This document contains a collection of the answers to the most common questions people ask about Sovrin. If you have any comments, or if you have an outstanding question about Sovrin that was not answered here, feel free to contact us at [email protected].

FAQ

 

Foundation Basics

What is Sovrin?

‘Sovrin’ most commonly refers to the Sovrin Network, a public service utility enabling self-sovereign identity on the Internet. The Sovrin Network is decentralized, meaning individuals can collect, hold, and choose which identity credentials —such as a driver’s license or employment credential—without relying on individual siloed databases that manage the access to those credentials.

Sovrin is an open source project that offers the tools and libraries to create private and secure data management solutions that then run on Sovrin’s identity network.

Read more about the basic elements of the Sovrin Network here

What is the Sovrin Foundation?

Established in 2016, the Sovrin Foundation is a 501(c)(4) nonprofit based in Provo, Utah. The mission of the Sovrin Foundation is to create the Internet’s long-missing identity layer and provide a global public utility for digital identity to people, organizations, and things. The Sovrin Network enables you to personally curate and control your own collection of identity credentials by letting you selectively disclose your identity in a verifiable way.

Composed of a small staff of developers and support staff, the Sovrin Foundation works to administer the Trust Framework, which governs how the Sovrin Network operates. The Sovrin Foundation also provides support for the Sovrin Board of Trustees, the Sovrin Stewards, the Technical Governance Board, and various working groups needed to maintain and run the network.

See the Governance of Sovrin Foundation here

 

Why is digital identity a problem?

In the real world, most identity interactions are self-sovereign. People collect various credentials that they keep in their possession and present them at their discretion to prove things about themselves. They hold things like a driver’s license, passport, or insurance card and present them to any verifying entity they want, without the permission of the issuer. These credentials are kept under the control of the holder and only revealed with their consent.

This is not what happens on the internet. Like the famous cartoon says– “On the internet, nobody knows you’re a dog”, illustrating the very real issue with the lack of an easy, secure, standardized system for a person to collect, hold, and ultimately present trustworthy, verifiable credentials online.

One solution that has arisen to solve the problem of digital identity is through the advent of federated logins provided by services like Facebook or Google. What seems from the onset as a handy tool that helps expedite logging into the various websites that accept them, when actually, these federated logins are actually problematic. Relying on vast amounts of data collected from individuals– much of it unverified– one of the primary concerns with these systems is access. There will always be companies and individuals that will choose to not access these social networks and perhaps do not want to rely on these companies to control their or their customer’s data.

Overall, the internet lacks a universally available digital identity system that lets individuals collect, hold and present any credentials they want, to whomever they want, whenever they want– without the reliance on a third-party managing access.

See more about the problems with identity here.

What is self-sovereign Identity?

Self-sovereign identity (SSI) is a term used to describe the digital movement that recognizes an individual should own and control their identity without the intervening administrative authorities. SSI allows people to interact in the digital world with the same freedom and capacity for trust as they do in the offline world.

Everyone (including businesses and IoT) has different relationships or unique sets of identifying information. This information could be things like birth date, citizenship, university degrees, or business licenses. In the physical world, these are represented as cards and certificates that are held by the identity holder in their wallet or safe place like a safety deposit box, and are presented when the person needs to prove their identity or something about their identity.

Self-sovereign identity (SSI) brings the same freedoms and personal autonomy to the internet in a safe and trustworthy system of identity management. SSI means the individual (or organization) manages the elements that make up their identity and controls access to those credentials– digitally. With SSI, the power to control personal data resides with the individual, and not an administrative third party granting or tracking access to these credentials.

The SSI identity system gives you the ability to use your digital wallet and authenticate your own identity using the credentials you have been issued. You no longer have to give up control of personal information to dozens of databases each time you want to access new goods and services, with the risk of your identity being stolen by hackers.

This is called “self-sovereign” identity because each person is now in control of their own identity—they are their own sovereign nation. People can control their own information and relationships. A person’s digital existence is now independent of any organization: no-one can take their identity away.

Read more about SSI here.

 

Governance

What is the Governance (Trust) Framework?

The Sovrin Governance Framework–formerly the Trust Framework–  is the legal foundation for the Sovrin Network to function as a global public utility for self-sovereign identity. This governance document serves to define the business, legal, and technical terms that all members of the Sovrin Community agree to follow.

The Governance Framework was developed through a community-driven process led by the Sovrin Governance Framework Working Group, agreed to by the Stewards, and was approved by the Sovrin Foundation Board of Trustees.

Read more about the Governance Framework.

What is a Steward?

Sovrin Stewards are organizations that operate the network by running validator nodes which write to and read the Sovrin ledger. These trusted volunteers donate time, resources, and computing power to operate and maintain the network while agreeing to abide by the requirements of the Sovrin Governance Framework.

At present, there are over 50 Stewards from 13 countries over six continents.

See more about becoming a Sovrin Steward here.

How do I get involved with Sovrin?

The mission of the Sovrin Foundation is to create the Internet’s long-missing identity layer and provide a global public utility to everyone and everything: people, organizations, and things. This will allow everyone to control their identities and personal information by choosing who they share this data with and to do so in a verifiable way. Those interested in developing on Sovrin, applying to become a Steward, or supporting the Foundation may connect with us at the links below.

Interested in becoming a Sovrin Steward contact us here

Keep up with news and events from Sovrin here

Technical

How does Sovrin work?

The Sovrin Network consists of server nodes located around the world hosted and administered by a diverse group of trusted entities called Stewards. Each node contains a copy of the ledger, a record of publicly accessed information needed to verify the validity of credentials issued within the network.

In Sovrin, Stewards cross reference each transaction to assure consistency about what information is written on the ledger and in what order. This is done with a combination of cryptography and a Redundant Byzantine Fault Tolerant algorithm.

Identity holders, credential issuers, and verifying entities access these services on the Sovrin Network using Agents. Agents can be as simple as a mobile app and have the important job to hold and process claims on the Sovrin Network. Agents can perform identity transactions on the identity owner’s behalf and exchange information directly with other agents  with secure encrypted connections to each other. This way, only public identifiers of an issuer are anchored on the ledger, but an identity holder’s actual proof of their credential is privately transmitted to a validator. Sovrin has specific instructions and developed code for the creation of these agents, so different agents from a variety of developers may all work together within the Network. This allows every person, organization, and thing to interoperate.

Sovrin allows the sharing of trustable digital credentials. The Sovrin Network is designed to be private by design on a global scale by using pairwise pseudonymous identifiers, peer-to-peer interactions, and allow selective disclosure of personal data using zero-knowledge proofs.

Simply put, when an identity holder decides to share a verifiable credential with a relying entity using the Sovrin Network, they create a proof containing only the specific information that was requested using a combination of elements from any of their verifiable credentials in their digital wallet. The verifier only learns the information that was shared and nothing else. The verifier cannot take the learned information and prove who it came from.

Using the Sovrin Network, each person, organization, or IOT device that validates the identity holder’s proof can be completely confident that the proof or information being relayed is accurate and timely. Businesses can also avoid the regulatory burdens associated from storing mass amounts of customer data which could be stolen or misused.

Learn more about Use Cases.

Learn more about what can and can’t be written to the public ledger.

What does ‘decentralized’ mean?

Sovrin is described as “decentralized” because there is no central authority to register with to actually use the Network. The only information on the ledger is public information like decentralized identifiers (DIDs) and all other information remains off. This allows a verifier to determine who issued the credential presented to them, what combination of information it should contain (the schema), and if it has been tampered with or revoked.The public ledger allows identity holders privacy, security, and control of their data while the verifier can trust the credentials they are presented.

Learn more about Sovrin terminology.

Who can own an identity?

Sovrin Identity Owners can be individuals, organizations (legal persons of any form, such as corporations, partnerships, LLCs, NGOs, and governments) or internet enabled devices. The Sovrin Network does not directly issue credentials.

Learn more about the roles within the Sovrin ecosystem.

Is Sovrin ‘Permissioned’?

The Sovrin Network is a public–permissioned blockchain. Public means anyone can use the Sovrin ledger to make transactions. Permissioned only relates to who can actually operate the network and run the validator nodes. Unlike bitcoin that allows anyone to run a node and become a ‘miner,’ Sovrin only allows trusted entities called Stewards, to run the network of validator nodes that achieve consensus of the transactions on the ledger.

Companies and entities who apply to be Stewards must be voted on, and agree to abide by the Sovrin Trust Framework

Sovrin is open source and free for any developer to use and build on. The Sovrin Foundation and Trust Framework governance structure ensures that no single individual, organization, jurisdiction, industry sector, or other special interest has influence or power over the Network.

Read more about Sovrin’s Permissioned ledger 

What Is Hyperledger Indy?

The Sovrin Foundation open sourced the codebase used to create the Sovrin Network and contributed the initial code to Hyperledger Indy, a project dedicated to blockchain under the Linux Foundation umbrella. Hyperledger Indy is a distributed ledger, purpose-built for decentralized identity. Developers can use the tools and libraries from Hyperledger Indy to create identity solutions that are interoperable across jurisdictions and agencies. This interoperability allows developers to create cross-industry solutions such as Fintech and Healthcare that can all work together and obey each other’s regulatory standards.

Hyperledger Indy has complete open source specifications, terminology, and design patterns that allow for the development of decentralized identity solutions.

See here if you are interested in developing on Sovrin and using Hyperleger Indy.

Read more about the technical stack of Sovrin.

How does Sovrin use Blockchain?

The Sovrin Network is the first public-permissioned blockchain designed as a global public utility exclusively to support self-sovereign identity and verifiable claims. Recent advancements in blockchain technology now allow every public key to have its own address, which is called a decentralized identifier (DID). A DID is stored on the public ledger along with a DID document containing the public key for the DID, any other public credentials the identity owner wishes to disclose publicly, and the network addresses for interaction.

Using the Sovrin Network, the identity owner controls the DID document by controlling the associated private key. The primary objects stored and updated on the Sovrin Network ledger are public DIDs, issuer credential definitions/schemas, and revocation updates.

Read more about Keys here.

What is a Verifiable Claim?

A verifiable claim is a piece of information that is cryptographically trustworthy. In Sovrin, a verifiable claim is shared as a proof and is anchored to the public ledger by a credential definition and public DID written by the credential issuer. Typically, this proof is in the form of a digital signature. A Sovrin Verifiable Claim may be verified by a public key associated with the Issuer’s DID. An example of a verifiable claim could be a digitally issued driver’s license.

Read more about types of claims here.

What is a Zero Knowledge Proof?

Promiscuous sharing of identity attributes has long been a primary weakness in identity management. Sovrin is built to support the use of sharing as little information as possible to give each identity holder the ability to control and secure their personal information. This is called minimal disclosure.

The Sovrin Network’s minimal disclosure is enabled through a cryptographic technique called zero-knowledge proofs (ZKP). Zero Knowledge Proofs (ZKPs) are cryptographic techniques that allow users to share information without relinquishing their security and privacy. ZKPs use cryptography to prove a statement from party A (known as a prover) to party B (known as a verifier) without revealing anything else.

Using zero knowledge proofs, the Sovrin Network allows a person to prove things about themselves, based on verifiable claims, without having to reveal the claim itself. An example would be someone proving that they are over 21 at a bar purely with the zero knowledge proof, without needing to disclose their actual age, name, or other personal information.

Read more about how Sovrin implements ZKP here

What is a DID?

One of the major concerns with standard digital identity solutions is correlation. This means the ability to track an identity holder’s data—like social security number, phone number, or username—across multiple websites and log-ins. This is a major security threat and leaves the identity holder vulnerable.

By default, Sovrin uses Decentralized Identifiers (DIDs)—identifiers intended for self-sovereign, verifiable digital identities. Sovrin is built from the ground up using something called ‘pairwise pseudonymous identifiers’ to reduce correlation. This means Sovrin separates the data from direct identifiers so that linkage to an identity is not possible without additional information that is held separately.

As outlined in the W3C Draft Report on “Decentralized Identifiers (DIDs) v0.11, “Decentralized Identifiers (DIDs) are a new type of identifier for verifiable, ‘self- sovereign’ digital identity. DIDs are fully under the control of the DID subject, independent from any centralised registry, identity provider, or certificate authority.” eIDAS takes a more conventional approach, stipulating that “a qualified electronic signature shall have the equivalent legal effect of a handwritten signature”.14 eIDAS defines an “electronic signature” as “data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.”

DIDs are globally unique identifiers that do not require a centralized registration authority because they are registered with distributed ledger technology or other decentralized networks.

Read more about Sovrin and DIDs here.

How do I develop on Sovrin?

Behind the Sovrin Foundation is a codebase precisely designed to enable true digital self-sovereign identity (SSI). In accordance with the decentralized nature of blockchain technology, this codebase is open source and receives contribution from people all around the world. The first step to working with the global community and code is the Indy Getting Started guide, which will walk you through basic Indy transactions.

You can also join Indy’s Mailing List, Chat Room, and Working Group calls (every Thursday at 3:00 pm UTC via Zoom) to communicate and collaborate with others who are working on and with the code.