A software programme which acts on behalf of an Entity or individual. There are two types of Agent: Edge Agents and Cloud Agents. The former run on a local device of an entity; the latter run on a cloud hosting service.
An application program interface (API) is a set of routines, protocols, and tools for building software applications. An API specifies and provides the ability for multiple software components to interact.
An attribute is a single fact about your identity. It is an identity trait which, when combined with other attributes, builds up a digital profile of an individual or thing.
Big Data is a phrase used to mean a massive volume of both structured and unstructured data that is so large it is difficult to process using traditional database and software techniques. Big data analysis is generally carried out using complex algorithms and machine learning.
Blockchain is the underlying technology that started with Bitcoin and has since evolved into many other use cases including digital assets and to record and validate transactions. It is a linked list of transaction updates to a virtual digital public ledger. A blockchain consists of a group of transactions in blocks. These blocks are cryptographically connected to one another as they are mined, creating a long chain. The nature of the cryptographic tie from one block to previous blocks means that previous blocks cannot be altered by anyone.
An asserted fact or attribute about an Individual or Entity. For example, a Claim could be name, age, address, date of birth. A number of Claims and connected Proofs make up Credentials.
A CorDapp is a decentralised application designed specifically to run on the Corda network. CorDapp’s generally provide the functionality and integration points for companies to use the Corda network.
Corda is a highly performant, enterprise-grade distributed ledger technology (DLT) used by a consortium of over 300 companies and partners. Originally created by R3 it is now run by the Corda Foundation.
A packet of data containing a set of Claims about an Entity and Proofs of those Claims. A credential can relate to any fact, it does not specifically have to be for identity data. Credentials are generally stored by individuals in Credential repositories/wallets/managers. IDWorks Sentry SDK stores credentials in a wallet that is embedded in organisations mobile apps.
DID Authentication or ‘DID Auth’ is the mechanism by which an identity owner can prove to a relying party that they are in control of a DID.
Companies can update or revoke the DIDState using Corda’s native State functionality. DIDStates are only visible to a permissioned set of parties in a Corda network. DIDStates provide much greater control and security over a DID for companies compared to DIDs on public blockchains or public permissioned ledgers.
Set out in the General Data Protection Regulation (GDPR), data controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
This means that transactions are peer-to-peer and occur without any company or oligarchic entity overseeing or giving permission for the interaction. This is conceptually significant because it provides total privacy for the parties involved. Decentralised in a DLT sense also means that there is no single point where decisions are made regarding how the system is run.
A globally unique identifier developed specifically for decentralised systems as defined by the W3C DID specification. DIDs enable interoperable decentralised Self-Sovereign Identity management. A DID is associated with exactly one DID Document.
Distributed means that the ledger is not recorded on a single server; with public blockchains and DLT, the ledger is stored on each computer which uses the network.
Distributed Ledger Technology (DLT), often confused with blockchain, is a technology which allows transactions to be carried out sequentially, in a transparent way for the participants in a specified network. DLTs are different to blockchains because they are often not made from ‘blocks’, which need to be mined. DLTs can be built using multiple different technical implementations such as ‘States’. Blockchains are a subset of DLT, but DLT is not a subset of blockchain.
An endpoint, sometimes referred to as a ‘Service Endpoint’ is a point of connection to a specific agent or entity. This could be in the form of a URL, an IP address or potentially a phone number.
Envoy is a CorDapp developed by IDWorks which allows companies to consume, issue, verify, and revoke Credentials.
Federated identity management systems are those whereby one single-sign-on capability allows an individual to access a range of platforms and services. Examples of federated identity management systems are the UK Government’s ‘Verify’ and ‘Sign in with Facebook’ or 'Sign in with Google'.
A hub, or digital identity hub is a back-up storage base for credentials. Hubs exist in many different structures and may be distributed, decentralised or centralised.
The issuing party / issuer is an entity which provides an individual with verified credentials.
Keys are long numeric codes that are involved in digital asset transactions, often encoded as hex or alphanumeric strings. Asymmetric key cryptography provides a strong security layer in which two different keys are created—a public key that is shared to encrypt a message, and a private key that is confidential to decrypt or sign a message. In Blockchains these asymmetric keys are used to create digital signatures instead of encryption, which can be validated by everyone. There are two kinds of keys: public and private.
KYC is an abbreviation for Know Your Customer and can refer to a set of regulations, policies and procedures implemented in financial services and other verticals to prevent money laundering, financing terrorism and other crimes involving money.
Nodes are software that run on internet-connected computers and function as non-mining transaction validators as well as digital asset wallets for the network they serve. Full nodes download the entire blockchain and validate each transaction per the agreed-upon rules of the network and relay transactions and blocks to others.
Off-ledger refers to data which is specifically kept away from blockchains and DLT. In IDWorks’ model, all identity data stored in Credentials remains with an individual off-ledger. This is important for data protection compliance.
On-ledger relates to data or information written to a blockchain or distributed ledger. On-ledger data is significant because it is immutable and, depending on the implementation, may be visible to the whole world. Importantly, data which is imputed onto a ledger should be data that never needs to be deleted.
As defined in the GDPR, ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Private DIDs (sometimes referred to as Pairwise or Peer DIDs) are off-ledger connections between organisations and individuals, or potentially between individuals and other individuals. Every connection an individual has, should take the form of a Private DID. Every Private DID an individual has is completely separate from all other Private DIDs and there is no way that Private DIDs can be correlated.
A private key in asymmetric cryptography is a piece of data held in secret by a single person or entity. It is used to compute digital signatures on data that can be verified using a Public Key.
A Proof is a cryptographic stamp of authentication from an Issuer, which is attached to a Claim.
A Public DID is similar to a yellow-pages directory for information look-up and is used for companies that issue signed and digitally stamped data (verifiable credentials) about individuals.
A public key in asymmetric cryptography is a publicly shareable piece of data that is computed from a Private Key and shared with counterparties through addresses, which are hashes of public key(s). Public keys are used along with digital signatures to validate that the holder of an asset authorises the transfer of that asset to a new address or entity.
The relying party is generally the party that consumes credentials, relying on the Proofs written into credentials that relate to an issuing party’s Public DID.
An identity system architecture based on the core principle that Identity Owners have the right to permanently control one or more Identifiers about themselves. SSI models are specifically built using decentralised technology so that an individual has sole and unique control over their own data.
Sentry is an application designed by IDWorks as an SDK, in order to allow companies to build credential wallets/managers into their current apps.
Siloed identity management systems are very commonplace today. They are those where your data is stored by one company for the purpose of being used by that one company. For example, when you log into your Amazon account, you are accessing a siloed data management system.
A Software Development Kit (SDK) is an application which can be built into existing architecture in order to offer extra functionality.
A State is part of Corda’s functionality. States on Corda are like a chain of dominos, with the most recent State in the chain a red domino and the older States are black and white. When an update or edit occurs, a new red domino is added, and the previous red domino becomes black and white. The red domino is referred to as the head state, and the black and white dominos are referred to as ‘consumed’ states. Notably, only the red dominos are visible ‘on-ledger’ and all the black-and-white dominos exist ‘off-ledger’ as historic States in the Vault of a company.
The Corda Vault is a multifaceted piece of functionality. It allows companies to replicate/import their internal storage systems. It also supports Corda’s State functionality, allowing companies to write DIDStates. Each company’s Corda Vault is only visible to the permissioned employees in that company and is not public.
A digital asset wallet is a piece of software that maintains keys and manages addresses. A wallet is comprised of a set of addresses. If the wallet has the private keys for these addresses, it is capable of sending transactions. If it does not have the private keys for these addresses, it is called a watch-only wallet, as might be used by an auditor.
A concept whereby once enough entities place trust in a specific attribute by validating it, other entities can rely on the attribute without validating it, but by trusting the other entities.
Zero-Knowledge Proofs (ZKPs) are an early stage technology that allows someone to cryptographically prove a statement, without revealing the input data. For instance, one could prove that a transaction was included in the blockchain without telling you which transaction it is. Someone could also prove the ability to decrypt encrypted data, or the ability to spend from a certain address, or prove the amount of funds in your wallet without revealing any addresses (for instance, to satisfy an audit). ZKPs are being actively explored by a number of blockchain projects and are a fundamental piece of engineering infrastructure in the SSI space.