Last revised 9 March 2018
A position paper from Blockchain Bundesverband e.V. on decentralized identity written from the perspective of the German blockchain identity scene. It outlines the common vision on topics such as standardization, GDPR, and security requirements as regard enabling a universal identity infrastructure. Contributors include Kai Wagner (Jolocom).Published 23 October 2018
A position paper from Blockchain Bundesverband e.V. on major improvements to the EU’s General Data Protection Regulation going into effect in May 2018 and ways to deal with data protection on the blockchain effectively. Contributors include Kai Wagner (Jolocom).Published 25 May 2018
A position paper from Blockchain Bundesverband e.V. on blockchain and similar decentralized technologies based on cryptography for use as basic infrastructural innovations that further support a digital economy built on democratic structures. Co-authors include Joachim Lohkamp (Jolocom).Published 16 October 2017
The most popular approaches today rely on central authorities to issue and store data about a person on servers that must be maintained and kept well secure. Doing so comes at a cost, especially expensive if a company is targeted in a hack. And since centralized solutions place possession of personal data with the issuers, subjects of identity have no control over how the data comprising their digital identity is used – issuers are entirely responsible for what happens to the data they generate.
Whoever owns your data can decide how to use it, but letting third parties and intermediaries maintain possession of the identity credentials they issue has the effect of stifling market innovation by severely limiting the scope of possible business models that could be built around those digital assets. That’s why we are designing a practical system for self-sovereign identity, a model of identity management where individuals and smart agents – the subjects of identity – are themselves able to produce, own and manage claims about their identity.
Identity holders will no longer need to rely on third-party issuers to manage their credentials, and central authorities will no longer bear the cost and compounded risk of managing large amounts of sensitive data in registries. Modeling digital identity in this way opens up the possibility for novel interactions with and transactions on unique personal data, giving users the capability to make use of their data however they choose. For the first time in the history of the internet, we will be able to own and control the data that defines our digital selves.
Let’s look at how two types of common verifications work on a technical level:
- a verification of a claim on another identity from the role of a social verifier, and
- a verification of a claim on another identity from the role of a normal, or “professional” verifier.
A verified claim will always contain the DIDs of the subject of the verifiable claim as well as the issuer, or verifier, of the claim. By resolving the DID which the verifier used to sign the issued claim, we can find the corresponding DDO, and all information associated to this DDO (a public service profile). A verifier may choose to attach whatever data it wishes to this DDO, but it would presumably contain at least some credentials about the verifier to suffice as proof that it is in a position of trust to able to perform the verification.
The scenario of social verification would play out similarly. As an identity holder can generate as many child key pairs as desired, and therefore DID/DDO pairs as he/she wants, it would be possible to generate a one-off DID used to perform a social verification, thereby not revealing any PII when this DID is resolved to its corresponding DDO. However, this could affect how much trust is placeable in the resulting verified claim. Some information which proves why a claim from this DID is trustable may have to be revealed in order for the issued claim to hold weight.
You should trust a claim only if you have good reason to.
We often use signatures to indicate to others that we agree with something.
At Jolocom we always have our users sign and attach their digital signature to the claims they create and those they verify.
Every verifiable credential in Jolocom’s ecosystem therefore carries a signature that serves as a basis for establishing trust in a claim.
The signatures on verifiable credentials signal that the claim is true – signatures make a claim is trustworthy.
Verifiers typically issue signed claims. What does that look like? A verifier attaches its identifier and signature (and a pinch of metadata) to any claim it verifies so that other parties are able to recognize (and verify) that the claim has been verified by the verifier.
No. Jolocom is *not* a verifier and we do *not* perform verification services.
While not in the business of verifying claims ourselves, Jolocom aims to supplant the infrastructure on top of which the verification service market operates. What we deliver in the context of claim verification is a protocol that verifiers can use to efficiently render their services, like attestation of digital claims from customers.
Our protocol allows for the creation and verification of the specific type of assets exchanged in this market. Jolocom and other self-sovereign identity companies are aiming to provide a solution to manage the transactions of these assets within their respective identity solutions. Our protocol handles the type of transactions on digital identity and verified credentials responsible for flows of value across the rapidly growing $10 billion USD (as of 2017) digital identity market, specifically targeting verification of identity attributes.
A claim is a piece of information that you or others say about you, i.e. claim to be true. Ideally, we’d be able to trust information without necessarily trusting the party responsible for a claim.
For example, let’s say the company where you work is issuing every employee a new email address. When you communicate your new contact information to a familiar colleague, that person will ostensibly have no reason to question if what you’re saying is true. You have an established professional relationship based on mutual trust, cemented over the years you’ve worked together. Your relationship history is enough for your colleague to trust your claim about your new email address.
Your basic communication tactic, though, may not work as effectively were you (to try) to tell someone, for example, far less acquainted with you that you have a new email address? On what basis would that relative stranger have any reason to trust your claim? Sure, you could perhaps show your employee badge or an employment contract, but what if you don’t have something to suffice as proof that what you claim is true. Clearly, in situations which lack an implicit foundation for establishing trust in the validity and accuracy of the information we communicate, we need to back up our claims some other way.
This is where verification comes in handy.
Verified credentials provide a way to express statements about a person or smart agent which are cryptographically verifiable and may be used in further interactions with services or other parties. Along with hierarchically deterministic key pair implementation, verifiable credentials provide the tools required to create complex data while simultaneously preserving simplicity at the core of the protocol.
Importantly, the verifying partying behind a given verified credential is disclosed in Jolocom’s framework for digital identity management. This means that anyone with whom you share a credential made with our protocol is also provided a basis of trust for accepting your claim.
Verifiable credentials feature as a core element in our system of information communication that recognizes the crucial role that trust plays in our interactions. By introducing a standardized procedure for reliable credential verification as well as a means for tethering verification information to claims, our protocol helps consumers of digital identity information avoid having to trust a claim based on knowledge of the claim’s owner.
If you can trust the verifying party and the technology, you already have sufficient proof that a verified credential is trustworthy, and by extension, the information it contains. Now, that’s a real digital asset!
The originating vision of the Internet was that of a cooperative space, a non-proprietary community linked together in a network of distributed nodes to create a universal system of communication. It is now an unfortunate reality that a handful of proprietary companies dominate the digital landscape. Altogether, the services that they offer collectively comprise a vast percentage of total user activity on the web.
To truly re-decentralize this feudal landscape, we must first start with the decentralisation of the core infrastructure of our digital life: identity. With this background in mind, Jolocom is developing a solution which provides users with a decentralized identity based on hierarchically deterministic keys (HD keys) generated, provisioned, and controlled by the users themselves.
Our mission is to provide global public infrastructure for identity in the form of a protocol that makes self-sovereign identity possible, practical, and powerful.
Internet cryptography pioneer Christopher Allen provides an excellent description of self-sovereign identity in an April 2016 blog post:
“[User autonomy] is the heart of self-sovereign identity, a term that’s coming into increased use in the ‘10s. Rather than just advocating that users be at the center of the identity process, self-sovereign identity requires that users be the rulers of their own identity.”
The concept describes a system of identity wherein an individual user controls the flow of information between real world and digital identities involving a user’s unique identity data.
In the same post, Allen lays out ten principles to guide the path to self-sovereign identity: existence, control, access, transparency, persistence, portability, interoperability, consent, minimalization, and protection.
We highly recommend reading Allen’s blog post on the history of identity technology in full (here) as a crash course on the evolution of digital identity models and management practices since the birth of the internet.
We envision an ecosystem for self-sovereign identity that builds on many different decentralized technologies, and we see such an environment taking shape already. Blockchains are specialized tools to manage incentives and facilitate peer-to-peer trust relationships. However, when it comes to other features of the ecosystem, different technical approaches and technologies are more suitable — making use of decentralized storage (like IPFS or SWARM) for larger data sets that the user might not want to store on her device but still have full control over, such as recorded meta-data, for example. In order to be sustainable an ecosystem should welcome and even encourage a multiplicity of decentralized technologies.
To that end, we see modular software architecture as a prerequisite for a sustainable, decentralized Web 3.0. Whether a blockchain, storage, or file system, every module in digital identity management should be interchangeable and interoperable — even combinable. That is why we designed Jolocom identities to be backend agnostic, so they can be used with any single or any number of other modules. You can think about it as trying to decentralize decentralization.
Our model for digital identity effectively avoids a number of problems inherent to solutions employing centralized management, such as siloing sensitive user data on private servers (conducive to massive data breaches), redundancy of identity data and verification processes, and captive personal data.
We optimize for flexibility, portability, and freedom of identity: unlike some identity management solutions on the market, we don’t lock customers into relying on a standalone service that issues them their digital identity. An identity created with Jolocom’s protocol can persist across different networks and service environments – that’s the key to a smart identity system
What users and services need is a globally accessible public infrastructure for identity management that is flexible enough to support radically different use cases without sacrificing simplicity of use. We optimize our protocol according to these factors. A model of identity that works for everyone and everything, it is the open-ended design of our protocol that sets Jolocom apart from similar solutions.
Using our model, digital attributes truly belong to a individual or smart agent: – upon generation, private claims are stored on an identity holder’s device by default. Having physical possession of claims empowers users to make their identity information publicly available at their discretion by choosing to store their identity data on a blockchain or IPFS.
The protocol is backend-agnostic (meaning it will work with any blockchain) and supports an array of transactions on identity data, accommodating an unlimited number of business models. It will effectively support global, public data exchange and open-ended interaction between producers and consumers of digital identity information.
These features make our protocol highly scalable across different market verticals. What’s more, personas made using our protocol are interoperable, meaning different applications and services can use the same set of data.
Our open source protocol for self-sovereign digital identity thus gives rise to a decentralized platform for the transaction of verification products that is poised to outcompete existing markets for identity verification. Companies that demand verified identity information will be able to use Jolocom’s protocol to get it. On the supply side of this decentralized market, verifiers will be able to easily offer their products and services while growing their market size.
There are billions of transactions related to digital identity every day and we intend to deliver the protocol that enables and is used to execute them.
We develop an open source protocol for people and smart agents to anonymously create and interact with digital, self-sovereign identities.
It’s a universal protocol for identity that first and foremost allows any individual or smart agent with an identity (e.g. a person, university, or modern car) to create identity information in the form of data. Generated along open standards in a standardized format, that data is primed to undergo verification – be checked for truthfulness. Doing so enables you to build a reputation for your digital identity.
What we’ve built is a framework for decentralizing digital identity that puts unique identities in full control of their digital counterparts and reputations. The infrastructure is modular, flexible, blockchain agnostic, and scalable; Jolocom identities are interoperable, meaning they can be used across a number of platforms, devices, and service environments.
Whether you’re a for-profit company in the identity verification business that generates revenue by authenticating credentials, or a state government in need of a secure and efficient, low-cost identity management solution for internal affairs as well as public service administration, or an individual who recognizes the value – economic and otherwise – of taking control of identity and data ownership, we designed our protocol to meet a plethora of identity management use cases.In fact, we’ve already built an application that implements our protocol – the Jolocom SmartWallet, a user-facing digital identity and credentials management tool. It’s is a free mobile app for smartphone owners to easily secure and share their personal identity data. Simple and convenient, the app requires no technical knowledge to use and provides a straightforward user interface.
Decentralized, trustable storage solutions like those enabled by (public permissionless) blockchains are ideal for structuring registries that encode a conceptual shift toward self-sovereign identity. Separating the act of registering an identity from the (subsequent) act of building up trust on that identity is an novel technique made possible thanks to blockchain.
This methodological maneuver is a milestone in digital identity management and brings us closer toward a pragmatic self-sovereign identity solution.
Still, we think blockchains ought to be used only where appropriate, and not every part of the self-sovereign identity ecosystem we envision necessarily requires incorporating a blockchain. With regard to the claims used to manage your attributes and make them verifiable, we do not see blockchain as the right type of storage solution. Our architecture reflects this belief: we use blockchain solely for registering and making the identity reference available (i.e. selectively accessible); for the storage of identity attributes such as your name, age, or address, we currently use IPFS or the secure, encrypted storage on the identity holder’s personal device.
Doing things in this way gets us much closer to full data ownership and control by individuals and smart agents, and we achieve compliance with the European Union’s General Data Protection Regulation (GDPR).
Jolocom is developing a decentralized system for autonomously creating and sharing digital identity information.
We make use of sophisticated key management and reliable claim verification procedures in designing our open source protocol for handling identity data transactions. Using our protocol, individuals and smart agents can easily and autonomously generate their own identity data and even decide how it’s used.
This is a radical approach to identity and access management – an open source protocol designed to scale to global public infrastructure.
Jolocom enables a fully self-sovereign digital identity that bridges the gap between centralized services and the emerging decentralized applications enabled by blockchain technology, ready to replace existing centralized digital identity and access rights management solutions.
A Jolocom identity is claim-based, meaning you can model complex structures associated with an identity in the form of claims (e.g. stating that you are over 21 years old and have residence in Germany) that can further be verified to build up trust. At the forefront of decentralized developments and designed to adopt innovative technologies as they emerge , Jolocom identities are backend agnostic, allowing for the integration of various blockchain technologies.
Our express aim is to create a simple, useable, and lovable tool to own and control your digital footprint.
Having to rely on third parties to create my identity data means I can only use my identity how those third parties allow. I have no say over my identity because I have no control over my data. Why don’t I have the control? Because I don’t possess the data that defines me – my digital identity is not my own.
We don’t think things should work this way. Your data is truly valuable, and we help make sure you are the steward of that resource.
Check out a Medium article on Jolocom’s journey from concept to company, as recounted by Joachim, our founder and CEO.
As an open source project, we make all our code publicly available. We welcome everyone interested in our work to visit our GitHub to explore our repositories and documentation for themselves.
The SmartWallet is our DApp facing the user. Think of the SmartWallet like your normal physical wallet where you carry your IDs and money, but with smart functionalities on top. The SmartWallet is a DApp that lets you manage your identity related data like email address, phone number, or ID card. Get an overview over your personal details and verified information easily with our DApp.
Like with the physical wallet in the real world, you can use the SmartWallet in the digital world to identify yourself or pay for things (currently only ether are supported). So next time when you would like to register with a car sharing company, you can use the SmartWallet DApp and login with one click instead of creating usernames and passwords.
Privacy lies at our heart, so we make sure that your data stays private and you are always aware and in control which data you share with whom. So in the case of the car sharing company, you would be prompted with a screen which shows exactly the information requested by the company, leaving you the choice to accept or decline their request.
All your data is stored and managed on your device. You are in full control over who gets access to information. Jolocom has no access to the data on your device nor does anybody else without your permission. In case you grant access to information to another party, like your driver’s’ license in our car sharing company example, you can always see what you shared with them and request them to delete your information. In fact, you can always quickly and easily check which service has access to which data. This provides you with an instant overview over your connections.
As our DApp supports ether, the SmartWallet enables you to plug into the Ethereum infrastructure seamlessly. So when other applications provide smart contracts functionality to support their service offering, you can access them conveniently with our DApp.
This DApp is geared towards all people who want to take back control of their data footprint and effortless navigate the digital world.
Your wallet is waiting. Take control of your digital identity today.
An alpha release of the Jolocom SmartWallet (v1.3) is currently available for download in the Google Play Store, and soon you’ll be able to download an open source build on F-Droid.
An iOS version of the SmartWallet will be arriving in the App Store later this year.
It’s free. There is no cost to download the Jolocom SmartWallet.
We are not in the business of monetizing your personal identity information. Doing otherwise would clash with our core ethos of respect for your private data.
In fact, we collect no data or information when our users manage their digital identity credentials inside our SmartWallet.
In an effort to remain entirely transparent, we should however note that should you use our app to create an identity contract to share your data over Ethereum we will store your identifier and public key. These pieces of data do not disclose any private information.
We don’t want your data. We just want to help you take care of it.
We do not ever store your seed phrase.
That would be a serious security concern.
While creating your account, you are encouraged to save, write down, or in some way back up your seed phrase (preferably in a non-digital format) so that you can re-create your account in the event you lose the device carrying your credentials. However, any private claims stored on a lost device cannot be recovered (i.e. if lose your phone, you lose your locally-stored private claims). We are still working on good ways of back up mechanism for those.
We are fortunate to have an active roster of partners, advisors, and community supporters.
Our About page provides an overview of the different companies and organizations we have worked with as well as the scope of each cooperation.
If you would like to explore partnership opportunities and other ways to support our work in self-sovereign identity systems, you are welcome to contact us with a summary of your proposal.
You bet. Our Events page provides a comprehensive history of community engagement and activity in the decentralized identity space since 2014.
Please contact us here.
We look forward to your message.
Where your data is stored is up to you.
By default your data is stored securely on your device (e.g. a smartphone).
If you wish, you can also store your claim data on IPFS to make certain identity information publicly accessible.
Storing information in a secure place is key to enabling authentic data ownership. This is why we make sure that you are the only person that has access, giving you full control over how the information is shared.
We don’t store anything on the blockchain by default. No personal information like your name or email address will ever be stored on the blockchain on account of us.
With Ethereum integrated in our solution, it is possible to create an identity contract with the SmartWallet app to share your data. For this, we store only your identifier and public key. Nothing else.
We’re glad you asked. It’s an important question. Your data defines you in the digital world, so it’s vital to know what happens to it.
To make sure that you can trust both our code and our company, we decided to become a purpose company in 2017. This allowed us to build good governance into the foundations of our company and ensure that we always serve our purpose – to build simple tool for securely managing identity that everyone can use.
We make use of sophisticated key management and implement the latest encryption technologies to securely restrict access to your private date while enabling you to share your digital identity at your discretion via our protocol.
If you use the Jolocom SmartWallet app to manage your digital credentials, you can rest assured that your information is generated and by default stored locally on your device. Using the app to create verifiable credentials doesn’t involve sending data to Jolocom or anywhere else.
Both our protocol and SmartWallet achieve full compliance with existing industry standards and best practices concerning decentralised digital identities, specifically our implementation of the W3C’s DID/DDO specifications and the BIP 32/39/44 standards for the hierarchical derivation of Jolocom identity key pairs. That means we treat your data and digital identity with the utmost integrity.
The advantages for a service or DApp is that you can control which minimum information you require from users of your application and if this information has to be verified. This removes a lot of headaches, like checking if you are e.g. a human and not a bot, implementing an own verification department to check drivers’ licenses, or storing sensitive data of the user. Note that this functionality is made available to you through our SmartLogin solution.
Moreover, using our Ethereum integration (Jolocom SDK) you can implement smart contract logic and make it available for your users though our SmartWallet. It builds a bridge to the blockchain world for your users.
Developers can implement the functionality of Single-Sign-On (Jolocom SmartLogin) on their web application so that users with a SmartWallet can easily onboard and login. This eliminates the need for you and your customers or users to juggle unique usernames and password combinations. Instead, user simply present their own verified credentials.
Moreover, developers can use the Jolocom SDK to leverage the functionality of their smart contracts for use with the SmartWallet, making it easy for users to use smart contracts. It also removes the need for the App/DApp developer to implement Ether transaction functionality for onboarding new users.
Self-sovereign identity can only be realized if we establish an open system based on shared standards (a nod to the success of the framework that undergirds HTTP and SMTP as they constantly and reliably sustain our digital activities behind the scenes). Both the Decentralized Identity Foundation and the W3C do great work in the open protocol space, and Jolocom helps steward the development of such standards directly in our approach to digital identity and the solutions we provide.
Self-sovereign identity is realized in a multilayer system with an open standard layer that enables everyone to register and use their identity (and associated credentials) entirely free of charge. On top of this layer, we will see service layers emerge that can take the shape of protocols or DApps used to facilitate the identity ecosystem.
We need to appreciate that the success of the web browsers and email clients we use every day is based on the open source protocols they run on.
A sustainable self-sovereign identity requires true collaboration toward open source solutions and open standards in an effort to establish the basis of an ecosystem that supports additional layers of interaction which can generate direct and indirect value. The emergence of such standards and their distribution and real world use is key to widespread adoption of self-sovereign identity.
Built on open standards, the architecture of our lightweight level-two protocol revolves around three main concepts:
- cryptographic keys, which enable context specific interactions and provide identities with signing and transaction capabilities;
- decentralized identifiers (DIDs), which enable globally unique identifiers which are self-issued and can be automatically resolved to DID Documents containing more information about the identifier in question;
- verifiable credentials, which provide a way to express statements about a user which are cryptographically verifiable.
Cryptographic keys and DIDs enable the existence of a self-sovereign identity. Keys and verifiable credentials provide the tools required to create complex data while simultaneously preserving simplicity at the core. This approach allows us to keep the protocol generic while facilitating an unlimited number of specific use cases with varying levels of complexity for any number of business models. A global decentralized identity solution will only enjoy adoption if it is able to successfully integrate existing businesses and enterprises involved in the market, and we address these challenges at the design level in our architecture.
Our protocol manifests the following activities related to digital identity management:
- creating a self-sovereign identity, for humans, organizations, IoT devices, and other smart agents;
- attaching meaningful information to identities in the form of verifiable credentials;
- easily requesting and consuming verified information about identities in an automated fashion
Leveraging these functionalities allows us to commoditize the process of issuing and consuming a trustable statement. Doing so makes the overall interaction between producers and consumers of verified credentials significantly more reliable, leaving only the decision of whether or not to trust the issuer of a verified credential.
It’s still quite inconvenient for a user to set up a personal server and add decent security. That’s why we went with a mobile app – it’s much easy to start using, but also secure. Using IPFS allows you to make your public claim information highly accessible – a task formerly carried out by personal servers.
The ERC 725 proposal attempts to model a user’s digital identity using mostly Ethereum smart contracts. If implemented correctly, this approach allows for seamless integration with other smart contracts deployed on the network so that users can then present their verified claims (further defined in ERC 725) for identification and authorization purposes.
Currently deploying a new ERC 725 identity carries an upfront cost, which may present a barrier to adoption to users unwilling to pay for something before trying it out. All further interactions (e.g. adding a claim) have associated costs as well, and that is the reality of building an identity solution on top of decentralized systems.
It would be short-sighted to rule out the ERC 725 proposals on the basis of associated costs. While we are confident that Ethereum will continue to mature and that the execution costs will become less of a concern as the protocol evolves, we ultimately decided not to implement this proposal due to privacy concerns. It remains unclear exactly how creating anonymous personas and discardable anonymous identities figures into the proposal. This might not scale well if a user needs to deploy a smart contract for each “child identity”.
Furthermore, ERC 725 identities are bound to the Ethereum network or any other blockchain that offers a similar feature set (namely support for custom smart contracts). This might be problematic in the event the Ethereum network is compromised or becomes unsuitable for identities. As a general design principle, we try to avoid relying on too many assumptions regarding the underlying blockchain to maintain a high degree of interoperability and possibility for migration.
In light of these reasons, we have decided to instead focus on implementing a more lightweight identity stack based on the DID / DDO specification from the W3C.
Ultimately, there will always be a certain trade-off between reputation and privacy. An identity builds up a reputation based on a history of good behavior, so there can be no reputation building without knowledge of that history. That being said, the Jolocom model of identity decouples different personas of an identity (the different child DIDs of a master key pair), allowing for selective disclosure and avoiding unwanted correlation between personas.
For example, let’s say you have a great reputation as an online poker player that you would like to associate with a DID. You also have a strong online presence as a financial consultant that you’d like to associate with a different DID. Plus you’re a star seller of vintage bow-ties on eBay, so you want yet another DID just for that. You’d prefer to keep these personas unassociated with each other such that no correlation is possible.
With the Jolocom identity protocol and client wallet application, you’re able to build and manage all of these personas, plus however many additional personas you require, easily and conveniently from one dashboard. All three DIDs would retain their own, separate reputations – no correlation possible.
Jolocom identities are generated as a cryptographic key pairs. From that key pair, hierarchically deterministic key pairs can be derived to act as ‘sub-identities’ or ‘personas’ in such a way as to prevent association between the parent and child keys. In other words, it’s not possible to trace a sub-identity back to the original.
In light of this framework you would be able to define your identity for every context, able to share a sub-identity comprised of the attributes of your choosing. It’s on the roadmap for our SmartWallet.
With blockchain enabled identity, there are many things that can go wrong, particularly when it comes to what data gets written to the blockchain and what type of data and metadata is produced in general. With metadata there is always the risk of correlation between keys, key holders, and blockchain transactions, which might indirectly help identify me (as well as my activities) and thus violate my privacy. To address this issue, we enable interaction-specific decentralized identifiers (DIDs) that work against all kinds of DID correlation.
This problem also crops up when it comes to other certain types of attributes (such as phone numbers), so we closely follow developments in cryptography to continuously improve the measures we take to protect users’ privacy, like making use of zero-knowledge proofs to preserve anonymity.
‘DID’ is shorthand for ‘decentralized identifier’, and ‘DDO’ for ‘DID document’.
DIDs enable globally unique identifiers which are self-issued and can be automatically resolved to DID documents containing more information about the identifier in question. Although the hierarchically deterministic key pair implementation grants to Jolocom identity users the ability to model federated identities through parent and child key pairs, infrastructure based solely on public keys has historically been plagued with usability issues. Our solution concurrently implements the concept of decentralized identifiers and their corresponding DID document objects (DDOs) as described in the motivation behind the W3C DID Specification.
In the Jolocom implementation, a DID is generated from a user’s public key. This DID resolves to a DDO stored on IPFS. The mapping of the DID to the returned IPFS hash will be stored as an entry in a registry smart contract on the Ethereum blockchain. As the storage layer for these mappings also acts as the trust layer, we have chosen the Ethereum blockchain for its data protection properties– data immutability, time stamping, and the possibility of public auditing.
The DDO is essentially a JSON object which describes the DID. This DDO will contain properties such as the DID which it describes, a collection of content-addressed hashes or other endpoints from which further identity related data such as verifiable claims may be fetched, as well as potentially equivalent DIDs (DIDs controlled by the same entity), authorization capabilities for entities to whom a user may delegate update control, or authentication credentials which may be used to authenticate as an equivalent DID.
We use IPFS to store public information about an identity. Public keys, profiles, and credentials can all be stored on IPFS as the user’s sole discretion.
We are a team of eight who recognize the power of data and its influence on our society and everyday lives.
We further recognize an urgent need to change our society’s relationship to its data and return identities to their natural owners.
We are on a steadfast mission to empower any person or smart agent with the ability to create and control the data that defines them, a prerequisite for the self-sovereign future of identity that we envision and strive toward.
Check out our About page to learn more.
The idea behind Jolocom started to take shape in 2002 as a project to help people in companies better share information to foster a stronger company culture and business vision.
In 2014, the company was officially founded and began operations in Berlin.
In 2017 we adopted a new legal structure for Jolocom GmbH according to the purpose model of ownership.
Co-founder of Purpose Stiftung
Achim is committed to a new understanding of ownership and helps companies to find suitable financing and ownership solutions in order to remain independent and meaningful in the long term. Since 2016 Achim has supported Jolocom in becoming such a company by guiding the team in building a sustainable decentralized organization from the ground up.
Dr. Shermin Voshmgir
Founder of Blockchain Hub
Director of Research Institute for Crypto Economics,
Vienna University of Economics & Business
Shermin is the the founder of BlockchainHub – an international network that promotes the idea of blockchain, crypto economics, and the decentralized web since 2015. She recently became the director of the Research Institute for Crypto Economics in Vienna and has acted as an advisor to Jolocom since early 2017.
As a purpose-company, we’re equipped with the legal framework that enables us to run a for-profit, for-purpose company you can trust.
Purpose-companies serve their employees and customers, and profits are primarily reinvested to serve the purpose of the company.
The people inside the organization are directly responsible for the company and its health, organization, and growth.
Our advisor, Achim Hensen, is a co-founder of Purpose Stiftung and supported our company’s transition to a smarter model of ownership that effectively prevents conflicts of interest among shareholders from interfering with our work, ensuring we remain true to our purpose.
Jolocom is headquartered in Berlin, Germany.
Our offices are located in the heart of Kreuzberg.