Decentralized Cross-Network Identity Management for Blockchain Interoperation

TL;DR

This paper proposes a decentralized identity management architecture for permissioned blockchains, enabling secure data sharing and trust establishment across networks through distributed identity registries and verifiable credentials.

Contribution

It introduces a novel architecture and protocols for cross-network identity management using self-sovereign DIDs and verifiable credentials, implemented with Hyperledger Indy and Aries.

Findings

Successful linkage of trade finance and logistics networks.

Demonstrated secure and dynamic discovery of member credentials.

Analyzed security and extensibility of the system.

Abstract

Interoperation for data sharing between permissioned blockchain networks relies on networks' abilities to independently authenticate requests and validate proofs accompanying the data; these typically contain digital signatures. This requires counterparty networks to know the identities and certification chains of each other's members, establishing a common trust basis rooted in identity. But permissioned networks are ad hoc consortia of existing organizations, whose network affiliations may not be well-known or well-established even though their individual identities are. In this paper, we describe an architecture and set of protocols for distributed identity management across permissioned blockchain networks to establish a trust basis for data sharing. Networks wishing to interoperate can associate with one or more distributed identity registries that maintain credentials on shared ledgers managed by groups of reputed identity providers. A network's participants possess self-sovereign decentralized identities (DIDs) on these registries and can obtain privacy-preserving verifiable membership credentials. During interoperation, networks can securely and dynamically discover each others' latest membership lists and members' credentials. We implement a solution based on Hyperledger Indy and Aries, and demonstrate its viability and usefulness by linking a trade finance network with a trade logistics network, both built on Hyperledger Fabric. We also analyze the extensibility, security, and trustworthiness of our system.