Why use cloud agents instead of edge agents?

Hi all,

For my master thesis I’m looking into the various ways in which SSI (or, more specifically, attribute based credentials) can be implemented from the perspective of the GDPR. Although there’s a lot of information available on sovrin.org, there’s one question that I can’t find the answer of: Considering the existence of edge agents, why does Sovrin (additionally?) make use of cloud agents?

To me, it feels like that as a user, you’d want to keep your ‘Sovrin wallet’ as close to yourself as reasonably possible. For instance, by using a wallet app on your mobile phone or laptop. After all, Sovrin is about self sovereign identity. By using a cloud agent, a user essentially outsources the management of his wallet (or at least the underlying infrastructure) to a trusted third-party. By doing so, I suppose the user basically gives up some of his self sovereignty as usage of his credentials now relies on the cloud agency – at least to some extent.

So why has Sovrin introduced the concept of cloud agents? Is there a technical reason for this, or do situations exist in which cloud agents are preferred over edge agents?

I look forward to reading your responses!

Best regards,
Ruben

1 Like

There is both a technical reason and a business reason.

Technically, mobile apps do not have the ability to receive messages. They are a client in a client/server model. As such, there needs to be a “server” component - a cloud agent. Notifications can be used, but they come through the mobile platform (Google or Apple), not via messages between agents. Under the covers, the cloud agent sends messages to the mobile agent in the response to requests to the cloud agent.

A second technical reason for the cloud agent is that it provides a persistent endpoint that is available at all times - not just when the mobile agent is online. It can therefore queue up messages for the mobile agent. Note that in both of these cases, the cloud agent can’t read the messages for the mobile agent - they are just passing the messages along.

From a business perspective, an enterprise will have it’s edge agent (the agent that is tied to the identity of the enterprise) as a cloud agent with business rules around how the agent is managed. A cloud agent (for a person or an enterprise) can be configured to automatically handle some sorts of messages.

Another business reason is that a person might use an Agency as an endpoint for all it’s messages, as would many other people, and an outside observer would not be able to tell for whom specific messages are being sent. This is called “herd privacy” or “hiding in a crowd”.

1 Like

Hello @swcurran, thank you for taking time to respond! Your explaination makes a lot of sense.

So, a cloud agent offers high availability, and blindly forwards messages from one edge agent to another. Before reading your reply, I was under the impression that a cloud agent is also (pretty much always) used to store a Holder’s credentials. I like reading that this is not necessarily the case, and that Holders can decide for themselves which agents (and what type of agents) they want use.

Thanks again!

Kind regards,
Ruben