope of work within its development community has far extended beyond what was initially set in its proposal. To clarify and keep track of new and existing peer-to-peer interaction code for secrets management, verifiable information exchange, and secure messaging across different blockchains and other distributed ledger technologies, Hyperledger Aries was set in motion.
During a self-sovereign identity (SSI) webinar in June 2019, Nathan George of the Sovrin Foundation explained how Aries stemmed from the Hyperledger Indy project to embrace non-blockchain components of a decentralized identity platform. By focusing on the information exchange, Aries looks to provide an infrastructure of tools for enabling data exchange, peer-to-peer messaging, and facilitating interactions between different distributed ledger technologies while remaining blockchain-agnostic.
“One of the things we found as the Hyperledger Indy community grew is that being a system that does blockchain identity means people often incorrectly focus on the blockchain component of the system. But as you start to build out applications and solutions, it turns out that this information exchange layer between different parties is the most important part of your infrastructure.”
—Nathan George, Sovrin Foundation
What is Aries?
Aries is the second project that spun out of Hyperledger Indy (the first was Hyperledger Ursa). It was proposed to the Hyperledger project in April 2019 and was later accepted into incubation on May 2. Similar to Indy and Ursa, the primary contributor of Aries is the Sovrin Foundation.
Aries is an infrastructure of interoperable tools for designing solutions that create, manage, and transmit digital credentials. It is a reference implementation of the agent, decentralized identifier (DID) communications, wallet, protocols, and key management technologies, which make decentralized identity possible.
According to the Sovrin Foundation’s announcement, Aries will enable developers to use interoperable tools and libraries to make their own digital identity wallets and configure these to work with different blockchains and other distributed ledger technologies. Additionally, Aries currently provides the following features:
- support for multiple blockchains through the resolver interface
- secure data store interface with a vetted cryptographic library
- encrypted messaging for off-ledger communication
- zero-knowledge proof verifiable credentials
- decentralized key management system
During the SSI webinar, Nathan detailed that the work done by the Aries community focuses on standards and interoperability in both the credentials exchange and agent-to-agent layers of the Sovrin Stack (the governance framework layer).
“It really doesn’t matter which public blockchain you use, you still need a verifiable credentials exchange and pairwise connections to exchange keys and have trust between parties, especially if you’re trying to do it in a non-correlatable way. Most of these interactions happen entirely independent of the blockchain or the public oracle, which means that the standards and interoperability work in the credentials exchange, and the agent-to-agent layers is just as important. If not more important than any interoperability and standards work that happens in the public oracle or the blockchain.” —Nathan George, Sovrin Foundation
How it works
With the separation of the credentials exchange and agent-to-agent layers from Indy, Aries focuses on interoperability among different agents, wallets, and credentials. Through the pluggable resolver interface, this interoperability also extends to other DID networks, such as Ethereum, Hyperledger Fabric, Sawtooth, etc.
“The agent architecture inside Hyperledger Aries doesn’t require centralization in order to do what you need to accomplish. It actually enables a whole broader spectrum of semi-managed services, because it allows this construct of delegation and has more infrastructure for key management than what we’re used to from cloud cryptowallet providers.” —Nathan George, Sovrin Foundation
The diagram below depicts how Aries works in conjunction with Indy and Ursa. In this case, Aries leverages Ursa’s cryptolibraries to provide decentralized key management and secure secret management, such as zero-knowledge proof.
“Right now, we think of Aries as an agent extension that goes on top of a decentralized system like blockchain. Over time, we’ll start to think of that in the inverse where Aries is the infrastructure toolkit that you can use to build lots of different kinds of blockchains.” —Nathan George, Sovrin Foundation
With Aries just being recently incubated, most of the code repositories for Aries are still undergoing migration and development can be tracked in the project’s GitHub repo. Interested contributors can check out the working group, as well as the Aries and Indy Agents chat channels.
Want details? Watch the video!
In this video, Nathan George provides an overview of self-sovereign identity. He then talks about the history behind Hyperledger Aries and the work being done.
You can also check out his slides from the webinar.
Other Hyperledger projects
- Hyperledger’s Sawtooth Lake Aims at a Thousand Transactions per Second
- Hyperledger Incubates the Indy Project to Address Identity Management
- The Iroha Project to Bring Mobility to Blockchain with Simple APIs
- Hyperledger Cello to Govern Multi-Tenant Blockchain as a Service
- Hyperledger Grid to Aid Supply Chains with Blockchain Components