Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Decentralized Key Management System
(DKMS): An Essential Missing Piece of
the Self-Sovereign Identity (SSI) Puzzle
Drummon...
Three Models of
Digital Identity
SSIMeetup.org
#1: Siloed (Centralized) Identity
OrgYou
Account
Standards:
SSIMeetup.org
#2: Third-Party IDP (Federated) Identity
Standards:
OrgYou IDPAccount
SSIMeetup.org
#3: Self-Sovereign Identity (SSI)
PeerYou
Distributed Ledger (Blockchain)
Connection
SSIMeetup.org
#3: Self-Sovereign Identity (SSI)
Peer
Distributed Ledger (Blockchain)
Connection
Issue credential
Verify credential
Digit...
Emerging Open Standards for SSI
DID (Decentralized Identifier)
DKMS (Decentralized Key
Management System)
DID Auth
Verifia...
What is a DID?
SSIMeetup.org
did:sov:3k9dg356wdcj5gf2k9bw8kfg7a
047d599d4521480d9e1919481b024f29d2693f27
2d19473dbef971d7d529f6e9
Private
Key
Public
Ke...
10 SSIMeetup.org
11
You will not have just one DID.
You will have thousands.
One per relationship.
SSIMeetup.org
12
Each one will give you a
lifetime encrypted private channel
with another person, organization,
or thing
SSIMeetup.org
13
So how will you manage all those
DIDs and private keys?
And what will you do
if you lose them?
SSIMeetup.org
Introducing DKMS
SSIMeetup.org
15
DKMS (Decentralized Key
Management System) is an
emerging open standard
for managing your DIDs and
private keys
SSIMeet...
16
DKMS applies to the wallets
where you store your DIDs
and private keys and to the
agents that read/write from
those wal...
17
The whole idea of DKMS is to
standardize wallets so you
never have to worry about
security, privacy, or vendor
lock-in
...
DID Layer
The decentralized identity stack
Identity Owners
Cloud LayerCloud Wallet Cloud Wallet
Cloud Agent Cloud Agent
Ed...
What goes in a
DKMS Wallet?
SSIMeetup.org
20
#1: DIDs
#2: Key Pairs
#3: Endpoints
#4: Link Secrets
#5: Credentials
#6: Tokens
SSIMeetup.org
21
One of the primary reasons
for cloud agents is to make
it easy for you to have
multiple DKMS wallets
across different d...
22
The other primary reason is
backup and recovery
SSIMeetup.org
DKMS Key Recovery
SSIMeetup.org
24
DKMS key recovery supports both
offline recovery (“paper wallet”)
and social recovery (“trustee”)
methods
SSIMeetup.org
25
Both are based on cloud agents
continuously storing a backup copy
of your wallet encrypted with a
special recovery key
...
DID Layer
The decentralized identity stack
Identity Owners
Cloud LayerCloud Wallet Cloud Wallet
Cloud Agent Cloud Agent
Ed...
27
Offline recovery lets you backup
your recovery key using paper or
“cold storage” hardware
SSIMeetup.org
28
Social recovery lets you shard your
recovery key into pieces that you
share with your choice of trustees
SSIMeetup.org
DKMS
Standardization
How did DKMS happen?
1. Conceived in 2016 by Evernym as part of
our initial contract with U.S. Dept of
Homeland Security S...
31
The initial DKMS architecture is
now in open public review in the
Hyperledger Indy github:
http://bit.ly/dkmsv3
SSIMeet...
32
The plan is to form a DKMS
Technical Committee at OASIS,
currently the home of the KMIP
(Key Management Interoperabilit...
33
Work on the DID specification has been funded in part
by a Small Business Innovation Research (SBIR) grant
from the U.S...
Questions?
SSIMeetup.org
Trust Frameworks and SSI:
An Interview with CULedger on the
Credit Union MyCUID Trust Framework
Drummond Reed with Rick Cr...
Decentralized Key Management System
(DKMS): An Essential Missing Piece of
the Self-Sovereign Identity (SSI) Puzzle
Drummon...
Upcoming SlideShare
Loading in …5
×

Decentralized Key Management (DKMS): An Essential Missing Piece of the SSI Puzzle - Drummond Reed

Drummond Reed, Chief Trust Officer at Evernym and Sovrin Foundation Trustee, features in this Webinar "Decentralized Key Management (DKMS): An Essential Missing Piece of the SSI Puzzle". If you can't manage the keys for your DIDs (Decentralized Identifiers), then the SSI engine will never get started. That's why DKMS (Decentralized Key Management System) is one of the core open standards in the DID "stack".

DKMS inverts a core assumption of conventional PKI (public key infrastructure) architecture, namely that public key certificates will be issued by centralized or federated certificate authorities (CAs). With DKMS, the initial "root of trust" for all participants is any blockchain or distributed ledger that supports DIDs. This webinar will explain why we need DKMS, what a DKMS-compatible identity wallet looks like, how DKMS can solve some longstanding problems in wallet backup and recovery, and where DKMS is headed for standardization.

Decentralized Key Management (DKMS): An Essential Missing Piece of the SSI Puzzle - Drummond Reed

  1. 1. Decentralized Key Management System (DKMS): An Essential Missing Piece of the Self-Sovereign Identity (SSI) Puzzle Drummond Reed @drummondreed Chief Trust Officer Evernym and Sovrin Foundation Trustee July 2018 Background photo: Christoph Scholz https://creativecommons.org/licenses/by-sa/2.0/
  2. 2. Three Models of Digital Identity SSIMeetup.org
  3. 3. #1: Siloed (Centralized) Identity OrgYou Account Standards: SSIMeetup.org
  4. 4. #2: Third-Party IDP (Federated) Identity Standards: OrgYou IDPAccount SSIMeetup.org
  5. 5. #3: Self-Sovereign Identity (SSI) PeerYou Distributed Ledger (Blockchain) Connection SSIMeetup.org
  6. 6. #3: Self-Sovereign Identity (SSI) Peer Distributed Ledger (Blockchain) Connection Issue credential Verify credential Digital wallet #1 DIDs #3 DID Auth #4 Verifiable Credentials #2 DKMS SSIMeetup.org
  7. 7. Emerging Open Standards for SSI DID (Decentralized Identifier) DKMS (Decentralized Key Management System) DID Auth Verifiable Credentials SSIMeetup.org
  8. 8. What is a DID? SSIMeetup.org
  9. 9. did:sov:3k9dg356wdcj5gf2k9bw8kfg7a 047d599d4521480d9e1919481b024f29d2693f27 2d19473dbef971d7d529f6e9 Private Key Public Key cc2cd0ffde594d278c2d9b432f4748506a7f9f251 41e485eb84bc188382019b6 SSIMeetup.org
  10. 10. 10 SSIMeetup.org
  11. 11. 11 You will not have just one DID. You will have thousands. One per relationship. SSIMeetup.org
  12. 12. 12 Each one will give you a lifetime encrypted private channel with another person, organization, or thing SSIMeetup.org
  13. 13. 13 So how will you manage all those DIDs and private keys? And what will you do if you lose them? SSIMeetup.org
  14. 14. Introducing DKMS SSIMeetup.org
  15. 15. 15 DKMS (Decentralized Key Management System) is an emerging open standard for managing your DIDs and private keys SSIMeetup.org
  16. 16. 16 DKMS applies to the wallets where you store your DIDs and private keys and to the agents that read/write from those wallets SSIMeetup.org
  17. 17. 17 The whole idea of DKMS is to standardize wallets so you never have to worry about security, privacy, or vendor lock-in SSIMeetup.org
  18. 18. DID Layer The decentralized identity stack Identity Owners Cloud LayerCloud Wallet Cloud Wallet Cloud Agent Cloud Agent Edge Layer Edge Wallet Edge Wallet Edge Agent Edge Agent DKMS DKMS DKMS DKMS SSIMeetup.org
  19. 19. What goes in a DKMS Wallet? SSIMeetup.org
  20. 20. 20 #1: DIDs #2: Key Pairs #3: Endpoints #4: Link Secrets #5: Credentials #6: Tokens SSIMeetup.org
  21. 21. 21 One of the primary reasons for cloud agents is to make it easy for you to have multiple DKMS wallets across different devices SSIMeetup.org
  22. 22. 22 The other primary reason is backup and recovery SSIMeetup.org
  23. 23. DKMS Key Recovery SSIMeetup.org
  24. 24. 24 DKMS key recovery supports both offline recovery (“paper wallet”) and social recovery (“trustee”) methods SSIMeetup.org
  25. 25. 25 Both are based on cloud agents continuously storing a backup copy of your wallet encrypted with a special recovery key SSIMeetup.org
  26. 26. DID Layer The decentralized identity stack Identity Owners Cloud LayerCloud Wallet Cloud Wallet Cloud Agent Cloud Agent Edge Layer Edge Wallet Edge Wallet Edge Agent Edge Agent SSIMeetup.org
  27. 27. 27 Offline recovery lets you backup your recovery key using paper or “cold storage” hardware SSIMeetup.org
  28. 28. 28 Social recovery lets you shard your recovery key into pieces that you share with your choice of trustees SSIMeetup.org
  29. 29. DKMS Standardization
  30. 30. How did DKMS happen? 1. Conceived in 2016 by Evernym as part of our initial contract with U.S. Dept of Homeland Security S&T to develop DIDs 2. DKMS Design and Architecture developed over a 1-year contract w/DHS 3. Published in Hyperledger Indy repo for announcement at IIW #26 in April 2017 30 SSIMeetup.org
  31. 31. 31 The initial DKMS architecture is now in open public review in the Hyperledger Indy github: http://bit.ly/dkmsv3 SSIMeetup.org
  32. 32. 32 The plan is to form a DKMS Technical Committee at OASIS, currently the home of the KMIP (Key Management Interoperability Protocol) open standard SSIMeetup.org
  33. 33. 33 Work on the DID specification has been funded in part by a Small Business Innovation Research (SBIR) grant from the U.S. Department of Homeland Security Science and Technology Directorate. The content of this specification does not necessarily reflect the position or the policy of the U.S. Government and no official endorsement should be inferred. Thank You SSIMeetup.org
  34. 34. Questions? SSIMeetup.org
  35. 35. Trust Frameworks and SSI: An Interview with CULedger on the Credit Union MyCUID Trust Framework Drummond Reed with Rick Cranston, COO, and Julie Esser, Chief Engagement Officer of CULedger July, 2018 SSIMeetup.orghttps://creativecommons.org/licenses/by-sa/4.0/
  36. 36. Decentralized Key Management System (DKMS): An Essential Missing Piece of the Self-Sovereign Identity (SSI) Puzzle Drummond Reed @drummondreed Chief Trust Officer Evernym and Sovrin Foundation Trustee July 2018 Background photo: Christoph Scholz https://creativecommons.org/licenses/by-sa/2.0/

×