Drummond Reed, Chief Trust Officer at Evernym and Sovrin Foundation Trustee, features in this Webinar "Decentralized Key Management (DKMS): An Essential Missing Piece of the SSI Puzzle". If you can't manage the keys for your DIDs (Decentralized Identifiers), then the SSI engine will never get started. That's why DKMS (Decentralized Key Management System) is one of the core open standards in the DID "stack". DKMS inverts a core assumption of conventional PKI (public key infrastructure) architecture, namely that public key certificates will be issued by centralized or federated certificate authorities (CAs). With DKMS, the initial "root of trust" for all participants is any blockchain or distributed ledger that supports DIDs. This webinar will explain why we need DKMS, what a DKMS-compatible identity wallet looks like, how DKMS can solve some longstanding problems in wallet backup and recovery, and where DKMS is headed for standardization.

1. Decentralized Key Management System
(DKMS): An Essential Missing Piece of
the Self-Sovereign Identity (SSI) Puzzle
Drummond Reed @drummondreed
Chief Trust Officer Evernym and Sovrin Foundation Trustee
July 2018
Background photo: Christoph Scholz https://creativecommons.org/licenses/by-sa/2.0/

2. Three Models of
Digital Identity
SSIMeetup.org

3. #1: Siloed (Centralized) Identity
OrgYou
Account
Standards:
SSIMeetup.org

4. #2: Third-Party IDP (Federated) Identity
Standards:
OrgYou IDPAccount
SSIMeetup.org

5. #3: Self-Sovereign Identity (SSI)
PeerYou
Distributed Ledger (Blockchain)
Connection
SSIMeetup.org

6. #3: Self-Sovereign Identity (SSI)
Peer
Distributed Ledger (Blockchain)
Connection
Issue credential
Verify credential
Digital
wallet
#1
DIDs
#3 DID Auth
#4 Verifiable
Credentials
#2
DKMS
SSIMeetup.org

7. Emerging Open Standards for SSI
DID (Decentralized Identifier)
DKMS (Decentralized Key
Management System)
DID Auth
Verifiable Credentials
SSIMeetup.org

8. What is a DID?
SSIMeetup.org

9. did:sov:3k9dg356wdcj5gf2k9bw8kfg7a
047d599d4521480d9e1919481b024f29d2693f27
2d19473dbef971d7d529f6e9
Private
Key
Public
Key
cc2cd0ffde594d278c2d9b432f4748506a7f9f251
41e485eb84bc188382019b6
SSIMeetup.org

10. 10 SSIMeetup.org

11. 11
You will not have just one DID.
You will have thousands.
One per relationship.
SSIMeetup.org

12. 12
Each one will give you a
lifetime encrypted private channel
with another person, organization,
or thing
SSIMeetup.org

13. 13
So how will you manage all those
DIDs and private keys?
And what will you do
if you lose them?
SSIMeetup.org

14. Introducing DKMS
SSIMeetup.org

15. 15
DKMS (Decentralized Key
Management System) is an
emerging open standard
for managing your DIDs and
private keys
SSIMeetup.org

16. 16
DKMS applies to the wallets
where you store your DIDs
and private keys and to the
agents that read/write from
those wallets
SSIMeetup.org

17. 17
The whole idea of DKMS is to
standardize wallets so you
never have to worry about
security, privacy, or vendor
lock-in
SSIMeetup.org

18. DID Layer
The decentralized identity stack
Identity Owners
Cloud LayerCloud Wallet Cloud Wallet
Cloud Agent Cloud Agent
Edge Layer
Edge Wallet Edge Wallet
Edge Agent Edge Agent
DKMS DKMS
DKMS DKMS
SSIMeetup.org

19. What goes in a
DKMS Wallet?
SSIMeetup.org

20. 20
#1: DIDs
#2: Key Pairs
#3: Endpoints
#4: Link Secrets
#5: Credentials
#6: Tokens
SSIMeetup.org

21. 21
One of the primary reasons
for cloud agents is to make
it easy for you to have
multiple DKMS wallets
across different devices
SSIMeetup.org

22. 22
The other primary reason is
backup and recovery
SSIMeetup.org

23. DKMS Key Recovery
SSIMeetup.org

24. 24
DKMS key recovery supports both
offline recovery (“paper wallet”)
and social recovery (“trustee”)
methods
SSIMeetup.org

25. 25
Both are based on cloud agents
continuously storing a backup copy
of your wallet encrypted with a
special recovery key
SSIMeetup.org

26. DID Layer
The decentralized identity stack
Identity Owners
Cloud LayerCloud Wallet Cloud Wallet
Cloud Agent Cloud Agent
Edge Layer
Edge Wallet Edge Wallet
Edge Agent Edge Agent
SSIMeetup.org

27. 27
Offline recovery lets you backup
your recovery key using paper or
“cold storage” hardware
SSIMeetup.org

28. 28
Social recovery lets you shard your
recovery key into pieces that you
share with your choice of trustees
SSIMeetup.org

29. DKMS
Standardization

30. How did DKMS happen?
1. Conceived in 2016 by Evernym as part of
our initial contract with U.S. Dept of
Homeland Security S&T to develop DIDs
2. DKMS Design and Architecture
developed over a 1-year contract w/DHS
3. Published in Hyperledger Indy repo for
announcement at IIW #26 in April 2017
30 SSIMeetup.org

31. 31
The initial DKMS architecture is
now in open public review in the
Hyperledger Indy github:
http://bit.ly/dkmsv3
SSIMeetup.org

32. 32
The plan is to form a DKMS
Technical Committee at OASIS,
currently the home of the KMIP
(Key Management Interoperability
Protocol) open standard
SSIMeetup.org

33. 33
Work on the DID specification has been funded in part
by a Small Business Innovation Research (SBIR) grant
from the U.S. Department of Homeland Security
Science and Technology Directorate.
The content of this specification does not necessarily
reflect the position or the policy of the U.S. Government
and no official endorsement should be inferred.
Thank You
SSIMeetup.org

34. Questions?
SSIMeetup.org

35. Trust Frameworks and SSI:
An Interview with CULedger on the
Credit Union MyCUID Trust Framework
Drummond Reed with Rick Cranston, COO, and Julie Esser, Chief
Engagement Officer of CULedger
July, 2018
SSIMeetup.orghttps://creativecommons.org/licenses/by-sa/4.0/

36. Decentralized Key Management System
(DKMS): An Essential Missing Piece of
the Self-Sovereign Identity (SSI) Puzzle
Drummond Reed @drummondreed
Chief Trust Officer Evernym and Sovrin Foundation Trustee
July 2018
Background photo: Christoph Scholz https://creativecommons.org/licenses/by-sa/2.0/