Published on

Hyperledger Indy Onboarding Process via a Steward

Authors

Having read the white paper for Sovrin (which became Hyperledger Indy) I wanted to start getting a more technical understanding of how it worked so I started with the getting started guide for Hyperledger Indy. Faber in this case is a fictional university where they want to be able to verify their students' transcripts via Indy. With Indy this enrollment process has to be done via a steward. A steward is a trusted entity that can enroll other entities after doing due diligence on that new entity.

One thing that can help me get a better feel for a process is looking at a sequence diagram for the given technology, unfortunately this guide had none. I put one together for the onboarding process which can be found below:

sequenceDiagram
    Faber->>Steward: Makes contact (via some app)
    Steward->>Steward: Creates a new DID record in wallet
    Note right of Steward: did.create_and_store_my_did
    Steward->>Ledger: Save the associated Faber NYM transaction
    Note right of Steward: ledger.build_nym_request
    Note right of Steward: ledger.sign_and_submit_request
    Steward->>Steward: Create connection request(did, nonce)
    Steward->>Faber: Send connection request
    Faber->>Steward: Accept connection request
opt If wallet does not exist
    Faber->>Faber: Create a wallet
    Note right of Faber: wallet.create_wallet
    Note right of Faber: wallet.open_wallet
end
    Faber->>Faber: Create a new DID record in wallet
    Note right of Faber: Used for secure comms with the steward
    Note right of Faber: did.create_and_store_my_did
    Faber->>Faber: Create the connection response
    Note right of Faber: Using the DID, Verkey and Nonce from the connection request
    Faber->>Ledger: Request steward's verification key using the stewards DID
    Note right of Faber: did.key_for_did
    Ledger->>Faber: Steward's verification key
    Faber->>Faber: anonymously encrypt the connection response
    Note right of Faber: crypto.anon_crypt
    Faber->>Steward: Anonymously encrypt the connection response
    Steward->>Steward: Anonymously decrypt the connection response
    Note right of Steward: crypto.anon_decrypt
    Steward->>Steward: Authenticate Faber by comparing nonces
    Note right of Steward: assert connection_request['nonce'] == decrypted_connection_response['nonce']
    Steward->>Ledger: NYM transaction of Faber's DID