Basically trying to find resources to understand Sovereignty wrt to identities.
On
Self-Sovereign Identity is a new decentralized identity where control of identity is not with the issuer but it is with citizens. e.g Currently your National ID is maintained and governed by an Issuer which is Government, but as per Self Sovereign Identity, it is you, who will manage your national ID and decide what to do with it. Now identity will be citizen-centric, not issuer-centric and that's how decentralize identity differ from normal identity services.
Now let me answer the following question:
1: How Identities are maintained within Hyperledger Indy?
Ans - Identities are maintained at two levels, public DID, schema, and other Public details are stored inside Hyperledger Indy ledger but Citizen's personal Information, Verifiable credentials (driving license, national id) are stored in a Hyperledger Aires-based Mobile Wallet app.
2: how can the decentralized digital nature of identities benefit to avoid data and identity thefts?
Ans - Now Identities are stored in users' own mobile wallets encrypted with keys that are far safer than identities that are getting stored with the issuer and act as a honey pot for attackers. Facebook, Twitter, Gmail data leaks are common nowadays. Another good things are even if your identities are compromised, as long as attackers don't have a private key/master key, those identities can’t be utilized for any purpose. if your master key is compromised, there is a way to recover the key as well as revocation of compromised identity is possible.
3: How can the users own and control their identities?
Ans - This is the basis of self-sovereign identity, Issuer will create verifiable credentials like your driving license, sign with its own Public Key which is embedded as part of DID in Hyperledger Indy ledger and issue it. The user will store that verifiable credential in a mobile wallet. Now User can decide to whom to share this verifiable credential. Now if the user went to a car rental company, the car rental company will create a presentation proof asking for driving license details, User mobile wallet will create a response of that presentation proof and sent it to the car rental company. Car rental company verify the proof by getting the public keys of the issuer DID from the Indy ledger. This is how identities will be issue, controlled by citizens and verification will be done without contacting Issue (Driving License Authority ) at all.
4: How to integrate SSIs with Hyperledger Fabric?
Ans - As of now, there are no such enterprise developments happening. SSI is a very generic term, SSI can be implemented using Ethereum which is uport/DAF Project, Hyperledger Aries, and other open-source DLTs. Integrating with Fabric depends on the use case and workflow.
Identities on Hyperledger Indy are Pairwise Pseudonymous Identifiers by default to prevent identity correlation. Decentralised Identifiers (DIDs) act as the primary keys on the ledger. DIDs on the ledger point to the DID Descriptor objects (DDOs), signed JSON objects that can contain Public Keys and Service Endpoints for a given identifier.
Decentralised Identifiers will help us to maintain an audit trail for identities. Decentralised identifiers will provide tamper evidence that makes identity theft quite difficult. The implementation approach also matters. In the Hyperledger Indy implementation, we get the ability to revoke credentials. If we can see any trace of an audit trail on a possible attempt of identity theft, we can revoke the identity and credentials.
When it is a self sovereign identity created by the user, there will be separate identity issuer, identity maintainer / ledger and identity verifier. Through pairwise identity architecture, identity issuer will always be able to control the identity records and identity workflows.
With regard to Hyperledger Fabric integration, a few possible options exist. All of them are in the research and experimentation phase. However it is worth exploring. Please let me list a few of them.
Hyperledger Foundation Projects for 2019 - HLD Fabric + HLD Indy
Stack Overflow - Communication between HLD Fabric - HLD Indy