Interoperation for data sharing between permissioned blockchain networks
relies on networks’ abilities to independently authenticate requests and
validate proofs accompanying the data; these typically contain digital
signatures. This requires counterparty networks to know the identities and
certification chains of each other’s members, establishing a common trust basis
rooted in identity. But permissioned networks are ad hoc consortia of existing
organizations, whose network affiliations may not be well-known or
well-established even though their individual identities are. In this paper, we
describe an architecture and set of protocols for distributed identity
management across permissioned blockchain networks to establish a trust basis
for data sharing. Networks wishing to interoperate can associate with one or
more distributed identity registries that maintain credentials on shared
ledgers managed by groups of reputed identity providers. A network’s
participants possess self-sovereign decentralized identities (DIDs) on these
registries and can obtain privacy-preserving verifiable membership credentials.
During interoperation, networks can securely and dynamically discover each
others’ latest membership lists and members’ credentials. We implement a
solution based on Hyperledger Indy and Aries, and demonstrate its viability and
usefulness by linking a trade finance network with a trade logistics network,
both built on Hyperledger Fabric. We also analyze the extensibility, security,
and trustworthiness of our system.

By admin