Interoperation for data sharing between permissioned blockchain networks relies on networks' abilities to independently authenticate requests and validate proofs accompanying the data; these typically contain digital signatures. This requires counterparty networks to know the identities and certification chains of each other's members, establishing a common trust basis rooted in identity. But permissioned networks are ad hoc consortia of existing organizations, whose network affiliations may not be well-known or well-established even though their individual identities are. In this paper, we describe an architecture and set of protocols for distributed identity management across permissioned blockchain networks to establish a trust basis for data sharing. Networks wishing to interoperate can associate with one or more distributed identity registries that maintain credentials on shared ledgers managed by groups of reputed identity providers. A network's participants possess self-sovereign decentralized identities (DIDs) on these registries and can obtain privacy-preserving verifiable membership credentials. During interoperation, networks can securely and dynamically discover each others' latest membership lists and members' credentials. We implement a solution based on Hyperledger Indy and Aries, and demonstrate its viability and usefulness by linking a trade finance network with a trade logistics network, both built on Hyperledger Fabric. We also analyze the extensibility, security, and trustworthiness of our system.
翻译:获得许可的连锁网络之间数据共享的合作取决于网络独立认证请求的能力,以及数据所附验证证据的验证能力;这些通常包含数字签名;这要求对应网络了解对方成员的身份和认证链,建立基于身份的共同信任基础;但获准的网络是现有组织的临时联合体,这些组织的网络联系可能不广为人知,即使其个人身份具有保密的可核实的会员资格,但这种联系可能并不广为人知或已经牢固建立;在本文件中,我们描述了在获准的连锁网络之间分配身份管理的架构和一套协议,以建立数据共享的信任基础;希望进行互通的网络可以与一个或多个分布式身份登记册联系起来,这些网络要对对方成员的身份和认证链保持彼此的身份和认证链;网络参与者拥有这些登记册上的自我主权分散身份,并且能够获得保密的会员资格证书;在相互合作中,网络可以可靠和动态地发现对方的最新会员名单和成员资格;我们实施了一个基于Syledger Indy和Aries的解决方案,并且通过将贸易融资网络与我们建立的信任性物流网络联系起来来显示其可行性和效用和效用。
相关内容
微信扫码咨询专知VIP会员