Hyperledger INDY provides tools, libraries, and reusable components for providing digital identities rooted on blockchains or other distributed ledgers so that they are interoperable across administrative domains, applications, and any other silo. Indy is interoperable with other blockchains or can be used standalone powering the decentralization of identity.
Why INDY?
Internet identity is broken. There are too many anti-patterns and too many privacy breaches. Too many legitimate business cases are poorly served by current solutions. Many have proposed distributed ledger technology as a solution, however building decentralized identity on top of distributed ledgers that were designed to support something else (cryptocurrency or smart contracts, for example) leads to compromises and short-cuts. Indy provides Hyperledger projects and other distributed ledger systems with a first-class decentralized identity system.
INDY’S Features
The most important feature of a decentralized identity system is trust. As I wrote in A Universal Trust Framework, INDY “provides accessible provenance for trust transactions. Provenance is the foundation of accountability through recourse.” Not only can INDY support user-controlled exchange of verifiable claims about an identifier, it also has a rock-solid revocation model for cases where those claims are no longer true. Verifiable claims are a key component of INDY’S ability to serve as a universal platform for exchanging trustworthy claims about identifiers.
Another vital feature of decentralized identity—especially for a public ledger—is privacy. Privacy by Design is baked deep into INDY architecture as reflected by three fundamental features:
First, identifiers on INDY are pairwise unique and pseudonymous by default to prevent correlation. INDY is the first Distributed Ledger Technology to be designed around Decentralized Identifiers (DIDs) as the primary keys on the ledger. DIDs are a new type of digital identifier that were invented to enable long-term digital identities that don’t require centralized registry services. DIDs can be verified using cryptography, enabling a digital “web of trust.” DIDs on the ledger point to DID Descriptor Objects (DDOs), signed JSON objects that can contain public keys and service endpoints for a given identifier. DIDs are a critical component of INDY’S pairwise identifier architecture. Second, personal data is never written to the ledger. Rather all private data is exchanged over peer-to-peer encrypted connections between off-ledger agents. The ledger is only used for anchoring rather than publishing encrypted data.
Third, INDY includes built-in support for zero-knowledge proofs (ZKP) to prevent unnecessary disclosure of identity attributes—a privacy-preserving technology that a public ledger for decentralized identity now makes possible at scale.
INDY is all about giving identity owners independent control of their personal data and relationships. Indy is built so that the owner of the identity is structurally part of transactions made about that identity. Pairwise identifiers not only prevent correlation, but they stop third parties from transacting without the identity owner taking part since the identity owner is the only place pairwise identifiers can be correlated.