Store private DIDs on or off ledger?


#1

Hello guys,

currently we are trying to understand the onboarding process of the hyperledger indy walkthrough tutorial. (Hyperledger Indy Walkthrough)
We used the following sequence diagram to understand whats going on the first part of the onboarding process (establashing a secure connection between faber and steward).

We are facing problems understanding why the steward, after creating a DID and verificationkey(public Key) for Faber, stores the verificationKey(public Key) on the Ledger. He only sends the created DID so Faber can get the public key afterwards, querying the ledger with this DID.

Why is it necessary to store the verification key on the ledger? The Steward could also send the verification key to Faber directly with the connection request.

There are recommendations for storing the private DIDs for different relationships not on the ledger. Escpecially regarding scaling issues.
(Sovrin Document: What goes on the ledger)
…Keeping private DIDs off the Sovrin public ledger has one other massive advantage: scale…)

But in the hyperledger indy walkthrough, the process contains storing these informations on the ledger.

What are the pros and cons for storing private DIDs off and on ledger?
Should we store the private DIDs with verification keys on or off ledger?

Greetings from Germany


#2

Hi Martin,

Thanks for asking this great question. I understand how confusing the learning process can be, and this isn’t made easier as our documentation is slowly becoming outdated as our thinking progresses.

The short answer to your question is that a DID and verkey is only written to the ledger when an entity wants to verify to others that it is a trusted party. All other private, pairwise DIDs go into agent wallets.

When Faber and the Steward connect, they will each create a new did:verkey pair to represent their unique, pairwise relationship. This is a private DID and is not written to the ledger. You can learn more about this relationship in https://github.com/hyperledger/indy-hipe/tree/master/text/0031-connection-protocol.

The Sovrin Steward has a DID on the ledger which is used to sign credentials. It is separate from the did:verkey that the Sovrin steward creates to connect with Faber College.

We need to change the wording and code in the Indy Walkthrough to be clear about that last part. You are correct that the steward would send the pairwise verkey and did directly to Faber. Once they have connected, our current thinking is that Faber can then request a credential presentation from the Sovrin steward to verify their authenticity as the transaction endorser on the ledger. They will build their trust of each other once connected through credentials exchange.

tl;dr: Store private pairwise DIDs and verkey off ledger in digital wallets. Write public DIDs and verkeys to the ledger when issuing credentials.

I hope this makes it slightly clearer, are there any parts that still don’t quite make sense?

I’ll update this answer as I get corrected by others more knowledgeable than me :slight_smile:


#3

I agree with the previous answer, and just wanted to add an additional reference for those who are interested. Management of off-ledger DIDs is described in the peer DID method spec at https://openssi.github.io/peer-did-method-spec/index.html. Sovrin does not use such DIDs right now, since their spec was written a year after the Hyperledger Indy Walkthrough. However, we will likely reference the peer DID spec in a future update.