--- tags: KERI, ACDC --- # What problem does KERI and ACDC solve? If we'd answer this basic question, we could take it from there to explain the design principles and **the concepts** of KERI, ACDC and a few auxiliary tools that sprung off from these fundamental developments (like CESR, OOBI, DID-KERI, CSER-PROOF, IPEX) to finally arrive where we need to be: **use cases**. This draft is only about the problems the KERI and ACDC suite solves.  ## What is a problem? A 'problem' is subjective. How you see a situation depends on: - knowledge and experience - values you proclaim Simply put: people may not care at all. Let's focus on the knowledge and experience of the recepient and *our* values. ## Our values The KERI team are eager to do justice to: - self sovereignty - freedom and social behavior - democracy - individual security - individual confidentiality - individual privacy - scalability of solutions - freely available solutions - simple solutions - minimal sufficient means - step by step disclosure ### Sub-values that can be inferred from the fundamental values - non-correlation of personal data - commitment - non-repudiaton - prevent deniability - attribution - delegability - 10 principles of SSI (all but one: {TBW} ) - open source solutions - etc So if these bullet points set a view of what is important in the world, then (what we call) "problems" at least have a back-drop or a reference. ## Problem solving for whom? ### Root problem and sub problems At the highest level of abstract we have existential questions about KERI and ACDC: - what problem is it solving - why can't this problem be solved otherwise - who is having this problem anyway As soon as you then start creating solutions you might bump into other sub-problems that you're then going to solve with sub-systems like CESR, OOBI, PTEL, IPEX and alike. Altough nobody in the world might relate to the sub-problem nor the solution by a sub-system like that, we still have to proceed and name it and solve it, because the bigger picture is dependent of its solution. Now what constitutes the bigger picture? These are **the root problems and KERI and ACDC solve**. Hang on, we're getting there in this article. ### Solution space First a few guidelines to address the fact that we might have different audiences for different abstraction levels of problems. This is the legend of the symbols we use in the picture above. A green checkbox means "explain", red checkbox means "don't explain". <img src="https://hackmd.io/_uploads/S1ZJYsaMo.png" width="200"> Only explain a certain solution to Identity experts <img src="https://hackmd.io/_uploads/H1b1Yi6Gj.png" width="200"> Anyone should know about the problem we're solving, so mind the wording <img src="https://hackmd.io/_uploads/rJZktoTGo.png" width="200"> Skilled computer users and experts might grasp the technical and systemic problems we're solving under the hood of KERI and ACDC. <img src="https://hackmd.io/_uploads/Hyb1FipGs.png" width="200"> Don't explain this to ID-experts. They will recognize omission and errors in the details and lose sight on the big picture. ### Problem space The premise of our work, *self-sovereign identity* and better described *autonomous identifiers*, is that it should be useful, inclusive and all-encompassing as soon as it comes to digital representation of your physical self. <img src="https://hackmd.io/_uploads/Bkthk2pGs.png" width="400"> To define more critically and tightly what is useful , we find that something new must be able to solve problems that existing technologies simply cannot solve. Inclusive means we have to address people in common language to begin with. Before descending into a vast and deep pool of jargon. We can’t stay away from complex language because - An all-encompassing solution has to cover the whole (redesigned!) identity layer of the internet - it extents to all disconnected databases around the world, all the long living idenitifiers there are (and will be in the future), all it’s controlling secrets, security, confidentiality and privacy. No wonder KERI and ACDC is perceived as complex. But in fact relative to this enormous challenge a few pratical design choices have reduced is to a doable job. ## Which problems have been associated with the distintive sub-systems in the KERI-ACDC suite <img src="https://hackmd.io/_uploads/Hkth1hpzs.png" width="400" align="left"> Forgive us the following brain dump. Or should we say *cluster bombing*? It started as a beautifully contained problem-centered listing. Elegant and slim. It quickly detoriated because of the many angles you can take. May the Phoenix rise from the ashes and let's aggregate a few main points from the rubble that *only* KERI and ACDC can mean for the world. ### KERI **Individuals want confidentiality and privacy. Conversely, organisations want reputation and they can't get enough of it, the bigger, the more persistent their identifiers loaded with credentials, the better. KERI and ACDC solve both these problems at the same time.** Key management: Proving chain of custody over an identifier at any point in time Key Management Infrastructure a decentralized key management infrastructure based on key change events that supports both attestable key events and consensus based verification of key events. Distributed multi-sig Key management delegation -> to add an additional layer of approval with key rotation (or recovery) (< > issuance of credenitials , which is ACDC) A Secure Identifier Overlay for the Internet (Samuel M. Smith Ph.D.) Retake control of our data ([source]( https://github.com/SmithSamuelM/Papers/blob/master/presentations/NonconformistKeynoteWeb20200702.pdf) ) "It's Single Sign On on Steroïds; this is my end-all-be-all SSO for life”. \ (Source [Joseph Hunsaker](https://hackmd.io/gHe_VCAwT9qmdzXe-Cx3MA#2022-08-25)) It solves fraud with reputation - Philip Feairheller “the autonomous control of authentic data and relationships." Timothy Ruff https://rufftimo.medium.com/web3-web5-ssi-3870c298c7b4 ### ACDC Secure attribution on the web (reputation) Proof of authorship - Proof of authority - drivers license (electricity bills - not having to present paper + signed version of that proof attested by ) composability - combining and using them in different contexts {TBW} ### OOBI Discovery via URI, trust via KERI: more efficiency, less vulnerability to hacks, purer self sovereignty, and middlemen cut out of the equation.\ ([Source](https://medium.com/happy-blockchains/keri-oobi-510467856035) ) ### CESR Modern and secure digital data streaming over the web. \ ([source](https://medium.com/happy-blockchains/cesr-one-of-sam-smiths-inventions-is-as-controversial-as-genius-d757f36b88f8)) CESR is a dual text-binary encoding format that solves the readability vs performance problem of data encoding. Problem: In general, currently there is no standard text-based encoding protocol that provides universal type, size, and value encoding for cryptographic primitives. Solution: CESR. ### IPEX The simplification of the IPEX protocol has two primary advantages. - The first is _enhanced security_. A well-delimited protocol can be designed and analyzed to minimize and mitigate attack mechanisms. - The second is _convenience_. A standard simple protocol is easier to implement, support, update, understand, and adopt. So it solves two problems: 1. pluriformity of mechanisms for the issuance and presentation 2. non-secure attribution ### SAID facilitates greater interoperability, reduced ambiguity, and enhanced security when reasoning about the serialization. Moreover, given sufficient cryptographic strength, a cryptographic commitment such as a signature, digest, or another SAID, to a given SAID is essentially equivalent to a commitment to its associated serialization. ### CESR-Proof Because you're disconnected and can't be sure somebody can reach out to you (to your IP-address) or vice versa. This opens up a world of problems: just disconnected, on airplane mode, I could be an IOT device that's collecting data in the field but no one's going to see for a day because there's no connectivity. > This problem is limited the people that are into protocol design. What happened with the emerge of CESR Proof? Digital signatures moved from inside - to outside the payload of a stream, but still pointing at the right portion of the payload it signs. The result is we're able to embed messages with cryptographic signature attachments into other messages. Forwarding messages through mailboxen to other controllers was impossible without these kind of enveloping solutions. An example of this and when it comes into play: When you don't have persistent internet connection, e.g. your cell phone, and you want make use of the KERI protocol, you must be able to run an agent that can receive the bespoke KERI messages and not just any other message data structure. We commonly use a mailbox for this. I needed to embed particular KERI messages (any KERI message that has an attached signature; always to the end of it, not being part of the mapping structure, it's part of the stream) inside a forward EXN message, but the KERI message had a signature attachment to it and I needed to transpose that signature to the outer envelope, without losing the context of exactly what it was signing. CESR Proof signature gives me the ability to move that sig over the outer envelope and be part of the attachment of the outer envelope, and still have it targeted to the exact embedded portion. Another problem CESR Proof signature might solve in the future is that we'd like to be able to only portions of ACDCs and not a whole container in one go, which we weren't able to do before. However, now at the end of 2022, CESR Proof hasn't been used yet to solve this particular problem. "I see an anology with a garden hose and CESR (Proof), a hose you're sending water through, and the water being data. It's a stream of data (water) coming out, but what if the amount of water just too much to fit in the hose or it gets stuck. You want to break things down. CESR can break the data up into pieces and make it easier to stream things." Kent Bull ### DID-KERI - no namespace collisions anymore - uniform method "all equally secure & strong" ### PTEL A Public Verifiable Credential Registry can be represented in several TELs to establish issuance or revocation state of a Verifiable Credential (VC). The problem PTEL solves is that a validator can't track state of a privately issued credential.