Using Sovrin For Petitions


#1

Hey Sovrin team,

I’m working on a class project to use a local Sovrin Network to create a petition system for UMD students. I’m very new to Sovrin and just wanted to see if my understanding is correct and ask for some pointers for the next steps.

The current plan is to

  1. Make the School a Trust Anchor and Agent
  2. Use the schools authentication system to let students create an DID with the school.
  3. School then Signs a claim that they are a student.
  4. Students can then “sign” petitions by creating a new DID with a petition and provide their claim from the school.

Does this make sense? Am I missing something?

Thanks!
Willem


#2

Willem: This sounds like a very reasonable plan. All your steps make sense to me.


#3

Thanks Daniel,

Do you have any advice for making an Agent? Should I make them use a password and encrypt their wallets?

Thanks!
Willem


#4

Yes, agents should have an encrypted wallet that’s unlocked with some sort of secret. A password is a weak form of secret, but it may be okay for certain use cases.

You should be able to take the sample python agents used by the Getting Started workflow, and modify them slightly to get what you are after. For example, the Faber College agent could become your school agent.


#5

Thanks I’ll look into it Faber. I guess I’m still just stuck with what to do about key management. Barring a mobile app, what other secret could they use besides a password?

Thanks!


#6

The libindy functions for a wallet allow a parameter that locks and unlocks a wallet. You can think of this as a password, and I think you should for your use case.

As you pointed out, if we’re talking about a mobile app, the secret that does the unlocking could come from a secure enclave, guarded by a biometric. That would obviously be stronger. It is also possible to conceive of schemes where a very strong secret (passphrase, 256-bit random entropy, etc) is sharded among many parties and reconstituted to unlock something, as opposed to treating the secret like a simple password.


#7

Thanks! This all sounds very doable and I am excited to see working.