Re: [Hyperledger Project TSC] [technical-discuss] Blockchain Identity via PKI

Vipin Bharathan

Hi all,

All interesting points. This discussion had died down in Jan and was revived just days ago.
The Identity working group is not meant to be prescriptive according to its charter. It is an open forum for discussion of ideas around Identity.
We have had and continue to have many presentations and talks on the dimensions of identity, including PKI; sometimes it feels like there is an emphasis on DPKI and self-sovereignty, this is mainly due to the fact that the community that shows up for the talks focuses on that and it seems technically possible with public distributed uncensorable DLTs to implement self-sovereignty. There is also renewed interest due to rules like GDPR in Europe which seems to put DPKI center-stage.

In PKI the quality of the CA was always a problem, especially since they do not bear any liability and certify anyone who pays them fees. The Webtrust (a Canadian chartered accounting consortium) efforts for CA's audit criteria could certainly help in this regard as Leo suggests.
Some DLTs under the Hyperledger umbrella (namely Fabric and Sawtooth) do use PKI either overtly or otherwise. So the Identity working Group is committed to supporting this view. 
The charter calls for the creation of a paper that describes of the ways in which the Enterprise and Legacy Infrastructure can be integrated into Identity on the blockchain. Techniques for interoperability between the Enterprise and the world around it may be made more efficient by relying on the DKPI that is being specified and built right now. We will address that as well. These Interoperability standards will also help with knitting together Blockchain Identities across DLTs.

Jonathan led a very lively discussion around Legacy systems and Blockchains for Identity on our last call. Please look at:

We are trying to distill the best practices in this space and write a paper; which needs expert contributions from people like you: Leo, Thomas and Brian to make it useful and comprehensive, it is an open forum as you are aware.
Please join the next call (which is today) and restart the conversation.
Call today at noon EDT
Join the call: 
Optional dial in number: 401-283-2000,,,4807579435# 
No PIN needed 
Regional dial in numbers can be found here:

Identity WG wiki

On Tue, Aug 29, 2017 at 2:50 PM, Thomas Hardjono via hyperledger-tsc <hyperledger-tsc@...> wrote:

For a private blockchain system (e.g. Enterprise), I think its straightforward to re-use the same PKI infrastructure. I already suggested that to the Identity group.

Re-using WebTrust for CA's audit criteria could save a lot of time for deployers :-)


From: [] on behalf of Leo Grove via hyperledger-tsc []
Sent: Tuesday, August 29, 2017 2:10 PM
Subject: Re: [Hyperledger Project TSC] [technical-discuss] Blockchain Identity via PKI

This discussion was getting interesting. Has there been any further
developments on this topic? Have you guys considered possibly leveraging
the policies codified in the WebTrust for CA's audit criteria? This is
what is currently widely adopted by public CA's and browsers, and I
think rather than reinventing the wheel, many of the requirements
developed under this audit program could also apply to Hyperledger.
Aside from the technical differences, there could be quite a bit of
overlap in regards to security policies and identity verification.


Leo Grove

hyperledger-tsc mailing list
hyperledger-tsc mailing list

Join to automatically receive all group messages.