Trust

For everyone and everything.

Background

Verification ...

Identity. Who are you?

The selfdriven framework provides a number of ways to enable someone or something to verify information that has been generated via it's operating system (Framework & App).

The system is open & works well with others.

It works with Self Soverign Identity (SSI) W3C DID/VCs standards.

The selfdriven verification framework helps with ...

  • Proofing the identities for people, organisations and things.
  • The basis for issuance (the rules) behind the decision to issue an achievement & associated skills from the selfdriven Universal Skills Set.
  • Creating "On-Chain" identity; powered by Cardano.
  • Linking to existing Self Soverign Identity frameworks.

Issuing

The process by which a person or organisation ("learning-partner") that can verify the learner experience and assign the skills gained etc.

Verifying

The process by which a person or organisation can verify an entity and any skills gained etc.

Issuing

Example Process of Learning Partner Verifing Achievements & Endorsements

Skills

After verification of achievements (based on learning templates) by the trusted learning partner (Community Members) has been completed, they are created as selfdriven Achievements (that can be represented as SDA tokens on-cloud or on-chain) with links to associated skills (SDI tokens).

Verifing

Verifying On-Cloud (Off-Chain)

The verifier is trusting the selfdriven Foundation as represented by selfdriven Octo.
The verifier is also trusting the issuance of the SSL certificate for the well-known verification service https://ssi.slfdrvn.io.
The verifier can check on-chain (Cardano) using the selfdriven SDI Policy ID to get the verification service URL & selfdriven Root Trust Public Keys - the associated token metadata has a payload that is W3C DID compliant.

Verifying On-Chain

! Important
Be careful hashing/encrypting any personal data on-chain directly.
Recommend using a DID service provider and then linking to it as "did/wc3" attribute.
Also see SSI section below.
A person is applying for a course with say a university or position with an organisation that requires the learner has verifiable existing skills.
The person provides their SDI e.g. 9cbdb0a2-45e7-4be3-83d8-c8d0723aea87, and their email address e.g. jane@email.com.
selfdriven has issued a SDV token for the SDI which includes the email attribute that was verified as controlled by the person at the time of issuing - On-Chain Example
Using the well-known selfdriven Policy ID (9a9fc2f60bbfb73eb9bfd71786778f39e400599c8f45ebaee773af20) the organisation queries the Cardano blockchain for the matching SDV based on the provided SDI.
Once the organisation has verified the person still has control of the email address - by say sending them a unique code and asking for them communicate it back to them - they then hash the SDI & email adddress and check that it matches the hash in the SDV token as per below.

Checking the SDV Token Identifier Attribute

Check the SDV metadata for the version
Version type of privacy protection is open, but common options are:
sdvk = SDVk; the verfication key (password) that goes with the SDV verification token and issued to community member when they get their public on-chain SDI. They can then share it with anyone wanting to verify them.
Then using the matching algorithm version; hash or encrypt:
eg
  • sha256; [SDI]-[Attribute]-[Value]
  • sha256-sdvk; [SDI]-[Attribute]-[Value]-[SDVk]
  • aes256; [SDI]-[Attribute]-[Value]
eg for sha256-sdvk:
9cbdb0a2-45e7-4be3-83d8-c8d0723aea87-11942f7e-b6f4-4375-920e-fbe1991951da-9cbdb0a2-45e7-4be3-83d8-c8d0723aea87-email-john@email.com
Which hashes as:
4bd1c5d26d688b0383b0db8fc33cd08209525c7feb3d84f28b7f372310bd7fcf
Then verify that this value equals the one in the SDV token metadata.
And this either proving or disproving that the claim by the person that the SDI is theirs.

SDV Identified Attributes Structure

Version
Can be any algorithm, but typically, including our mixed "sdvk" hashing:
"sha256", "sha512", "sha256-sdvk", "sha512-sdvk", "aes256", "pem"
Category
The Importance Of values as lower kebab case.
eg 'environment', 'social-interaction'
Type
"virtual", "physical"
Context
Can be as required, but typically:
"uri", "communication", "geolocation", "service", "cardano", "avatar", "website", "did", "ipfs"
Attibutes
Can be as required, but typically:
"email", "usi", "mobile", "address", "transaction", "uxto", "url", "name", "w3c", "public-key-rsa-spki", "hash"

Example Binding to IAMX DID

Bind a IAMX DID based on "Communications" context (Socials/Email) and/or "Who Am I" (KYC)
Entity creates DID using nftidentity.iamx.id, which is currently stored as DID document on IPFS.
IPFS Hash is submitted to selfdriven via app.slfdrvn.io and based on a matching email a SDV token is created with:
  • Category: "understand-of-self"
  • Type: "virtual"
  • Context: "ipfs"
  • Attribute: "hash"
  • Value: {{IPFS Hash of the IAMX DID document}}

Skills & Achievements as Cardano NFTs

Verifying as part of a Self-Sovereign Identity (SSI) Framework

W3C Compliant Decentralised IDs (DIDs) & Verifiable Credentials (VCs).
Using the selfdriven Identity (SDI) DID method ("did:sdi:")
DIDs are represented as SDI tokens.
DID Documents are represented as SDV tokens.
VCs are represented as SDA tokens.
The entity that the SDI & SDAs relate to are the controller of them.
selfdriven creates the DID (unique ID) & DID document - these and the VCs (proofs of achievements) can be accessed via ssi.slfdrvn.io, based on the approval of the entity that is the subject of the achievement i.e. who the achievement was issued to.
These and VCs via api.slfdrvn.io. VCs (proofs) can be accessed via the api based on a person's approval.
The DIDs can be stored on-chain, in the selfdriven Wallet and entities Wallet, using the appropriate Cardano Policy ID - creating an immutable reference of DIDs (SDIs) for verfiers.
Root-of-trust options; selfdriven based or Cardano blockchain based:
selfdriven as the root-of-trust is an easy way for a entity (person, organisation, thing ..) to start with the selfdriven service generating the cryptographic root key-pair.
Cardano blockchain (via a Crypto-Wallet) as the root-of-trust allows an entity to take more control. Using the cryptographic root key-pair created by the Cardano blockchain, as part of the wallet creation. The public address being the key-hash of the public-key. All data signing (used for verification) happens within the wallet with only the resulting cryptographic hashes (signatures) being stored on selfdriven (on-cloud).
Entities can choose to have more SSI self-control by choosing to move their achievemenets (SDAs) as VCs into their Crypto-Wallet or saved elsewhere like IPFS, a SSI wallet (eg RootsWallet) or downloading.
New to SSI? We highly recommend the Self-Sovereign Identity Book

selfdriven SSI Method Naming

There are four(4) primary DID naming formats within the selfdriven SSI Method specification - covering different levels of privacy and decentralisation.
And also the five(5) dsociety: DID naming formats are supported.
DIDs are stored as "Identifiers" within the selfdrivenOS.
did:selfdriven:
Description
did:selfdriven:
{{Ed25519-public-key|base58}}
Ed25519 public key encoded into Base58
did:selfdriven:anon:
{{Ed25519-public-key|hash-blake2b}}
Ed25519 public key hashed using Blake2b.
did:selfdriven:sdi:
{{SDI}}
The selfdriven SDI assigned to each community member. It uses the common UUID format. e.g. ddea7071-c37b-4c3f-ab69-603870f5c9f6
did:selfdriven:sdip:
{{SDI|hash-sha256}}
The SHA256 hashed selfdriven SDI assigned to each community member.
did:selfdriven:cardano:
{{bip32-address}}
Uses the Cardano key/hash/addressing based on BIP32-Ed25519.
did:dsociety:
Description
did:dsociety:1:0:
{{secp256k1-public-key}}
Uses the dsociety SSI schema based on secp256k1.
did:dsociety:1:1:
{{secp256k1-public-key|hash-sha256}}
Uses the dsociety SSI schema based on secp256k1 and SHA256 hash.
did:dsociety:2:0:
{{ed25519-public-key}}
Uses the dsociety SSI schema based on Ed25519.
did:dsociety:2:1:
{{ed25519-public-key|hash-sha256}}
Uses the dsociety SSI schema based on Ed25519 and SHA256 hash.
did:dsociety:2:2:
{{ed25519-public-key|hash-blake2b}}
Uses the dsociety SSI schema based on Ed25519 and Blake2b hash.

Root (Foundation) of Trust

Layers

Layers of trust as per diagram above.
Layer
Description
Notes
1
The basis of all learning communities using the selfdriven operating system.
  • selfdriven Foundation SDI
    9efb26dc-d247-4ad7-a8c0-b3f4782338f7
  • selfdriven Community SDI
    bce5418c-376c-4a7c-8520-88bfb23584d1
2
The achievement that enables learning-partners to issue achievements (SDAs) up to the level of their highest level for the selfdriven Learning-Partner skill.
  • selfdriven Learning-Partner Skill (Level 20) SDI
    4645047d-1252-4b20-a054-2ab424d4077d
3
Learning achievements as issued by learning-partners with the selfdriven Learning-Partner skill.

Base On-Chain Assets

The SDIs & SDAs tokens as on-chain assets.
Type
Description
On-Chain References
SDI
selfdriven Skill Types
  • Type (Root)
  • Skill
  • Skill Source
  • Skill Domain
  • Skill Level
  • Skill Capacity
  • Community Organisation
  • Community Member
  • Community Resource
  • Project Template
  • Learning Template
  • Learning Policy
SDI
selfdriven Community Base Skill
  • 49bd8274-25dc-4f72-b762-7a0a0b435dbc
SDI
selfdriven Foundation & Community
  • Community Organisations
SDI
selfdriven Learning Partner Skills
  • Levels 1 to 20
SDA
selfdriven Community;
Can Create Community Achievement.
  • Allocation of selfdriven Community Base skill by selfdriven Foundation to selfdriven Commmunity.
SDA
selfdriven Community;
Can Issue Achievements Achievement.
  • bbddd3c7-edec-43a2-9cdf-d182e2d2f47c
  • Allocation of selfdriven Learning Partner Levels 1 to 20 skills by selfdriven Foundation to selfdriven Commmunity.
SDA
selfdriven Octo;
Can Issue Achievement Achievement.
  • 6e1635bd-278b-40ad-898e-e3af12e70dd8
  • Allocation of selfdriven Learning Partner Levels 1 to 20 skill by selfdriven Commmunity to selfdriven Octo, so can issue learning-partner achievements (skills) on behalf of the selfdriven Community - so they can then verify achievements/skills to learners.

Base (Root of Trust) Assets

The Public Keys & SDVs as cryptographic basis for trust.
Start with the selfdriven Foundation Public Key and "follow the curve" for trust.
selfdriven Foundation
  • Community Organisation
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3OYqTDGUsRnIxpX3tIoJ
vpEWRpJeR+mBc5cowwXycWVI9WxavK0XNyEMKCKIc20GD3MKFaMAFpctx4ZSqEh4
rGIbHWnRHUs5BDXdnXrq4loOq9RdRVqFtXK53V9LuFpSiu/QZJwfyrmWR8Vc7mgv
OqSPvIc9lg/5HUui5lj9Kud6QQ8iX1hJ4IZixpOHyT1xLj4a9XNgPRmM4MG6eXMA
q5aIlmLGmyJiHXShrz2N0YkzJWzHXPMgvlqTo2kFPti4+EVyuTNBYHXV5F7zbFFO
bNl80f3vijpdRPhaDkQq5eG4GnsFndk2+oeM6UXwGqhfaIAQzS5Ftz60LqmIwk5F
kwIDAQAB
-----END PUBLIC KEY-----
selfdriven Community
  • Community Organisation
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbFFTqxfrkzg9GmXX0iM
YHSa7kD0f6NmyqnSzPhbzLT6BlGYI3Oz8vqYABY3npnLp3y4sa2Qoer6VYbNQABH
kCWqNQcxOmkeZC9SvfkQx+2OoSBtlrNTZxpa+pr7wRcZODG5kra9cDO2riI9XRuS
5F5HbhUi6IBp2GBr+zvXtup4nY4cz/CRUZLYN6JgZ9zIPlV32fX6olvhdZwjilWU
mwp8LhlyR+kS/RZ4ey0RWphFsrlQAR7ff44riNNuQQmOvbGLjvg3Y7tPR/Hk7FYG
D/40TNes1qwlxsilCf91Qxw65pilmFu6ByTAs5yxwwyGo9PP+L5qlZq7gvUp5LrS
zwIDAQAB
-----END PUBLIC KEY-----

Trust in Cardano Policy IDs is establish via DNS & SSL Certificate Issuance.

  • For DNS based trust query TXT records @ ssi-trust-root.slfdrvn.io
    Response is in the format "sdi:cardano:{Policy ID};{Metadata Label}"
    e.g. "sdi:cardano:6dd60b94e766e94ea3886d7631990db6d468d202c42a482090ee3a17;115100105"
  • For SSL based trust query https://ssi.slfdrvn.io API with method "ssi-trust-root".

Identity

selfdriven Identity

Governance

How we improve, make decisions & establishing trust.

Tokens

selfdriven "On-Chain" tokens/assets.

Skills

Explore the universal skills set.

Help

Talk to us about any help you may need.

Decentralised Identifiers (DIDs)

Skills, Achievements, Community Members are stored as Native-Assets. "URL-based identifiers (URIs) in use on the Web today (2019) require that the identifier be leased from an authority such as a Domain Name Registrar. A Decentralized Identifier (DID) is an identifier that does not need to be leased; its creation and use is possible without a central authority to manage it. The advent of Blockchains and Decentralized Ledger Technologies have led to other innovations that support this new type of decentralized URI. DIDs have various benefits over more traditional URIs." - W3C - More...