Questions from DICE sponsors about KERI
henkvancann opened this issue · 8 comments
Questions about KERI:
-
What is the legal status of what you do with KERI, how does it meet regulations and law?
-
Is Bridging possible and if so what a the integration cost
-
What enables KERI: what do you need to get going, what are the infrastructural costs, etc.
-
Does KERI really brings so much value in comparison to the law-enforced eidas regulation, that companies would think for vLEI?
This issue tries to answer these DICE sponsor questions. These people are in businesses that'll earn money in the future to control EUID holders for governments. It's a federated design (eIDAS). To become a member of the gang (QI) they have to conform to an ARF.
I've fed our KERI Wizard (chatGPT) all these documents and started asking the questions. Here are the results of the questions in chat GPT 'KERI wizard': https://chatgpt.com/share/1cdcb4db-467c-4fc4-a208-8174ffc93bcf
What I do here in this issue, copy each answer in the comments below, find the gibberish (hallucinations of chatGPT), take it out and amend the content in general. So you don't need to check the chatGPT result, it's in the comments of this issue already and then we improve it here.
My question to you is: could you go over the answers and point me to KERI parts, features or characteristics that I forgot to mention? You can comment on each comment.
What is the legal status of what you do with KERI, how does it meet regulations and law?
KERI wizard answer curated:
The legal status of KERI (Key Event Receipt Infrastructure) is important for its acceptance and integration into existing legal frameworks. KERI, as an open source decentralized identifier system, must adhere to various legal and regulatory standards, particularly those concerning digital identity, data protection, and cybersecurity. Here's how KERI meets these requirements:
Legal and Regulatory Compliance
Data Protection Regulations (GDPR in Europe):
Data Minimization and User Control: KERI ensures that users have control over their data. Users can manage their cryptographic keys, with which all sensitive data can be encrypted without binding to the control of the keys, thus maintaining privacy and minimizing data exposure.
Consent Management: Users must give explicit consent for any data sharing, aligning with GDPR requirements for data subject consent. They do so by allowing access to encrypted data and supplying public keys to verify signatures.
Right to Be Forgotten: Although KERI uses immutable ledgers, the system can be designed to revoke and retire identifiers to comply with the right to be forgotten by making identifiers inactive without altering historical data.
Electronic Identification, Authentication and Trust Services (eIDAS) Regulation:
Qualified Electronic Signatures: KERI can integrate with Qualified Electronic Signature (QES) providers, ensuring that signatures made using KERI infrastructure are legally binding across EU member states.
Interoperability and Certification: KERI's infrastructure can be certified under schemes such as those provided by eIDAS to ensure its components meet high-security standards. The use of common protocols and standards ensures interoperability with other digital identity solutions.
Cybersecurity Standards:
Certification and Auditing: KERI components can undergo certification processes to ensure they meet cybersecurity standards such as those outlined in the EU Cybersecurity Act. Regular audits and conformity assessments could be done, but are not needed, because KERI is inherently and proven secure.
Encryption and Key Management: KERI start off from the precondition that a controller needs to his/her secrets secret. The use of strong but seasoned cryptographic functions ensure that all data is securely encrypted. KERI advises for private keys to be managed in secure environments, complying with global standards for cybersecurity.
Meeting Specific Legal Requirements
Mutual Authentication and Secure Transactions:
Authentication Protocols: KERI uses robust mutual authentication protocols to ensure that both parties in a transaction can verify each other's identities securely. This aligns with legal requirements for secure electronic transactions.
User Awareness and Authorization: The system includes mechanisms for controller (user) awareness and explicit authorization. All transactions are peer to peer and signing happens on the edge. Thus users know about who is requesting their data and for what purpose, thereby creating transparency and informed consent.
Integration with National and International Frameworks:
Interfacing with National ID Systems: KERI can interface with national identity systems and electronic identification cards (e.g., EU Member States' identity cards), providing seamless integration and compliance with national legal frameworks.
Compliance with the European Digital Identity Framework: As detailed in the European Digital Identity (EUDI) Wallet architecture, KERI supports the functionalities required for electronic identification and trust services within the EU.
EUDI Wallet Functionalities
KERI aligns with the proposed functionalities of the EUDI Wallet, which include:
Storage and Management of Personal Identification Data: Securely storing and managing qualified electronic attestations and personal identification data, both locally and remotely.
Cryptographic Functions: Providing secure cryptographic functions for identification, authentication, and electronic signatures.
User Interface for Awareness and Authorization: Ensuring users are aware of and authorize data transactions, promoting transparency and user control.
Conclusion
KERI's infrastructure is designed to meet stringent legal and regulatory requirements by integrating advanced cryptographic techniques, robust authentication mechanisms, and comprehensive user control features. By adhering to GDPR, eIDAS, and other relevant cybersecurity standards, KERI ensures that its operations are legally compliant and secure, fostering trust and acceptance among users and relying parties alike. This compliance is essential for its adoption in various regulatory environments and its integration into national and international digital identity frameworks.
Forgetting
There are three ways that forgettability can be provided by the identity system. The proposed identity system could eventually support all three methods of forgetting.
The first way is to just to delete the encryption keys. Once all copies of the encryption key is deleted there is no way to decrypt the data. Another approach is to make the data nonretrievable by deleting certain number of shares in thresholdstorage protocols. The users might need to explicitly waive the right to have the encrypted data deleted and accept key deletion as sufficient for forgetting.
Another way is to use time limited ledgers. The transaction ledgers can be checkpointed every certain period of time so that the ledger is essentially closed out and started over. Current transactions are brought forward and entered anew in the ledger but stale transactions are deleted. As mentioned previously, a distributed consensus pool can act as a trusted third party enabling triple signed transaction receipts. In a triple signed transaction, both sides of the exchange and the notary all sign the transaction. A receipt can be generated that is proof of the transaction. The transaction can be deleted from the ledger, but each party can keep a copy of the receipt that proves all three parties agreed to the transaction. This allows transactions to be “forgotten” from the public ledger.
The final way is to use a mutable database in concert with the metadata transaction ledger. The consensus pool manages the transactions in the database including change or delete transactions. The metadata includes a full audit trail including the delete transactions. This is analogous to accounting systems where transactions can’t be deleted but a subsequent transaction can undo the previous transaction. The ledger of transactions is immutable but the data in the database is mutable.
from: https://github.com/SmithSamuelM/Papers/blob/master/whitepapers/Identity-System-Essentials.pdf
How to integrate KERI in a solution, anticipating the requests eIDAS organisational wallets, at scale, have?
Integrating KERI into a solution that meets eIDAS organizational wallet requirements at scale involves several streamlined steps, leveraging KERI's open-source nature, lean design, and the CESR protocol for efficient data streaming. Here's a concise guide:
- Understand the Requirements
eIDAS Organizational Wallets
Compliance: Align with eIDAS regulations for identification, authentication, and trust services.
Interoperability: Ensure seamless interaction with other eIDAS-compliant systems.
Scalability: Design for large-scale use by multiple organizations.
- Develop the Technical Architecture
KERI Core Components
- Decentralized Identifiers (DIDs): Use DIDs to uniquely identify organizations and users over the web; did:webs and did:keri
- Key Event Receipt (KER) Log: Manage the lifecycle of cryptographic keys securely including signatures and seals.
- Verifiable Data Registry / Transaction Event Logs (TELs): Store and manage verifiable credentials and attestations.
- Implement Security and Compliance Measures
Cryptographic Security
- Strong Cryptography: KERI has robust cryptographic algorithms for key management: multi-signature, inception, pre-rotation, delegation and revocation.
- Compliance: Integrate with Qualified Trust Service Providers (QTSPs) for qualified electronic signatures (QES) and obtain necessary certifications.
- Develop Interoperability Features
Standard Protocols
API Integration: Extend and use KERI API (KAPI) so that it conform to eIDAS and ARF EUID requirements.
CESR Protocol: Leverage CESR (Compact Event Streaming Representation) for efficient and secure data streaming.
- Build a Scalable Infrastructure
Cloud-Based Solutions
Cloud Hosting: Utilize cloud infrastructure for high availability and scalability, host KERI agents to service witnesses, validators, jurors, etc.
Microservices Architecture: Enable the independent scaling of KERI components that are in the KERI by design.
- Develop a User-Friendly Interface
Organizational Wallet Interface
User Experience: Use Signify and KERIA to offer an intuitive interface for administrators and users.
Access Controls: Implement role-based access controls in the decentralised KERI governance model of Qualified Issuers.
- Implement Monitoring and Management Tools
Continuous Monitoring
Security and Performance Monitoring: Track system performance and security continuously. This is something the KERI Suite would typically involve externally.
Management Tools: Provide administrative dashboards and maintain audit logs. KERI's KEL and TEL are audit logs in itself. The explorer or dashboard is still in its infancy to get a historical management overview of the data a user is allowed to see and the signatures and seals that can be verified. It also is highly dependent on which type of user rights an individual in a management role over a set of AIDs has: controller, verifier, delegator, delegatee, etc.
- Pilot and Scale
Pilot Implementation
-
Initial Deployment: Test the integration in a controlled environment. Because eIDAS is a federated identity protocol, KERI needs at least two AIDs of two Qualified Issuers (one each) and one subject AID issued by one of the QI, or if you'd like to test the true SSI value of KERI: subject becomes controller of an AID of which the controller start issuing credentials and share with one the QIs. The QIs then propagates the credential to another QI signing it once.
-
Feedback Loop: Collect and implement feedback to refine the system. All KERI UX operations have corresponding kli commands. Collecting commands and replaying them and improving them offers the Feedback Loop.
Scaling Up
Gradual Scaling: Increase users and transactions gradually, optimizing based on performance metrics.
Vision on KERI's Open Source Character
KERI’s open-source nature fosters innovation and collaboration, allowing developers to customize and extend the system to meet specific needs. Its lean and mean design ensures efficiency and simplicity, making it easier to implement and scale. The CESR protocol further enhances this by providing a general-purpose, efficient method for streaming data securely and reliably.
Conclusion
By leveraging KERI’s open-source nature, lean design and the CESR protocol, you can build a scalable, compliant, and efficient solution for eIDAS organizational wallets. This approach ensures robust security, interoperability, federated Qualified Issuing and gradable user control, meeting the needs of organizational users at scale.
Could you create a comparison between the ARF of eIDAS based EUID and the main KERI features: KERI core, ACDC, CESR, OOBI, Signify, KERIA? Please pick the 10 most important aspects of which security, confidentiality, privacy are 3.
Comparison between eIDAS-based EUDI and KERI Features
Aspect | eIDAS-based EUDI | KERI Features |
---|---|---|
1. Compliance and Regulation | Compliant with EU regulations, specifically eIDAS. Ensures interoperability across EU member states. | Decentralized and designed to be flexible. Can be integrated into existing compliance frameworks. |
2. Decentralized Identifiers | Uses centralized identifiers issued by member states or qualified trust service providers. | Uses decentralized identifiers (DIDs) managed through KERI's decentralized infrastructure. However, KERI is versatile: it's all about who controls the keys. |
3. Security | High security standards, including strong authentication and encryption. Regular audits and certifications required. | KERI core provides secure key management and event logs. Security built into the core design with cryptographic mechanisms. |
4. Confidentiality | Ensures confidentiality through legal and technical measures, including compliance with GDPR. | KERI ensures confidentiality through cryptographically secured gradual disclosure protocols and decentralized key management, compliant with GDPR and other laws and regulations. |
5. Privacy | Compliant with GDPR, ensuring data minimization, user consent, and the right to be forgotten. | Privacy by design. Users control their own data and keys, with minimal exposure through cryptographic techniques. |
6. Interoperability | Ensures interoperability across different member states and systems through standard protocols and interfaces. | KERI is an open source protocol, trust spanning layer for the web, interoperable by design. Uses CESR for interoperable data streaming. Designed to be able to work with various digital identity systems, extensible and configurable to practically do so. |
7. Scalability | Scalable across the EU, designed to handle large volumes of transactions and users. | Highly scalable due to its decentralized nature, lean and mean protocols, and microservices architecture. |
8. User Control and Consent | Strong emphasis on user control and consent. Users can manage their data and provide explicit consent for data sharing. It's SSI: self-service identity. | Users have full control over their identifiers and data, with mechanisms for explicit consent (seals) and data sharing (TELs). KERI is pure SSI: self-sovereign identity. |
9. Trust Framework | Built on a centralized trust framework with qualified trust service providers and conformity assessment bodies. | Built on a decentralized trust framework. Uses AIDs as identifiers verifiable to their roots-of-trust, ACDC for verifiable credentials and attestations, OOBI for out-of-band 2nd factor authentication, CESR for encrypted and signed data streaming, composable in text and binary format. Lastly Signify and KERIA offer 'signing on the edge'. |
10. Ecosystem Roles | Defines clear roles for identity providers, trust service providers, and users. Comprehensive governance structure. | Defines roles for various entities, including issuers, verifiers, and holders. Uses Signify and KERIA for administration and governance. KERI implementers adhere to the ToIP governance model and there are template docs available at GLEIF |
Key Features Explained
- KERI Core: Provides a decentralized identifier system with secure key management and event logs.
- ACDC (Authentic Chained Data Container): Used for issuing and verifying verifiable credentials.
- CESR (Compact Event Streaming Representation): A protocol for efficient and secure data streaming.
- OOBI (Out of Band Interaction): Mechanism for establishing out-of-band (the web serves this protocol) introduced KERI authentication enabling secure data exchange.
- Signify: Agent tool for managing identifiers. Signify is a web client + signing - and key pair creation app that minimizes the use of KERI on the client.
- KERIA (KERI Agent): Framework for administering and governing KERI-based systems. KERI Agent in the cloud. The KERIA service will expose 3 separate HTTP endpoints on 3 separate network interfaces:
Boot Interface - Exposes one endpoint for Agent Worker initialization.
Admin Interface - The REST API for command and control operations from the Signify Client.
KERI Protocol Interface - CESR over HTTP endpoint for KERI protocol interactions with the rest of the world.
Conclusion
The eIDAS-based EUDI and KERI both aim to provide secure and trusted digital identity solutions, but they differ significantly in their architecture and approach. The eIDAS-based EUDI relies on a centralized framework with strict regulatory compliance, while KERI emphasizes decentralization, user control, and flexibility, making it adaptable to various regulatory environments. Both systems prioritize security, confidentiality, and privacy, ensuring that users can trust their digital identities.
Eidas2, EUDI wallet and basically the ARF is becoming mandatory for EU in all levels of industry. If you force all companies on EUDI, by which means GLEIF or any other organizational ID supplier wants to enforce keri as an addition or alternative to the companies that run to comply with the ARF?
To address the mandatory adoption of the eIDAS2, EUDI wallet, and ARF (Architecture and Reference Framework) across all levels of industry in the EU, while also considering the integration of KERI as an addition or alternative, we suggest the strategic approach below. This approach highlights the benefits of KERI, leverage partnerships with organizational ID suppliers like GLEIF (Global Legal Entity Identifier Foundation), and comply with the ARF and offer enhanced functionality at the same time. Here’s a comprehensive plan:
Strategy for Integrating KERI with EUDI and ARF
- Highlight the Unique Benefits of KERI
Decentralization and Flexibility
Decentralized Identifiers (DIDs): Emphasize how KERI’s presence in DIDs (did:webs and did:keri) provides a more secure and resilient identity management system compared to centralized systems.
Interoperability: Highlight KERI’s ability to seamlessly integrate with existing eIDAS-compliant systems, enhancing interoperability across different platforms. The overall system will have the security features of the least secure.
Security and Privacy
Enhanced Security: The barer tokens of the federated identity model are a known security risk. Attacks are known and successful. Showcase KERI’s advanced cryptographic mechanisms that ensure secure key management, secure authentication, verifiability to the root-of-trust (no intermediaries to be trusted or as a security vulnerability / honey pot), gradual disclosure (step-by-step lifting of confidentiality), event logging, multi-signature schemes, (pre-)rotation of controlling keys.
Privacy by Design: Demonstrate KERI’s privacy features, including user control over their data and minimal data exposure.
Scalability and Efficiency
Scalability: Explain how KERI’s lean and mean design, along with its use of the CESR protocol, ensures scalability and efficient data streaming.
Efficiency: Point out the efficiency of KERI in managing decentralized identities and verifiable credentials, reducing overhead and simplifying compliance processes.
- Leverage Partnerships with Organizational ID Suppliers
Collaboration with GLEIF
GLEIF Integration: Work with GLEIF's suppliers to integrate KERI-based vLEI identifiers providing trust services.
Joint Initiatives: Launch joint initiatives and demonstrate the benefits of vLEIs as organizational identifiers.
Engagement with Other ID Suppliers
Broader Ecosystem: Engage other organizational ID suppliers to create a broader ecosystem of identity solutions that incorporate KERI, offering alternatives and additions to the EUDI framework.
Standardization Efforts: Continue to participate in standardization efforts to prove that KERI-based solutions are recognized and can be seamlessly integrated with existing regulatory frameworks, such as the ARF.
- Compliance and Integration
Compliance Framework
Regulatory Alignment: Ensure that KERI-based solutions are fully aligned with eIDAS2 and EUDI requirements, providing clear guidelines for organizations on how to achieve compliance. This means demonstration of the hand over of control over keys from the citizen / subject to the government via Qualified TSP.
Certification: Obtain necessary certifications and conduct regular audits to ensure ongoing compliance with EU regulations. The audit of KERI is a one-time effort for the part that it intrinsically complies with EU regulations like GDPR and ? KERI adjustments to comply with other EU regulations that require centralized control are possible through control over identifiers and process automation.
Integration Roadmap
Step-by-Step Guide: Develop a step-by-step integration roadmap for organizations to adopt KERI alongside or as an alternative to the EUDI wallet, highlighting key stages and milestones.
Technical Support: Offer comprehensive technical support and resources, including APIs, SDKs, and documentation, to facilitate seamless integration.
- Promote Awareness and Adoption
Awareness Campaigns
Educational Programs: Conduct educational programs and workshops to raise awareness about the benefits of KERI and how it complements the EUDI wallet.
Case Studies and Success Stories: Share case studies and success stories from early adopters to demonstrate the practical benefits and impact of integrating KERI.
Incentives for Adoption
Incentive Programs: Create incentive programs for organizations that adopt KERI-based solutions, such as grants, tax benefits, or reduced compliance costs.
Partnership Opportunities: Offer partnership opportunities and collaboration initiatives to encourage broader adoption and integration.
Commercial Services: Show the practical and financial characteristics of cloud services to play a role in a KERI based ecosystem online.
Conclusion
By highlighting the unique benefits of KERI (killer feature is security), leveraging partnerships with organizational ID suppliers like GLEIF, providing a clear path for compliance and integration, and promoting awareness and adoption, KERI can be positioned as a valuable addition or alternative to the mandatory EUDI framework. This approach ensures that organizations can meet regulatory requirements while benefiting from the enhanced security, sophisticated key management, gradual disclosure (step-by-step lifting of confidentiality), privacy, delegation and overall scalability and flexibility that KERI offers.
Here's my take at the questions:
Questions about KERI:
- What is the legal status of what you do with KERI, how does it meet regulations and law?
- There are a number of ways to answer such a broad question including licensing, data rights, as well as export controls.
- Regarding licensing, since the reference implementation of KERI in Python is Apache 2.0 then the licensing is very permissive and open.
- Regarding data rights, a big power of ACDC built on top of KERI are the ability to custom fit legal terms for data rights within Ricardian Contracts, or code as law, in the rules section of ACDCs.
- Regarding export controls then the License Exception Technology and Software Unrestricted (TSU) classification likely applies because KERI & ACDC are open source.
- How to integrate KERI in a solution, anticipating the requests eIDAS organisational wallets, at scale, have?
- Using SignifyTS and SignifyPy at the edge in mobile devices, web browsers, IoT devices, and the like in addition to KERIA for agent servers is the base way to begin integrating KERI into organizational wallets at scale. KERIA is a multi-tenant agent service that is tightly integrated with the edge-signing library, SignifyTS.
- On top of SignifyTS and KERIA any custom credentialing or identity workflow can be built with ACDC and IPEX. Bear in mind that a purpose-specific presentation protocol can be built if IPEX does not meet the needs of a given use case.
- Regarding scalability, multisignature wallets provide the ability to provide robust signing infrastructure that avoids single points of failure. Furthermore, threshold recovery services natively supported by KERI enable and dramatically simplify account recovery at scale.
- ARF eIDAS - a comparison with KERI features
- ARF can use centralized issuers of ACDCs that issue revocable credentials to identifiers each person issues themselves in a decentralized fashion. Credential issuers serve the role of qualified trust service providers.
- Is Bridging possible and if so what a the integration cost
- Yes, bridging is possible. All that has to be done is that an identity in ARF/EUDI needs to be mapped to an ACDC role/identity credential, similar to role credentials in the vLEI, and then that credential needs to be issued to a KERI identifier. The integration cost may start somewhat near the cost of the existing centralized system yet could become many times less costly in terms of data breaches or fraudulent identity usage due to the extremely high security of decentralized provisioning of personal identifiers. There will be much less fraud as the system is much harder to attack.
- What enables KERI: what do you need to get going, what are the infrastructural costs, etc.
- Infrastructure costs scale linearly with the number of qualified trust service providers. To run a KERIA server with around 1000 users, each with at least one agent, and using at least three witnesses for high availability would likely cost between $300USD - $850USD per month. So, say there are 25,000 qualified trust service providers in the EU that would be around $7,500,000USD - $21,250,000USD per month to cover the costs of running the infrastructure for the entire EU (448 million people), though this is a ballpark figure and the actual cost would likely be lower because of the capability to reuse witness and watcher infrastructure.
- Open source contributions are always encouraged and wlecome. That is the lifeblood of an opensource project.
- Legislative efforts and regulatory doors being opened would be a big help. Making an identity system built on KERI be allowable in the EU would be a major enabler.
- A main question is: Eidas2, EUDI wallet and basically the ARF is becoming mandatory for EU in all levels of industry. If you force all companies on EUDI, how GLEIF want to enforce keri in addition to the companies?
- Legislative and regulatory actions are the only way to drive enforcement so effective lobbying and inclusion of KERI-compatible language in EUDI and eIDAS legislation for the vLEI is how GLEIF would promote usage of KERI under the EUDI umbrella of efforts.
- Does KERI really brings so much value in comparison to the law-enforced eidas regulation, that companies would think for vLEI?
- The value of KERI is true security and individual control of data at internet scale. The problem with centralized models of trust is the high value for attackers as well as the existing legacy of insecure security standards and protocols such as bearer tokens, a common web technology used in federated identity. KERI brings the idea of an identity provider down to the individual person. Centralized governance replaces centralized administration.
- In short, KERI provides true security in a user-friendly way that enables transformative, sweeping data-rights legislation by putting the keys in the user's hands. No other identity solution does this in a secure way. Key management is a difficult, required problem to solve in order to provide true data rights and secure attribution. KERI solved this problem at internet scale.
Report SICPA presentation today.
General applicability questions:
- ARF EUID and eIDAS is our world, our prospect of assignments and revenue model.
- They know the ARF is not ready and inconsistent. But they think it can be repaired en route. True?
- What’s the roadmap to replace the current infra, build up knowledge and convince management?
- How can the benefits of KERI work out for our current customer base?
- What are successful use cases of KERI. The ones that make management and customers decide to hop over to KERI?
Practical questions I need to refresh the answer to
- Is a KEL or TEL always readible or also encrypted?
- Does delegation give every delegatee full power?
- Do you verify a KEL with a public key?
- Could you change the applied cryptography in the last key event on top of a chain of events that uses different crypto?
Practical questions I need to refresh the answer to
The KERI WIzzard answered them correctly afaik : https://chatgpt.com/share/af278c30-8821-4587-b232-81fb9e3bd49b
DICE has been successfully done