Learn More →
THIS IS UNDER CONSTRUCTION Would you like to contribute? Join us at the Concepts, Terms and Edu bi-weekly Zoom session
This concepts page explains the main design objectives of KERI and ACDC, which results in a scope (or context) and links them to
To be better and quicker understood. It's a way to anchor our language and the words we use to our objectives. This pages shares and exchanges our criteria to why and in which situation something is important to us.
The ultimate goal is to make sense in the perception of respectively the newbie -, the advanced - and the advanced identity expert.
We'll not try to reach out to laymen.
A static site generated on Github, that uses resources all over the web and can be commented on.
Also a howto will be written along side to inform contributors how to add, link and amend resources.
The intention is to have resources (glossaries, videos, etc.) and howtos available continuously. It'll hopefully improve over time. The resulting static WebofTrust-site is already here: https://weboftrust.github.io/WOT-terms/ and will be automatically generated with Github Actions. All intermediate results are also directly available:
We reuse and reorganise as much as possible, using open source tools.
Contributions welcome!
Concepts use existing terms (which could create confusion) and introduces new terminology. It's aimed at identity experts in general and Self-Sovereign Identity experts specifically.
We explain the terminology at various levels of understanding, and also our criteria how we judge certain terms to be defined for the sake of KERI / ACDC. E.g. multisignatures
, validators
and verifiers
. What are they exactly?
Understanding could vary in different domains and use-cases (e.g. a controller in finance is quite different from a controller of an identifier). We need to be sure that sender and recipient are talking about "the same thing".
KERI is a new development. ACDC is build on top of KERI; so it's new too. Inevitably, new terminology has surfaced in the design of KERI and ACDC. In this concepts
page we try to explain related terms in a few levels of understanding. We've used analogies and symbols to clear up complex and intangible concepts for those new to KERI / ACDC and even for those experts that we consider being 'advanced'. The ultimate goal is to try to make sense in the perception of respectively the newbie - and the advanced identity expert.
See the features here : https://github.com/trustoverip/acdc/wiki/transfer-off-ledger
"The point is to be used, not to use the latest, coolest technique that is also very difficult to implement properly. That's the principle of KERI: solve a problem in the real world with the minimum techniques needed. The dumber the technology, but still sufficient to solve the problem, the better. 'Dumb technology' is freely available, understandable to everyone and easy to implement. In our case: just hashes and digital signatures." Source: Sam Smith 2022
ACDC has been implemented inside of keripy. We have full credential issuance, revocation and streaming support in both the REST API as well as the command line.
Source P. Feairheller, 2022
"We don't have version 1 of the specs of KERI yet.""
As soon as we do, the code will look the version up, and act accordingly (backward compatibility).
We split the KERIpy repo in two branches dev
and main
, so people can rely on a stable production version in main
.
Sam is going to develop this
The KERI design approach is to build composable primitives instead of custom functionality that is so typical of other DKMI approaches:
This is the arguably most powerful capability that may provide an essential building block for a generic universal decentralized key management infrastructure (DKMI) that is also compatible with the demand of generic event streaming applications. (new invention) More in the whitepaper
See glossary item
KERI alternative to total global ordering and consensus protocols is a mechanism called duplicity detection. In the verification and validation watchers are all that matter; they guarantee that logs are immutable by one very simple rule: "[first seen](first seen) wins".
principles and pre-conditions
principles and pre-conditions
Correlation between identifiers and there controlling human beings and binding of identifiers to human beings in general.
Applying salts, stretching passwords, etc.
There are a few commons reasons to choose development tools. Mostly because they have the following features:
The 10 principles were coined by Christopher Allen, one of the pioneers within this world, concerning the Self-Sovereign Identity (SSI). According to Allen, SSI can be interpreted in two ways: the first is ideological, which (key reading) affirms the importance of being able to control one’s own identity on the network without the need to counter trust; the second is technological, which means analysing which technologies and technological standards can enable this objective.
The 10 principles of the SSI are precisely intended to define what values and goals the idea and technology should pursue. They were first enunciated in Allen’s blog.
We've integrated the 10 principles in Social Values and Societal Values above.
It weakens them, because it exposes it and allows people an opportunity to try and work against it.
It's all your own identifier and you're controlling your identifier, so it's up to you what security constraints you want for that identifier. Anchoring, witness pools, thresholds, etc.
Best and compactly described by Daniel Hardman in Security, Silos, and Sovereignty 2022:
"SSI is not bestowed by corporate IT (Active Directory/LDAP systems); it’s not granted by internet giants (“sign in with Google/Facebook”); it’s not arranged through single sign-on vendors. SSI is for ordinary people who detest their messy collection of usernames and passwords, and just want bad guys to go away and good guys to enjoy the trust they deserve. SSI puts us — not institutions that leak our data to hackers, sell our data to partners, or surveil us for their own purposes — in charge. It also empowers governments, businesses, and other institutions that want to revolutionize privacy, redefine the cybersecurity and regulatory landscape, reduce cost and risk, keep people safe in pandemics, and do right by the people they serve."