Sovrin vs. uPort


#1

Over the last week I’ve invested some time to understand sovrin but today a colleague of mine pointed me to uPort (https://uport.me/#vision). On the face of it the vision appears quite similar. But, since uPort uses Ethereum, there’s at least a key difference in the use of a public ledger vs. a permissioned one.

Has anyone done a more in depth comparison of both systems?


#2

I have not had time to deeply check out uPort, Sovrin is quite a bit more familiar to me. Balanced comparison would probably be useful for many.


#3

A detailed comparison would require an entire white paper but I’ll highlight the major differences based on what I know about uPort from their white paper (quite good) and what we’ve learned by talking with Christian Lundkvist and his team at the Rebooting the Web of Trust meetings (they have been good contributors to the DID specification).

  • As noted already, uPort is based on Ethereum, a public permissionless ledger for smart contracts (in fact every uPort identity is implemented as at least two and usually three smart contracts). Sovrin is a public permissioned ledger for self-sovereign identity. So both the trust model and the incentive model are different.
  • RE the trust model, on Ethereum, anyone can run a ledger node, so trust in the network is entirely based on trust in the code (and the coders). With Sovrin, there is a thin layer of human governance provided by the Sovrin Foundation and the Sovrin Trust Framework, and nodes are only operated by trusted institutions, so trust is based on both people and code.
  • RE the incentive model, with Ethereum all transactions have an inherent cost. With Sovrin, there is no financial cost to identity transactions; the incentive is to maintain a positive reputation.
  • Since the Sovrin ledger is designed from the ground up for only one purpose—self-sovereign identity—identifiers are first-class objects (DIDs), and Sovrin is optimized to let you quickly map a DID to a DDO (DID descriptor object—a small JSON file) stored directly on the ledger. With uPort, identifiers are the address of a smart contract, and the DDO is stored off-ledger in IPFS.
  • Sovrin privacy architecture is designed so an identity owner can have as many DIDs as they will need to keep contextual separation of identities for privacy purposes. It’s not clear how uPort would accomplish this without significant costs to identity owners.
  • Sovrin, since it’s designed explicitly for privacy-respecting identity management, also supports revocable anonymous claims. Again, it’s not clear how uPort will provide such functionality.

I hope that helps. I encourage others who know uPort better to chime in.