Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Decentralized Key Management (DKMS): An Essential Missing Piece of the SSI Puzzle - Drummond Reed

566 views

Published on

Drummond Reed, Chief Trust Officer at Evernym and Sovrin Foundation Trustee, features in this Webinar "Decentralized Key Management (DKMS): An Essential Missing Piece of the SSI Puzzle". If you can't manage the keys for your DIDs (Decentralized Identifiers), then the SSI engine will never get started. That's why DKMS (Decentralized Key Management System) is one of the core open standards in the DID "stack".

DKMS inverts a core assumption of conventional PKI (public key infrastructure) architecture, namely that public key certificates will be issued by centralized or federated certificate authorities (CAs). With DKMS, the initial "root of trust" for all participants is any blockchain or distributed ledger that supports DIDs. This webinar will explain why we need DKMS, what a DKMS-compatible identity wallet looks like, how DKMS can solve some longstanding problems in wallet backup and recovery, and where DKMS is headed for standardization.

Published in: Internet
  • Be the first to comment

Decentralized Key Management (DKMS): An Essential Missing Piece of the SSI Puzzle - Drummond Reed

  1. 1. Decentralized Key Management System (DKMS): An Essential Missing Piece of the Self-Sovereign Identity (SSI) Puzzle Drummond Reed @drummondreed Chief Trust Officer Evernym and Sovrin Foundation Trustee July 2018 Background photo: Christoph Scholz https://creativecommons.org/licenses/by-sa/2.0/
  2. 2. Three Models of Digital Identity SSIMeetup.org
  3. 3. #1: Siloed (Centralized) Identity OrgYou Account Standards: SSIMeetup.org
  4. 4. #2: Third-Party IDP (Federated) Identity Standards: OrgYou IDPAccount SSIMeetup.org
  5. 5. #3: Self-Sovereign Identity (SSI) PeerYou Distributed Ledger (Blockchain) Connection SSIMeetup.org
  6. 6. #3: Self-Sovereign Identity (SSI) Peer Distributed Ledger (Blockchain) Connection Issue credential Verify credential Digital wallet #1 DIDs #3 DID Auth #4 Verifiable Credentials #2 DKMS SSIMeetup.org
  7. 7. Emerging Open Standards for SSI DID (Decentralized Identifier) DKMS (Decentralized Key Management System) DID Auth Verifiable Credentials SSIMeetup.org
  8. 8. What is a DID? SSIMeetup.org
  9. 9. did:sov:3k9dg356wdcj5gf2k9bw8kfg7a 047d599d4521480d9e1919481b024f29d2693f27 2d19473dbef971d7d529f6e9 Private Key Public Key cc2cd0ffde594d278c2d9b432f4748506a7f9f251 41e485eb84bc188382019b6 SSIMeetup.org
  10. 10. 10 SSIMeetup.org
  11. 11. 11 You will not have just one DID. You will have thousands. One per relationship. SSIMeetup.org
  12. 12. 12 Each one will give you a lifetime encrypted private channel with another person, organization, or thing SSIMeetup.org
  13. 13. 13 So how will you manage all those DIDs and private keys? And what will you do if you lose them? SSIMeetup.org
  14. 14. Introducing DKMS SSIMeetup.org
  15. 15. 15 DKMS (Decentralized Key Management System) is an emerging open standard for managing your DIDs and private keys SSIMeetup.org
  16. 16. 16 DKMS applies to the wallets where you store your DIDs and private keys and to the agents that read/write from those wallets SSIMeetup.org
  17. 17. 17 The whole idea of DKMS is to standardize wallets so you never have to worry about security, privacy, or vendor lock-in SSIMeetup.org
  18. 18. DID Layer The decentralized identity stack Identity Owners Cloud LayerCloud Wallet Cloud Wallet Cloud Agent Cloud Agent Edge Layer Edge Wallet Edge Wallet Edge Agent Edge Agent DKMS DKMS DKMS DKMS SSIMeetup.org
  19. 19. What goes in a DKMS Wallet? SSIMeetup.org
  20. 20. 20 #1: DIDs #2: Key Pairs #3: Endpoints #4: Link Secrets #5: Credentials #6: Tokens SSIMeetup.org
  21. 21. 21 One of the primary reasons for cloud agents is to make it easy for you to have multiple DKMS wallets across different devices SSIMeetup.org
  22. 22. 22 The other primary reason is backup and recovery SSIMeetup.org
  23. 23. DKMS Key Recovery SSIMeetup.org
  24. 24. 24 DKMS key recovery supports both offline recovery (“paper wallet”) and social recovery (“trustee”) methods SSIMeetup.org
  25. 25. 25 Both are based on cloud agents continuously storing a backup copy of your wallet encrypted with a special recovery key SSIMeetup.org
  26. 26. DID Layer The decentralized identity stack Identity Owners Cloud LayerCloud Wallet Cloud Wallet Cloud Agent Cloud Agent Edge Layer Edge Wallet Edge Wallet Edge Agent Edge Agent SSIMeetup.org
  27. 27. 27 Offline recovery lets you backup your recovery key using paper or “cold storage” hardware SSIMeetup.org
  28. 28. 28 Social recovery lets you shard your recovery key into pieces that you share with your choice of trustees SSIMeetup.org
  29. 29. DKMS Standardization
  30. 30. How did DKMS happen? 1. Conceived in 2016 by Evernym as part of our initial contract with U.S. Dept of Homeland Security S&T to develop DIDs 2. DKMS Design and Architecture developed over a 1-year contract w/DHS 3. Published in Hyperledger Indy repo for announcement at IIW #26 in April 2017 30 SSIMeetup.org
  31. 31. 31 The initial DKMS architecture is now in open public review in the Hyperledger Indy github: http://bit.ly/dkmsv3 SSIMeetup.org
  32. 32. 32 The plan is to form a DKMS Technical Committee at OASIS, currently the home of the KMIP (Key Management Interoperability Protocol) open standard SSIMeetup.org
  33. 33. 33 Work on the DID specification has been funded in part by a Small Business Innovation Research (SBIR) grant from the U.S. Department of Homeland Security Science and Technology Directorate. The content of this specification does not necessarily reflect the position or the policy of the U.S. Government and no official endorsement should be inferred. Thank You SSIMeetup.org
  34. 34. Questions? SSIMeetup.org
  35. 35. Trust Frameworks and SSI: An Interview with CULedger on the Credit Union MyCUID Trust Framework Drummond Reed with Rick Cranston, COO, and Julie Esser, Chief Engagement Officer of CULedger July, 2018 SSIMeetup.orghttps://creativecommons.org/licenses/by-sa/4.0/
  36. 36. Decentralized Key Management System (DKMS): An Essential Missing Piece of the Self-Sovereign Identity (SSI) Puzzle Drummond Reed @drummondreed Chief Trust Officer Evernym and Sovrin Foundation Trustee July 2018 Background photo: Christoph Scholz https://creativecommons.org/licenses/by-sa/2.0/

×