As promised, here is the technology portion of our identity blockchain. The complete white paper can be found here. We’re grateful for the feedback we’ve received so far and we’re looking forward to the next phases. Find me on twitter at @cnkeller and email at firstname.lastname@example.org and Eddie at @eddie_satterly and email@example.com.
The DataTrust technology stack used to implement the Trusted Identity Platform (TIP) is based both upon popular open source packages, as well as the commercial DataNexus platform. Figure 1 shows how multiple entities interact using the distributed ledger platform.
Figure 1: DataTrust Platform Overview
The underlying platform is a Zero Touch Provisioning (ZTP) enterprise data capture and routing solution which serves as the base technology layer. While extensible to any technology, the standard open source implementation is comprised of:
- Ansible and Python to handle multi-cloud orchestration and provisioning
- PostgreSQL, Cassandra, and Solr to store and search data
- Kafka to handle data streaming, masking, filtering, and auditing
- Data Pipeline for Change Data Capture (CDC)
Using the concept of commercial overlays for encryption, certificate and key management, the platform can seamlessly provide end-to-end security and compliance enabling features. This extends the underlying data platform to not only provide internal security, but to also ensure data security from collection to processing through storage to consumption. This enables the use of open source core components without the traditional concern over security and compliance.
The Hyperledger project provides the technology behind the distributed ledger components. Specifically:
- The Hyperledger Sawtooth project provides the distributed ledger building blocks and digital wallet
- The Hyperledger Indy project provides for additional ledger and identity functionality
As mentioned above, the ledger is only used to record the interactions between entities, never identity or key data. DataNexus only stores entity public keys, which are used to facilitate transactions and encrypt entity metadata, never identity data or private keys. This ensures that any disclosure of the ledger outside of the DataNexus identity network has minimal, if any, impact. The types of interactions that are recorded fall into the following categories:
- identity grants from any entity to any entity, e.g., individual to company or company to company
- identity transfer between entities, e.g., individual to a company or one company to another
- public key transfer between entities
- identity acceptance from entities
- data revocation between entities, e.g., individual to company or company to individual
- public key revocation between entities
The underlying DataNexus platform can validate and verify the ledger transactions to ensure adherence, e.g., that an identity revocation has been recorded and implemented successfully.
Each entity has at least one digital wallet capable of handling multiple identities and supporting operational functions on those identities. The Hyperledger wallet supports the following operations:
- store public and private key pairs that are uniquely associated to an identity
- validate key pair operations on the ledger, e.g., creation, grants, revocation/deletion, and transfer
- query information on distributed identities
- secure (encrypt) key pairs
The wallet can be stored offline on removable media, but must have connectivity and access to the ledger in order to facilitate operations.
Each business entity is responsible for securely storing identity information and implementing all ledger transactions relating to each identity under storage, which are then recorded back to the ledger for validation and verification by other entities. While the encrypted storage can be implementation specific, the DataNexus platform provides the necessary hooks for automatic verification of the ledger transactions.