Relationship between Sovrin and Evernym


#1

I’m concerned about the relationship between Everym and Sovrin. If Evernym built Sovrin, and they’re the ones posting most of the content on Sovrin.org, doesn’t that give them an unfair competitive advantage? I realize Evernym is the for-profit side but how does anyone know they don’t have access to protocols or APIs nobody else does? Microsoft has been sued for this in Federal Court several times. How do we know?


#2

Since Sovrin’s codebase is opensource under Apache Licence, there is no Sovrin API that only Evernym can access and no other can. The advantage Evernym has is the familiarity/understanding of the codebase, the ecosystem and identity in general.


#3

Disclaimer: I am one of two Evernym employees (Jason Law, CTO of Evernym and Chair of the Sovrin Technical Governance Board) that also serve as Sovrin Trustees.

First, both Jason and I (and the other Sovrin volunteers from Evernym, which includes at least 10 other people) fully understand your concern. It is far from the first time we have heard it. Since Sovrin was born at Evernym (and partially midwifed by Evernym’s acquisition of my former company, Respect Network), we have tried to be as diligent as we can at every step of the way to cleanly separate Evernym from Sovrin. Everything about Sovrin is designed to be a global public utility for self-sovereign identity governed by the Sovrin Foundation as an independent international non-profit organization.

Nothing is perfect, but let me just make the following points:

  1. First, the source code for Sovrin was donated by Evernym to the Sovrin Foundation, who then contributed it to the Linux Foundation to become Hyperledger Indy. So Indy is now a community open source project in the Hyperledger family, as open as Linux itself. It would be all but impossible for this code base to have any “hidden APIs”.
  2. Second, the Sovrin Foundation is a non-profit governed by 12 Trustees (and growing) from around the world. It also has it’s own Executive Director, CFO, and Strategy Director, none of whom have any ties to Evernym.
  3. Third, the legal foundation for the Sovrin Network is established by the Sovrin Trust Framework, a document produced by over 20 members of the Sovrin Trust Framework Working Group from around the world.
  4. Fourth, the Stewards that run the validator nodes of the Sovrin ledger are individually qualified and approved by the Sovrin Board of Trustees. Evernym is only one of 11 stewards already live on the network, and there are a dozen more in the approval pipeline.
  5. Lastly, Sovrin is entirely based on open standards. Evernym is just one of at least a half-dozen companies, including Blockstack, uPort, Gem, Microsoft, and Digital Bazaar, contributing to the DID specification at the W3C Credentials Community Group. And Evernym is only one of at least 40 companies contributing to the W3C Verifiable Claims Working Group.

Finally, although Evernym has helped in the early days to support Sovrin financially—out of our enlightened self-interest to help Sovrin become a global public utility on top of which we can offer products and services—it is a major goal of the Sovrin Foundation to achieve financial independence as soon as possible. Please see this blog post from Sovrin Foundation chair Phil Windley for a summary of his plan to do this.

I hope this helps,

=Drummond


#4

Rule #1: There is ALWAYS a back door
Rule #2: No volume of explanation or blog posting will ever change Rule #1

Evernym and Sovrin (same thing) would be the ones who would know where the back doors are.


#5

So, find it. The code is open source. And if you argue it isn’t in the code, then you need to explain the mechanism for operating a backdoor that doesn’t appear in the code.

Sovrin Foundation and Evernym are separate organizations with separate leadership and different goals.


#6

You’re missing the point Phil. The backdoor isn’t always in the code, it’s also in the people. Most posts here are from Evernym employees. It looks like Sovrin is Evernym and Evernym is Sovrin. Conflict of interest? Unfair competitive advantage?


#7

My company Danube Tech also uses and contributes to Sovrin, but is not Evernym.


#8

I think the point is being confused by our lack of agreement about terminology. A backdoor isn’t the same thing as a conflict of interest which isn’t the same thing as unfair advantage.

When you say “backdoor” most people are going to think you mean “… a method, often secret, of bypassing normal authentication or encryption in a computer system, a product, or an embedded device (e.g. a home router), or its embodiment, e.g. as part of a cryptosystem, an algorithm, a chipset, or a “homunculus computer”[1] (such as that as found in Intel’s AMT technology). Backdoors are often used for securing remote access to a computer, or obtaining access to plaintext in cryptographic systems.” Wikipedia

That’s certainly how I interpreted it and hence my answer.

As for conflict of interest, there are several places where a conflict of interest is possible and we’re trying to be public about those. I have no relationship with Evernym, financial or otherwise. Similarly for 10 of the 12 board members who are not Evernym employees. The two who are not allowed to vote on issues that impact the relationship between Evernym and Sovrin.

My only interest in Evernym’s success is to the extent it impacts the success of Sovrin itself. At present that is admittedly large…too large. We have an active program to reduce Sovrin’s dependence on Evernym. That isn’t something that can happen overnight, but is our plan and strategy.

As for unfair competitive advantage, that’s always a problem when one company has outsized influence. The best way to deal with it is to reduce the influence which, as I’ve stated above, we’re working to do.

Others can help by getting involved in the open source projects, joining working groups, and continuing to work with us as we move toward complete autonomy. If we were actively working to protect or extend Evernym’s influence over Sovrin, then such efforts would be a waste of time. But we are sincerely working to make Sovrin independent. So, anything you can do yo help will help and we’d be grateful for it.


#9

I’m a complete beginner with Sovrin, and I’m trying to find information. One of the first things I read was the Identity for All which mentions sovrin.slack.com. So far, so good… except the Slack page says:

If you have an ©respect.network, ©evernym.us or ©evernym.com email address, you can create an account.

[I replaced @ signs with © signs because of a Discourse limitation on new users.]

I don’t know how long it has been this way (I hope it’s only recent), but that sounds like an awful bug in the opening plan and strategy mentionned by @phil. Since you mentionned Danube Tech is involved too, @peacekeeper, how do you guys sign in on Slack?

Maybe I’m missing an easier way to get involved, sorry if that is the case.


#10

As far as I know, we don’t control the messaging on the Slack page. That’s determined by preferences on corporate email addresses. So what that says is true, but it’s not the only way to get a Slack account. It’s simply done that way for convenience of many people using the Slack.

Anyone can get a Sovrin slack account here.


#11

Hi. New here and looking to have some great conversations and learn.
I understand that Sovrin and Evernym share roots but now legally and financially independent.

Then I read this: https://www.crowdfundinsider.com/2018/01/127673-r3-partners-evernym-identity-management-financial-services/ which I thought was great since there’s a lot more force behind ensuring interoperability among DID’s. At the same time, it made me wonder why R3 would partner/work with Evernym, and not Sovrin for the test. If I take a skeptic’s view, I might guess it’s because either

  1. folks at Evernym know best?
  2. Evernym and Sovrin were not separate at the time?

Would be interested to hear Sovrin’s answer. Thanks!


#12

Sovrin Foundation is an independent organization. The vision for the Sovrin Foundation is “Identity for All”. Thus its mission is to enable access to permanent digital identity for all—both people and organizations—by building, administering, and promoting a decentralized, public, global identity utility.

Evernym designed and built the code for Sovrin and donated it to the Foundation. Evernym’s business is helping organizations and people leverage Sovrin’s capabilities. They do this by building software that works on the Sovrin Network and consulting with organizations about using Sovrin.

So, it makes sense for an organization like R3 to work with Evernym, or some other company who’s business is building on the Sovrin Network since they can help do the work. The Foundation isn’t in the business of hiring itself out to other organizations to get them on the Network. Rather we work on standards, help Sovrin Stewards with their operational questions, and manage the open source code.

In time, other organizations will also offer services and products that use the Sovrin Network. There are several consultancies besides Evernym that do that now.