XDI TC Notes Unofficial Telecon Monday 2017-08-07

[Markus Sabadello <markus.sabadello@xdi.org>]

XDI TC Notes

Following are the notes of the unofficial telecon of the XDI TC held on:

Date: Monday, 07 August 2017 USA
Time: 9:00AM - 10:00AM Pacific Time (16:00-17:00 UTC)

The TC operates under a standing rule approved 17 July 2008 under which the TC does not hold regular official meetings and conducts all business by electronic ballot only. Unofficial weekly meetings are held to enable discussion among members but no business is conducted nor actions taken.

ATTENDING

Markus Sabadello
Drummond Reed
Phil Windley
Joseph Boyle

NOTES

AGENDA

XDI Link Contract Between sov DID and btcr DID

Markus has created a DID using the "sov" method, and another one using the "btcr" method. Both have XDI endpoints, so we can set up link contracts between them and demonstrate data sharing and messaging between identifiers registered on different blockchains.

Markus set up one DID on the Sovrin decentralized identity network and another one on the  Bitcoin testnet. The Sovrin DID is a base56 encoding of the first half of an Ed25519 verification key. The Bitcoin DID is the address of a specific transaction within a Bitcoin block.

With the BTCR method, the DDO (DID descriptor object) is created deterministically from the Bitcoin transaction. It points off-chain for the balance of the DDO contained in a second file.

For example, the Bitcoin testnet transaction b01a3498ff817def5017e0c17c9171c4e19cced1a6a63d67f617ac06fe5baf96 establishes the DID did:btcr:xkrn-xzcr-qqlv-j6sl. Using the BTCR playground to resolve, it yields the following deterministic DDO [Note: this DDO may not be fully compliant with the DID/DDO specs at the moment]:

{
   "@context": [
       "https://schema.org/",
       "https://w3id.org/security/v1"
   ],
   "ddo": {
       "txid": "b01a3498ff817def5017e0c17c9171c4e19cced1a6a63d67f617ac06fe5baf96",
       "funding-txid": "2960626c1c538ef120743753d834dd493361177edea2985caf1a678f690e0029",
       "funding-txref": "txtest1-xwrn-xzyx-qqwu-hyml",
       "hash": "b01a3498ff817def5017e0c17c9171c4e19cced1a6a63d67f617ac06fe5baf96",
       "more-ddo-hex": "6a3d68747470733a2f2f7261772e67697468756275736572636f6e74656e742e636f6d2f70656163656b65657065722f73656c662f6d61737465722f64646f",
       "more-ddo-asm": "OP_RETURN 68747470733a2f2f7261772e67697468756275736572636f6e74656e742e636f6d2f70656163656b65657065722f73656c662f6d61737465722f64646f",
       "more-ddo-txt": "https://raw.githubusercontent.com/peacekeeper/self/master/ddo",
       "owner": [
           {
               "id": "did:btcr:xkrn-xzcr-qqlv-j6sl",
               "type": [
                   "CryptographicKey",
                   "EdDsaSAPublicKey",
                   "update-proof"
               ],
               "curve": "secp256k1",
               "publicKeyHex": "024a63c4362772b0fafc51ac02470dae3f8da8a05d90bae9e1ef3f5243180120dd"
           }
       ],
       "control": [
           {
               "control-bond": 0.9997,
               "rotate-proof": [
                   {
                       "proof-type": "pay-to-pubkey-hash",
                       "hash-base58check": "n2UxD4VjPaVJqzhUWGhmGbbc3mXjRQv9Px"
                   }
               ],
               "revocation-proof": [
                   {
                       "bond-value": 0.9997,
                       "proof-type": "pay-to-pubkey-hash",
                       "hash-base58check": "n2UxD4VjPaVJqzhUWGhmGbbc3mXjRQv9Px"
                   }
               ]
           }
       ]
   },
   "signature": {
       "type": "SatoshiBlockchainSignature2017",
       "id": "did:btcr:xkrn-xzcr-qqlv-j6sl",
       "chain": "testnet",
       "blockhash": "00000000000003e932f5032b6024312b806c43cd487af8645e064f2423319d10",
       "blockindex": 30,
       "blocktime": "2017-08-07T19:15:11Z",
       "confirmations": 60,
       "time": "2017-08-07T19:08:44.568Z",
       "timereceived": "2017-08-07T19:08:44.568Z",
       "burn-fee": -0.0001
   }
}

The off-chain DDO fragment is located at https://raw.githubusercontent.com/peacekeeper/self/master/ddo and contains an XDI endpoint:

{
   "@context": [
       "https://schema.org/",
       "https://w3id.org/security/v1"
   ],
   "id": "did:btcr:xkrn-xzcr-qqlv-j6sl/0#peacekeeper-self-signed-claim",
   "type": [
       "Credential",
       "Identity",
       "Person"
   ],
   "issuer": "did:btcr:xkrn-xzcr-qqlv-j6sl/0#did-transaction-key",
   "issued": "2017-08-07",
   "label": "peacekeeper-self-signed-claim",
   "claim": {
       "relationship": "me",
       "alternate-name": "peacekeeper"
   },
   "service": {
       "xdi": "https://xdi03-at.danubeclouds.com/cl/+!:did:btcr:xkrn-xzcr-qqlv-j6sl"
   },
   "signature": {
       "type": "EcdsaKoblitzSignature2016",
       "created": "2017-08-07T00:00:00Z",
       "creator": "ecdsa-koblitz-pubkey:024a63c4362772b0fafc51ac02470dae3f8da8a05d90bae9e1ef3f5243180120dd",
       "signatureValue": "..TODO.."
   }
}

The Sovrin DID method does not yet support DDOs, however they can be constructed deterministically in a similar way as with the BTCR DID method.

For example, in the Sovrin provisional network, the DID did:sov:WRfXPg8dantKVubE3HX8pw is established as a NYM entry on the ledger:

sovrin@live> send GET_NYM dest=WRfXPg8dantKVubE3HX8pw

Getting nym WRfXPg8dantKVubE3HX8pw

Current verkey for NYM WRfXPg8dantKVubE3HX8pw is ~P7F3BNs5VmQ6eVpwkNKJ5D

And an XDI service endpoint can be established as an ATTR entry on the ledger:

sovrin@live> send GET_ATTR dest=WRfXPg8dantKVubE3HX8pw raw=endpoint

Getting attr WRfXPg8dantKVubE3HX8pw

Found attribute {"endpoint": {"xdi": "https://xdi03-at.danubeclouds.com/cl/+!:did:sov:WRfXPg8dantKVubE3HX8pw"}}

From this information, a deterministic DDO can be constructed.

XDI and DKMS (Decentralized Key Management System)

Drummond gave an update on the potential fit for using XDI graphs and the XDI protocol for decentralized key management.

Evernym has completed phase 1 of a project on DKMS for the U.S. Department of Homeland Security. Phase 1 involved gathering requirements for how a decentralized key management system differs from conventional centralized cryptographic key management system (CKMS) . Phase 2 is now about designing an actual architecture for implementing DKMS.

Drummond discussed two different approaches for deploying cryptographic keys to multiple devices:

1. Key synchronization, i.e. re-use the same keys across multiple devices by sharing them via encrypted messages.

2. Key derivation, i.e. use different keys derived from a master key.

Drummond said that the crypto architects working on the design have consensus to avoid approach #1 if possible.

Drummond gave a brief introduction of the functionality and advantages of HD keys and explained that the current architecture draft involves four different branches of HD keys: signing keys, DID keys, device keys, and token keys. Those “key trees” would exist both on cloud agents and edge agents. Drummond then explained that he thinks the XDI graph is a natural fit for modeling those trees of derived keys.

Markus pointed out that he wrote a Rebooting the Web of Trust paper about HD keys and how they could be modeled with XDI graphs.

https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust/blob/master/topics-and-advance-readings/cool-hack-xdi-blockstore-bip32.md

Markus and Phil agreed that the XDI graph model would be a good fit for this key derivation.

NEXT REGULAR CALL

The next call will be the following week at the usual time (Monday 9AM PT). The link where agenda items can be posted for the next meeting is: https://docs.google.com/document/d/19oDl0lbb56Grehx2a5flZnhrgnua5l8cVvC_dJ8fTXk/edit?usp=sharing