About sharing private claims


#1

I’ve been recently delving into the idea of private claims. Given that the global Sovrin ledger should be used mainly for storing entity identifiers and endpoints, I’m guessing many claims on different domains will be treated in a private way, to be transferred and verfied among agents directly. Is that right?

So, let’s say an institution needs to record proof of certain internal processes having been done. If I’m understanding the “spirit” of Sovrin correctly, then it does not make much sense to record all of those results on the Sovrin ledger… However, such institution might know beforehand that it’ll most probably need to share these claims with one or more relying parties at some point in the future. Now this is my question: How much sense does it make or how advisable it is that this institution creates these private claims and sends them directly to another agent? That would be something like an agent “recording” claims not on the ledger, but directly into another agent that is most surely to be interested in those particular claims.

Does this sound consistent and according to the actual Sovrin idea? Is there any other recommended route for solving the need for inter-agent private claim sharing?

(This can also be related to this topic)


#2

The behaviour that you describe would not really be consistent with Sovrin behaviour unless the identity owner had given the OK to the institution to share that data with 3rd parties.

Of course the institution can accumulate the data that they are provided with, and there’s nothing technically stopping them sharing it with anyone they want. But the institution would be in trouble from a GDPR perspective (in Europe) if they shared without permission.

The ideal Sovrin scenario is for the institution to execute the logic that they need to on the data provided. They should then retain as little of it as possible. They could delete it all (except the DID) and easily/quickly re-request it from the identity owner if they needed that info again.

If required to prove consent, or that they did receive the data (e.g. to show that they received the data they say they received and executed checks on it) they have a consent receipt which lets them do so.

For the 3rd party, they might find it advantageous to acquire the claims info directly from the identity owner rather than it coming 2nd hand from the institution. This of course can be easily achieved using Sovrin.


#3

Well, that is assuming that we’re talking about identity information for individuals. The original question does not specify the nature of the claims. It might really be anything. For this case, we’re referring to internal processes’ result that is (so far) only relevant to the institution and the relying party.

In such case, does it make sense for an entity (agent) to “store” a claim directly into another (relying party) agent via some push mechanism?

Moreover, is my view correct regarding the use of the Sovrin ledger only for storing identifiers and endpoints for individuals and institutions? Is there any other kind of information that is convenient to store on the public ledger (as long as it’s not disclosing any personal or sensitive data)?


#4

That’s an interesting question, and one that might make sense in certain use cases. The default assumption is usually that the issuer of the claim would want to keep a copy of the claim. However that is not required. If it is a public claim, the issuer could simply write it to the ledger and not keep a copy. If it is a private claim, the issuer could simply write it to the agent endpoint of the identity owner the claim applies to—and not keep a copy.

So there’s no requirement for the issuer to keep a copy. It comes down to the issuer’s own business rules.

Although the primary purpose of the Sovrin ledger is to store the essential data necessary for self-sovereign identity—IDs, keys, pointers, and proofs—there is not (yet) any rule in the Sovrin Trust Framework that says identity owners cannot write other public claims to the ledger.

However the issue is one of storage costs. If the Sovrin ledger is going to scale to trillions of identities (and Sovrin Foundation chair @phil has already calculated it will need to do that when you include all the people, organizations, and IoT things on the planet), it’s important that each of those identity records be as thin as possible.

So additional data that is not strictly required to establish and protect self-sovereign identities SHOULD be stored at agent endpoints (or other service endpoints) in a DDO. Those endpoints can expose cloud services or other storage options that should be able to handle “everything else”.

@phil and others on the Forum: do you agree? This is important, because we may need to capture this policy explicitly in the Sovrin Trust Framework.