I’m concerned about the relationship between Everym and Sovrin. If Evernym built Sovrin, and they’re the ones posting most of the content on Sovrin.org, doesn’t that give them an unfair competitive advantage? I realize Evernym is the for-profit side but how does anyone know they don’t have access to protocols or APIs nobody else does? Microsoft has been sued for this in Federal Court several times. How do we know?
Since Sovrin’s codebase is opensource under Apache Licence, there is no Sovrin API that only Evernym can access and no other can. The advantage Evernym has is the familiarity/understanding of the codebase, the ecosystem and identity in general.
Disclaimer: I am one of two Evernym employees (Jason Law, CTO of Evernym and Chair of the Sovrin Technical Governance Board) that also serve as Sovrin Trustees.
First, both Jason and I (and the other Sovrin volunteers from Evernym, which includes at least 10 other people) fully understand your concern. It is far from the first time we have heard it. Since Sovrin was born at Evernym (and partially midwifed by Evernym’s acquisition of my former company, Respect Network), we have tried to be as diligent as we can at every step of the way to cleanly separate Evernym from Sovrin. Everything about Sovrin is designed to be a global public utility for self-sovereign identity governed by the Sovrin Foundation as an independent international non-profit organization.
Nothing is perfect, but let me just make the following points:
- First, the source code for Sovrin was donated by Evernym to the Sovrin Foundation, who then contributed it to the Linux Foundation to become Hyperledger Indy. So Indy is now a community open source project in the Hyperledger family, as open as Linux itself. It would be all but impossible for this code base to have any “hidden APIs”.
- Second, the Sovrin Foundation is a non-profit governed by 12 Trustees (and growing) from around the world. It also has it’s own Executive Director, CFO, and Strategy Director, none of whom have any ties to Evernym.
- Third, the legal foundation for the Sovrin Network is established by the Sovrin Trust Framework, a document produced by over 20 members of the Sovrin Trust Framework Working Group from around the world.
- Fourth, the Stewards that run the validator nodes of the Sovrin ledger are individually qualified and approved by the Sovrin Board of Trustees. Evernym is only one of 11 stewards already live on the network, and there are a dozen more in the approval pipeline.
- Lastly, Sovrin is entirely based on open standards. Evernym is just one of at least a half-dozen companies, including Blockstack, uPort, Gem, Microsoft, and Digital Bazaar, contributing to the DID specification at the W3C Credentials Community Group. And Evernym is only one of at least 40 companies contributing to the W3C Verifiable Claims Working Group.
Finally, although Evernym has helped in the early days to support Sovrin financially—out of our enlightened self-interest to help Sovrin become a global public utility on top of which we can offer products and services—it is a major goal of the Sovrin Foundation to achieve financial independence as soon as possible. Please see this blog post from Sovrin Foundation chair Phil Windley for a summary of his plan to do this.
I hope this helps,
Rule #1: There is ALWAYS a back door
Rule #2: No volume of explanation or blog posting will ever change Rule #1
Evernym and Sovrin (same thing) would be the ones who would know where the back doors are.
So, find it. The code is open source. And if you argue it isn’t in the code, then you need to explain the mechanism for operating a backdoor that doesn’t appear in the code.
Sovrin Foundation and Evernym are separate organizations with separate leadership and different goals.
You’re missing the point Phil. The backdoor isn’t always in the code, it’s also in the people. Most posts here are from Evernym employees. It looks like Sovrin is Evernym and Evernym is Sovrin. Conflict of interest? Unfair competitive advantage?
I think the point is being confused by our lack of agreement about terminology. A backdoor isn’t the same thing as a conflict of interest which isn’t the same thing as unfair advantage.
When you say “backdoor” most people are going to think you mean “… a method, often secret, of bypassing normal authentication or encryption in a computer system, a product, or an embedded device (e.g. a home router), or its embodiment, e.g. as part of a cryptosystem, an algorithm, a chipset, or a “homunculus computer” (such as that as found in Intel’s AMT technology). Backdoors are often used for securing remote access to a computer, or obtaining access to plaintext in cryptographic systems.” Wikipedia
That’s certainly how I interpreted it and hence my answer.
As for conflict of interest, there are several places where a conflict of interest is possible and we’re trying to be public about those. I have no relationship with Evernym, financial or otherwise. Similarly for 10 of the 12 board members who are not Evernym employees. The two who are not allowed to vote on issues that impact the relationship between Evernym and Sovrin.
My only interest in Evernym’s success is to the extent it impacts the success of Sovrin itself. At present that is admittedly large…too large. We have an active program to reduce Sovrin’s dependence on Evernym. That isn’t something that can happen overnight, but is our plan and strategy.
As for unfair competitive advantage, that’s always a problem when one company has outsized influence. The best way to deal with it is to reduce the influence which, as I’ve stated above, we’re working to do.
Others can help by getting involved in the open source projects, joining working groups, and continuing to work with us as we move toward complete autonomy. If we were actively working to protect or extend Evernym’s influence over Sovrin, then such efforts would be a waste of time. But we are sincerely working to make Sovrin independent. So, anything you can do yo help will help and we’d be grateful for it.
I’m a complete beginner with Sovrin, and I’m trying to find information. One of the first things I read was the Identity for All which mentions sovrin.slack.com. So far, so good… except the Slack page says:
[I replaced @ signs with © signs because of a Discourse limitation on new users.]
I don’t know how long it has been this way (I hope it’s only recent), but that sounds like an awful bug in the opening plan and strategy mentionned by @phil. Since you mentionned Danube Tech is involved too, @peacekeeper, how do you guys sign in on Slack?
Maybe I’m missing an easier way to get involved, sorry if that is the case.
As far as I know, we don’t control the messaging on the Slack page. That’s determined by preferences on corporate email addresses. So what that says is true, but it’s not the only way to get a Slack account. It’s simply done that way for convenience of many people using the Slack.
Anyone can get a Sovrin slack account here.