Where to begin with building a decentralized Identity app?


Where to begin with building a decentralized identity app?

Typical Flow to build identity app using Hyperledger Indy ecosystem

There is no doubt that decentralizes identity is the future and new way of identifying who you are i.e self-sovereign identity. There is no point in traveling in an autonomous car and then show physical cards as proof to identify who you are. Technologies up-gradation has to be hand in hand and that’s the reason why decentralize space is getting lots of attention and there is rapid development going on.

Note: You can refer to my previous article to know more about decentralize identity and the Hyperledger Identity ecosystem basics.

So the question is where is the beginning of everything?

So let's begin by knowing where does the Hyperledger Ecosystem stands for decentralize identity.

Hyperledger Indy: Hyperledger Indy is the first project in the Hyperledger family to build a decentralized identity. Its architecture is based on self-sovereign identity which enables users to have complete control over their identity. You can read more about Indy here.

Hyperledger Ursa: Since Hyperedger Indy is using lots of cryptography libraries which can be reused in other Hyperledger platforms, so the aim of Hyperledger Ursa is to build a modular cryptography tool which can be plugged in any other blockchain technologies. Most of the Ursa code has been migrated from indy.

Hyperledger Aries: Indy is good to build an identity solution but what it lacks is a peer to peer communication which is the heart of identity solution. Aries has filled this part, which enables two users to share identity information over a secured communication channel.

So in a practical sense, Hyperledger Indy will provide you a public ledger where your public DID, schema is stored. It also provides you consensus service using Plenum protocol which is based on RBFT and all core services/infrastructure which is needed for idenntity.

Hyperledger Ursa will provide you set of the standard crypto library which is well tested over the years and interoperable with any other existing crypto services to make sure that communication channels, data exchanges, and data verification are secured and follow standard protocols.

Hyperlederger Aries is mainly for the developers who have to build Agent which are real-time applications used by citizens to share, verify identity over mobile or web applications. so we will focus only on Hyperledger Aries

Understanding Aries to know where to begin :

Aries Agent Frameworks

Agent-based applications are created by adding an application-specific code that controls the Aries agent.

There are several Aries general-purpose agent frameworks that are ready to go out of the box.

  • Aries Cloud Agent — Python (ACA-Py) is suitable for all non-mobile agent applications and has production deployments. ACA-Py and a controller run together, communicating across an HTTP interface. Your controller can be written in any language and ACA-Py embeds the Indy-SDK.
  • Aries Framework — .NET can be used for building mobile (via Xamarin) and server-side agents and has production deployments. The controller for an aries-framework-dotnet app can be written in any language supporting embedding the framework as a library in the controller. The framework embeds the Indy-SDK.
  • Aries Static Agent — Python is a configurable agent that does not use persistent storage.

There are several other frameworks that are currently under active development, including:

  • Aries Framework — Go is a pure golang framework that provides a similar architecture to ACA-Py, exposing an HTTP interface for it’s companion controller. The framework does not currently embed the Indy SDK and work on supporting a golnag-based verifiable credentials implementation is in progress.
  • aries-sdk-ruby
  • aries-framework-javascript

So for building a pure mobile-based agent, the Xamarian framework can be used, else if you are interested in building a web app-based agent for your organization nothing is better than ACA-PY. If you need both mobile and webapp, choose Aries Framework — .NET

So in our case, we are going to build a pure mobile app for every citizen who can use a service to get identity and share or verify identities.

So if you wonder how does complete flow look like:

How mobile, cloud agent, and ledger communicate with each other
Agent app instance for different user using .Net Agent Framework

So basically mobile agent belongs to the user, mediator as the name suggested is a broker who can establish your connection with either another broker or to any cloud agent. The mediator will be hosted as a cloud service so that it can be discovered and establish a connection on your behalf.

cloud agents represent typically public institutions like govt services, universities, banks, hospitals, etc which basically issue or verify your identity. The DID’s of the public institution will be stored on the indy network. DID of the user will be privately stored in a mobile wallet.

So each agent will run services and connect each other by service endpoints.

Use case: Issuance of your passport

Company A has built a mobile agent which offer credential storage and connected with a mediator which is hosted on the cloud with a unique address which is your connection endpoint like https://example.com/alice/233224io4

The Passport office is running a cloud agent using .Net or ACA-PY framework and offering passport service to its citizens. The passport cloud agent will be also hosted on certain service endpoints like https://example.com/passport_office/3dskjs323j

Now Alice’s mediator or Passport office cloud agent establishes a connection via QR code or deep-link and then follows standard protocols to issue or verify identities. Once the verifiable credential is issued, it will be stored in Alice's mobile agent wallet, not in the mediator. The mediator is just a broker who identifies Alice globally and helps Alice mobile agent to connect with any other services. It simply stores connection records.

But one thing to note that, there are no free lunches which means that every public DID or entry into the indy ledger incur some cost which is typically ok because most public ledger has cost involved in one way or other.

So if you are smart and argue that, your identity systems can be run on a private indy network to avoid any cost, it is a good idea but the bad news is, Aries uses sovrin or indy DID which is tightly coupled, so for having DID on private indy ledger can’t be resolved globally. so as long as your users are within your ecosystem will work fine, but if your identity has to be globally resolvable, you have to host or connect with sovrin global ledger only.

So let's start building a mobile app:

I have found a great video by Tomislav Markovski ( CTO Trinsic ID) which precisely helps you to do the basic set up so I will strongly recommend to refer this video for getting started.

Some of the tips which avoid you having unknown error:

1: if you are a mac user and run into trouble with mediator throwing dll not found, refer this issue https://github.com/hyperledger/aries-mobileagent-xamarin/issues/10

2: If you are running a mobile app, connect with a physical phone to avoid any storage or read/write issue or connection issue.

use the physical device in my case Samsung SM android device in Visual Studio

3: if your mobile agent is not connected with the mediator, first set up the ngrok IP and then replace localhost:5000 in a mediator as well as mobile app file and then restart mediator and mobile app build

ngrok IP address in Startup.cs file in a mediator, same do for App.xaml.cs in Osma.Mobile.App

4: make sure that you clean the mediator files’ wallet after making any config change in the mediator and re-run the mediator after.

you can find the .indy_client file in the home directory

If everything goes fine, here are visuals:

Mediator running in a terminal:

Mediator Agent

make sure that the very first line while running mediator agent is there which basically signifies your mediator is up and ready for connection. In case if it is not there, follow point 4.

info: Hyperledger.Aries.Features.DidExchange.DefaultConnectionService[4000]
ConnectionId 808cc771-b1fa-470d-a691-edd08d6837b2

Your mediator connection string:

it will be available by visiting your ngrok IP address:

connection string



So this is a connection string with DID of method type sov (Sovrin). It will be used by other mediator agents or cloud agents for establishing connections and share/verify credentials.

Left: Basic Info about wallet, Right: connecting to the mediator agent
Left: Default Credentials, Right: DID stored in wallet

So what next?

This is the basic mobile agent set up, now create a cloud agent either using the .net framework or ACA-PY, and then establish a connection between them. Once done, see API's to issue credentials, verify credential in the chosen cloud agent.


Reference :

Also, Read

Get Best Software Deals Directly In Your Inbox

Where to begin with building a decentralized Identity app? was originally published in Coinmonks on Medium, where people are continuing the conversation by highlighting and responding to this story.