Gordian Envelopes can be used in educational credential-issuing industries to encode and transmit sensitive student information. This allows authorized parties, such as potential employers or other educational institutions, to access only the information they are authorized to view while still preserving the privacy and security of the rest of the data.
For example, a student’s transcript could be encoded and transmitted using a Gordian Envelope, with portions of that data elided, to allow potential employers to verify some of the student’s educational qualifications without having access to the student’s full transcript or other sensitive information. Similarly, a credential such as a certification or license could be encoded and transmitted using a Gordian Envelope, to allow employers or regulators to verify the credential without having access to irrelevant details. Seals and signatures can additionally be used to verify the authenticity and provenance of a student’s credentials and to ensure that they have not been tampered with. This adds an extra layer of security and trust to the information transmitted using Gordian Envelopes.
Overall, Gordian Envelopes offer a flexible and privacy-enhancing solution for the transmission and storage of sensitive educational credential information, creating opportunities to transmit sensitive information in restrictive ways.
The Dangers of Digital Credentials in Education
A holder-based hashed elision system such as Gordian Envelope is very important for educational credentials because current digital credentials don’t protect the privacy of students, as discussed in our article, “The Dangers of Digital Credentials in Education”.
Generally, the two major problems with digital credentials as they currently stand are that they open the student up to identity theft and to potential discrimination because of the considerable amounts of information that they contain. On the flipside, digital credentials also create liability for the issuing institute, especially given data regulations such as the GDPR (in Europe) and the CCPA (in California).
Holder-based elision lets the students take control of what is revealed, while adding on hashing using a Merkle Tree ensures that signatures remain valid. The “Dangers of Digital Credentials in Education” article contains more details on these points.
Educational Use Case Table of Contents
The following set of use cases demonstrates how Gordian Envelopes can store educational credentials. Individual categories are presented progressively: each use case within a section builds on the previous one by demonstrating a new capability. The first set refers to Danika Kaschak, an electrical engineer, and her official credentials. A standalone use case then focuses on the more ad-hoc credentials possible through a Web of Trust. A final set of use cases demonstrates the distribution of educational credentials with a different priority: herd privacy.
Gordian Envelopes are useful for credentials in large part because of their ability to support advanced features such as elision, peer-based attestation, and herd privacy. They go far beyond just presenting validatable credentials to allowing the individual holders to decide what gets shown, how, and in what context. They thus add self-sovereign control to the standard rubric of Verifiable Credentials.
- Part One: Official Credentials
- Part Two: Web of Trust Credentials
- Part Three: Herd Privacy Credentials
The Danika Kaschak examples in #1 through #3 are drawn directly from 07-Elision-Example, one of the documents for the Envelope-CLI app. The Burton Bank example is drawn from a use case in a Selective Disclosure white paper in process from Rebooting the Web of Trust XI.
Part One: Official Credentials
This first set of use cases demonstrates how to create (and sign) simple credentials, how the subject can elide data, how another holder can elide data, and how additional parties can add data and even new signatures to a credential.
#1. Danika Proves Her Worth (Credentials, Signature)
- Use Case: Danika needs to be able to prove her credentials as an electrical engineer.
- Independence Benefits: Danika holds her own credentials. No one ever needs to contact the issuer or any other cenralized authority, except possibly to verify a signature, but ideally the associated public key is held in a decentralized PKI.
- Privacy Benefits: Danika choses when to reveal her credentials and to whom, without having to call back home to the issuing agency.
- Resilience Benefits: Danika’s credentials aren’t lost if the issuing agency disappears.
Danika is a credentialed electrical engineer who maintains her certification through continuing education. In past years she would have listed her credentials and then potential employers would have had to go to the certification board to verify them. This was ideal for no one, because most employers didn’t check certifications (leaving them vulnerable), and if they did, the check was beholden to the certification board, who might fail to verify valid credentials for any number of reasons.
Enter the new world of digital credentials. The certification board can now produce a signed version of Danika’s credentials that lists all of her professional development and continuing employment using a Gordian Envelope. There’s no need to contact the cerification board afterward because Danika can produce the credential and it can be validated by compared the signature to the board’s public key, stored in Public Key Infrastructure (PKI). Danika can also prove that the credential belongs to her by signing something with the private key linked to the public key stored in the Envelope.
To create the credential, Danika submits information to the Electrical Engineering Board listing her experience:
CID(4676635a) [
"certificateNumber": "123-456-789"
"continuingEducationUnits": 1.5
"expirationDate": 2028-01-01
"firstName": "Danika"
"issueDate": 2022-09-01
"lastName": "Kaschak"
"photo": "This is Danika Kaschak's photo."
"professionalDevelopmentHours": 15
"subject": "RF and Microwave Engineering"
"topics": CBOR
"ur:pub": "ur:crypto-pubkeys/lftaaosehdcxztpl..."
controller: "Example Electrical Engineering Board"
isA: "Certificate of Completion"
issuer: "Example Electrical Engineering Board"
]
graph LR
1(("b891373a<br/>NODE"))
2["3b888f3c<br/>CID(4676635a)"]
3(["3d00d64f<br/>ASSERTION"])
4[/"2f9bee2f<br/>controller"/]
5["4035b4bd<br/>#quot;Example Electrical Engineering Board#quot;"]
6(["44736993<br/>ASSERTION"])
7["05651934<br/>#quot;topics#quot;"]
8["264aec65<br/>CBOR"]
9(["46d6cfea<br/>ASSERTION"])
10[/"8982354d<br/>isA"/]
11["112e2cdb<br/>#quot;Certificate of Completion#quot;"]
12(["4a69fca3<br/>ASSERTION"])
13["b6d5ea01<br/>#quot;continuingEducationUnits#quot;"]
14["02a61366<br/>1.5"]
15(["5545f6e2<br/>ASSERTION"])
16[/"954c8356<br/>issuer"/]
17["4035b4bd<br/>#quot;Example Electrical Engineering Board#quot;"]
18(["5e75ff3b<br/>ASSERTION"])
19["1a11300a<br/>#quot;ur:pub#quot;"]
20["fee4d010<br/>#quot;ur:crypto-pubkeys/lftaaosehdcxztpl...#quot;"]
21(["61689bb7<br/>ASSERTION"])
22["e6c2932d<br/>#quot;expirationDate#quot;"]
23["b91eea18<br/>2028-01-01"]
24(["82825e3e<br/>ASSERTION"])
25["eb62836d<br/>#quot;lastName#quot;"]
26["86236e63<br/>#quot;Kaschak#quot;"]
27(["a0274d1c<br/>ASSERTION"])
28["62c0a26e<br/>#quot;certificateNumber#quot;"]
29["ac0b465a<br/>#quot;123-456-789#quot;"]
30(["e0070876<br/>ASSERTION"])
31["0eb38394<br/>#quot;subject#quot;"]
32["b059b0f2<br/>#quot;RF and Microwave Engineering#quot;"]
33(["e96b24d9<br/>ASSERTION"])
34["c8c1a6dd<br/>#quot;professionalDevelopmentHours#quot;"]
35["0bf6b955<br/>15"]
36(["eb1f3ba0<br/>ASSERTION"])
37["a791d0c7<br/>#quot;photo#quot;"]
38["20e5fb6f<br/>#quot;This is Danika Kaschak's photo.#quot;"]
39(["f57c11a8<br/>ASSERTION"])
40["c4d5323d<br/>#quot;firstName#quot;"]
41["03ead475<br/>#quot;Danika#quot;"]
42(["fcb3d37a<br/>ASSERTION"])
43["b1e12d58<br/>#quot;issueDate#quot;"]
44["c8bd5658<br/>2022-09-01"]
1 -->|subj| 2
1 --> 3
3 -->|pred| 4
3 -->|obj| 5
1 --> 6
6 -->|pred| 7
6 -->|obj| 8
1 --> 9
9 -->|pred| 10
9 -->|obj| 11
1 --> 12
12 -->|pred| 13
12 -->|obj| 14
1 --> 15
15 -->|pred| 16
15 -->|obj| 17
1 --> 18
18 -->|pred| 19
18 -->|obj| 20
1 --> 21
21 -->|pred| 22
21 -->|obj| 23
1 --> 24
24 -->|pred| 25
24 -->|obj| 26
1 --> 27
27 -->|pred| 28
27 -->|obj| 29
1 --> 30
30 -->|pred| 31
30 -->|obj| 32
1 --> 33
33 -->|pred| 34
33 -->|obj| 35
1 --> 36
36 -->|pred| 37
36 -->|obj| 38
1 --> 39
39 -->|pred| 40
39 -->|obj| 41
1 --> 42
42 -->|pred| 43
42 -->|obj| 44
style 1 stroke:red,stroke-width:3.0px
style 2 stroke:#55f,stroke-width:3.0px
style 3 stroke:red,stroke-width:3.0px
style 4 stroke:#55f,stroke-width:3.0px
style 5 stroke:#55f,stroke-width:3.0px
style 6 stroke:red,stroke-width:3.0px
style 7 stroke:#55f,stroke-width:3.0px
style 8 stroke:#55f,stroke-width:3.0px
style 9 stroke:red,stroke-width:3.0px
style 10 stroke:#55f,stroke-width:3.0px
style 11 stroke:#55f,stroke-width:3.0px
style 12 stroke:red,stroke-width:3.0px
style 13 stroke:#55f,stroke-width:3.0px
style 14 stroke:#55f,stroke-width:3.0px
style 15 stroke:red,stroke-width:3.0px
style 16 stroke:#55f,stroke-width:3.0px
style 17 stroke:#55f,stroke-width:3.0px
style 18 stroke:red,stroke-width:3.0px
style 19 stroke:#55f,stroke-width:3.0px
style 20 stroke:#55f,stroke-width:3.0px
style 21 stroke:red,stroke-width:3.0px
style 22 stroke:#55f,stroke-width:3.0px
style 23 stroke:#55f,stroke-width:3.0px
style 24 stroke:red,stroke-width:3.0px
style 25 stroke:#55f,stroke-width:3.0px
style 26 stroke:#55f,stroke-width:3.0px
style 27 stroke:red,stroke-width:3.0px
style 28 stroke:#55f,stroke-width:3.0px
style 29 stroke:#55f,stroke-width:3.0px
style 30 stroke:red,stroke-width:3.0px
style 31 stroke:#55f,stroke-width:3.0px
style 32 stroke:#55f,stroke-width:3.0px
style 33 stroke:red,stroke-width:3.0px
style 34 stroke:#55f,stroke-width:3.0px
style 35 stroke:#55f,stroke-width:3.0px
style 36 stroke:red,stroke-width:3.0px
style 37 stroke:#55f,stroke-width:3.0px
style 38 stroke:#55f,stroke-width:3.0px
style 39 stroke:red,stroke-width:3.0px
style 40 stroke:#55f,stroke-width:3.0px
style 41 stroke:#55f,stroke-width:3.0px
style 42 stroke:red,stroke-width:3.0px
style 43 stroke:#55f,stroke-width:3.0px
style 44 stroke:#55f,stroke-width:3.0px
linkStyle 0 stroke:red,stroke-width:2.0px
linkStyle 1 stroke-width:2.0px
linkStyle 2 stroke:green,stroke-width:2.0px
linkStyle 3 stroke:#55f,stroke-width:2.0px
linkStyle 4 stroke-width:2.0px
linkStyle 5 stroke:green,stroke-width:2.0px
linkStyle 6 stroke:#55f,stroke-width:2.0px
linkStyle 7 stroke-width:2.0px
linkStyle 8 stroke:green,stroke-width:2.0px
linkStyle 9 stroke:#55f,stroke-width:2.0px
linkStyle 10 stroke-width:2.0px
linkStyle 11 stroke:green,stroke-width:2.0px
linkStyle 12 stroke:#55f,stroke-width:2.0px
linkStyle 13 stroke-width:2.0px
linkStyle 14 stroke:green,stroke-width:2.0px
linkStyle 15 stroke:#55f,stroke-width:2.0px
linkStyle 16 stroke-width:2.0px
linkStyle 17 stroke:green,stroke-width:2.0px
linkStyle 18 stroke:#55f,stroke-width:2.0px
linkStyle 19 stroke-width:2.0px
linkStyle 20 stroke:green,stroke-width:2.0px
linkStyle 21 stroke:#55f,stroke-width:2.0px
linkStyle 22 stroke-width:2.0px
linkStyle 23 stroke:green,stroke-width:2.0px
linkStyle 24 stroke:#55f,stroke-width:2.0px
linkStyle 25 stroke-width:2.0px
linkStyle 26 stroke:green,stroke-width:2.0px
linkStyle 27 stroke:#55f,stroke-width:2.0px
linkStyle 28 stroke-width:2.0px
linkStyle 29 stroke:green,stroke-width:2.0px
linkStyle 30 stroke:#55f,stroke-width:2.0px
linkStyle 31 stroke-width:2.0px
linkStyle 32 stroke:green,stroke-width:2.0px
linkStyle 33 stroke:#55f,stroke-width:2.0px
linkStyle 34 stroke-width:2.0px
linkStyle 35 stroke:green,stroke-width:2.0px
linkStyle 36 stroke:#55f,stroke-width:2.0px
linkStyle 37 stroke-width:2.0px
linkStyle 38 stroke:green,stroke-width:2.0px
linkStyle 39 stroke:#55f,stroke-width:2.0px
linkStyle 40 stroke-width:2.0px
linkStyle 41 stroke:green,stroke-width:2.0px
linkStyle 42 stroke:#55f,stroke-width:2.0px
The certification board validates the information submitted by Danika, and then wraps the Envelope and signs it before returning it to Danika. This is what gives the Envelope its power. Because it’s signed, no one now needs to contact the board (as long as their public key is indeed stored in a PKI, or at some other well-known site, to allow for validation).
{
CID(4676635a) [
"certificateNumber": "123-456-789"
"continuingEducationUnits": 1.5
"expirationDate": 2028-01-01
"firstName": "Danika"
"issueDate": 2022-09-01
"lastName": "Kaschak"
"photo": "This is Danika Kaschak's photo."
"professionalDevelopmentHours": 15
"subject": "RF and Microwave Engineering"
"topics": CBOR
"ur:pub": "ur:crypto-pubkeys/lftaaosehdcxztpl..."
controller: "Example Electrical Engineering Board"
isA: "Certificate of Completion"
issuer: "Example Electrical Engineering Board"
]
} [
note: "Signed by Example Electrical Engineering Board"
verifiedBy: Signature
]
graph LR
1(("820fcb63<br/>NODE"))
2[/"d8f990a1<br/>WRAPPED"\]
3(("b891373a<br/>NODE"))
4["3b888f3c<br/>CID(4676635a)"]
5(["3d00d64f<br/>ASSERTION"])
6[/"2f9bee2f<br/>controller"/]
7["4035b4bd<br/>#quot;Example Electrical Engineering Board#quot;"]
8(["44736993<br/>ASSERTION"])
9["05651934<br/>#quot;topics#quot;"]
10["264aec65<br/>CBOR"]
11(["46d6cfea<br/>ASSERTION"])
12[/"8982354d<br/>isA"/]
13["112e2cdb<br/>#quot;Certificate of Completion#quot;"]
14(["4a69fca3<br/>ASSERTION"])
15["b6d5ea01<br/>#quot;continuingEducationUnits#quot;"]
16["02a61366<br/>1.5"]
17(["5545f6e2<br/>ASSERTION"])
18[/"954c8356<br/>issuer"/]
19["4035b4bd<br/>#quot;Example Electrical Engineering Board#quot;"]
20(["5e75ff3b<br/>ASSERTION"])
21["1a11300a<br/>#quot;ur:pub#quot;"]
22["fee4d010<br/>#quot;ur:crypto-pubkeys/lftaaosehdcxztpl...#quot;"]
23(["61689bb7<br/>ASSERTION"])
24["e6c2932d<br/>#quot;expirationDate#quot;"]
25["b91eea18<br/>2028-01-01"]
26(["82825e3e<br/>ASSERTION"])
27["eb62836d<br/>#quot;lastName#quot;"]
28["86236e63<br/>#quot;Kaschak#quot;"]
29(["a0274d1c<br/>ASSERTION"])
30["62c0a26e<br/>#quot;certificateNumber#quot;"]
31["ac0b465a<br/>#quot;123-456-789#quot;"]
32(["e0070876<br/>ASSERTION"])
33["0eb38394<br/>#quot;subject#quot;"]
34["b059b0f2<br/>#quot;RF and Microwave Engineering#quot;"]
35(["e96b24d9<br/>ASSERTION"])
36["c8c1a6dd<br/>#quot;professionalDevelopmentHours#quot;"]
37["0bf6b955<br/>15"]
38(["eb1f3ba0<br/>ASSERTION"])
39["a791d0c7<br/>#quot;photo#quot;"]
40["20e5fb6f<br/>#quot;This is Danika Kaschak's photo.#quot;"]
41(["f57c11a8<br/>ASSERTION"])
42["c4d5323d<br/>#quot;firstName#quot;"]
43["03ead475<br/>#quot;Danika#quot;"]
44(["fcb3d37a<br/>ASSERTION"])
45["b1e12d58<br/>#quot;issueDate#quot;"]
46["c8bd5658<br/>2022-09-01"]
47(["040e7274<br/>ASSERTION"])
48[/"d59f8c0f<br/>verifiedBy"/]
49["3f1752a0<br/>Signature"]
50(["afe231cc<br/>ASSERTION"])
51[/"61fb6a6b<br/>note"/]
52["f4bf011f<br/>#quot;Signed by Example Electrical Engineering Board#quot;"]
1 -->|subj| 2
2 -->|subj| 3
3 -->|subj| 4
3 --> 5
5 -->|pred| 6
5 -->|obj| 7
3 --> 8
8 -->|pred| 9
8 -->|obj| 10
3 --> 11
11 -->|pred| 12
11 -->|obj| 13
3 --> 14
14 -->|pred| 15
14 -->|obj| 16
3 --> 17
17 -->|pred| 18
17 -->|obj| 19
3 --> 20
20 -->|pred| 21
20 -->|obj| 22
3 --> 23
23 -->|pred| 24
23 -->|obj| 25
3 --> 26
26 -->|pred| 27
26 -->|obj| 28
3 --> 29
29 -->|pred| 30
29 -->|obj| 31
3 --> 32
32 -->|pred| 33
32 -->|obj| 34
3 --> 35
35 -->|pred| 36
35 -->|obj| 37
3 --> 38
38 -->|pred| 39
38 -->|obj| 40
3 --> 41
41 -->|pred| 42
41 -->|obj| 43
3 --> 44
44 -->|pred| 45
44 -->|obj| 46
1 --> 47
47 -->|pred| 48
47 -->|obj| 49
1 --> 50
50 -->|pred| 51
50 -->|obj| 52
style 1 stroke:red,stroke-width:3.0px
style 2 stroke:red,stroke-width:3.0px
style 3 stroke:red,stroke-width:3.0px
style 4 stroke:#55f,stroke-width:3.0px
style 5 stroke:red,stroke-width:3.0px
style 6 stroke:#55f,stroke-width:3.0px
style 7 stroke:#55f,stroke-width:3.0px
style 8 stroke:red,stroke-width:3.0px
style 9 stroke:#55f,stroke-width:3.0px
style 10 stroke:#55f,stroke-width:3.0px
style 11 stroke:red,stroke-width:3.0px
style 12 stroke:#55f,stroke-width:3.0px
style 13 stroke:#55f,stroke-width:3.0px
style 14 stroke:red,stroke-width:3.0px
style 15 stroke:#55f,stroke-width:3.0px
style 16 stroke:#55f,stroke-width:3.0px
style 17 stroke:red,stroke-width:3.0px
style 18 stroke:#55f,stroke-width:3.0px
style 19 stroke:#55f,stroke-width:3.0px
style 20 stroke:red,stroke-width:3.0px
style 21 stroke:#55f,stroke-width:3.0px
style 22 stroke:#55f,stroke-width:3.0px
style 23 stroke:red,stroke-width:3.0px
style 24 stroke:#55f,stroke-width:3.0px
style 25 stroke:#55f,stroke-width:3.0px
style 26 stroke:red,stroke-width:3.0px
style 27 stroke:#55f,stroke-width:3.0px
style 28 stroke:#55f,stroke-width:3.0px
style 29 stroke:red,stroke-width:3.0px
style 30 stroke:#55f,stroke-width:3.0px
style 31 stroke:#55f,stroke-width:3.0px
style 32 stroke:red,stroke-width:3.0px
style 33 stroke:#55f,stroke-width:3.0px
style 34 stroke:#55f,stroke-width:3.0px
style 35 stroke:red,stroke-width:3.0px
style 36 stroke:#55f,stroke-width:3.0px
style 37 stroke:#55f,stroke-width:3.0px
style 38 stroke:red,stroke-width:3.0px
style 39 stroke:#55f,stroke-width:3.0px
style 40 stroke:#55f,stroke-width:3.0px
style 41 stroke:red,stroke-width:3.0px
style 42 stroke:#55f,stroke-width:3.0px
style 43 stroke:#55f,stroke-width:3.0px
style 44 stroke:red,stroke-width:3.0px
style 45 stroke:#55f,stroke-width:3.0px
style 46 stroke:#55f,stroke-width:3.0px
style 47 stroke:red,stroke-width:3.0px
style 48 stroke:#55f,stroke-width:3.0px
style 49 stroke:#55f,stroke-width:3.0px
style 50 stroke:red,stroke-width:3.0px
style 51 stroke:#55f,stroke-width:3.0px
style 52 stroke:#55f,stroke-width:3.0px
linkStyle 0 stroke:red,stroke-width:2.0px
linkStyle 1 stroke:red,stroke-width:2.0px
linkStyle 2 stroke:red,stroke-width:2.0px
linkStyle 3 stroke-width:2.0px
linkStyle 4 stroke:green,stroke-width:2.0px
linkStyle 5 stroke:#55f,stroke-width:2.0px
linkStyle 6 stroke-width:2.0px
linkStyle 7 stroke:green,stroke-width:2.0px
linkStyle 8 stroke:#55f,stroke-width:2.0px
linkStyle 9 stroke-width:2.0px
linkStyle 10 stroke:green,stroke-width:2.0px
linkStyle 11 stroke:#55f,stroke-width:2.0px
linkStyle 12 stroke-width:2.0px
linkStyle 13 stroke:green,stroke-width:2.0px
linkStyle 14 stroke:#55f,stroke-width:2.0px
linkStyle 15 stroke-width:2.0px
linkStyle 16 stroke:green,stroke-width:2.0px
linkStyle 17 stroke:#55f,stroke-width:2.0px
linkStyle 18 stroke-width:2.0px
linkStyle 19 stroke:green,stroke-width:2.0px
linkStyle 20 stroke:#55f,stroke-width:2.0px
linkStyle 21 stroke-width:2.0px
linkStyle 22 stroke:green,stroke-width:2.0px
linkStyle 23 stroke:#55f,stroke-width:2.0px
linkStyle 24 stroke-width:2.0px
linkStyle 25 stroke:green,stroke-width:2.0px
linkStyle 26 stroke:#55f,stroke-width:2.0px
linkStyle 27 stroke-width:2.0px
linkStyle 28 stroke:green,stroke-width:2.0px
linkStyle 29 stroke:#55f,stroke-width:2.0px
linkStyle 30 stroke-width:2.0px
linkStyle 31 stroke:green,stroke-width:2.0px
linkStyle 32 stroke:#55f,stroke-width:2.0px
linkStyle 33 stroke-width:2.0px
linkStyle 34 stroke:green,stroke-width:2.0px
linkStyle 35 stroke:#55f,stroke-width:2.0px
linkStyle 36 stroke-width:2.0px
linkStyle 37 stroke:green,stroke-width:2.0px
linkStyle 38 stroke:#55f,stroke-width:2.0px
linkStyle 39 stroke-width:2.0px
linkStyle 40 stroke:green,stroke-width:2.0px
linkStyle 41 stroke:#55f,stroke-width:2.0px
linkStyle 42 stroke-width:2.0px
linkStyle 43 stroke:green,stroke-width:2.0px
linkStyle 44 stroke:#55f,stroke-width:2.0px
linkStyle 45 stroke-width:2.0px
linkStyle 46 stroke:green,stroke-width:2.0px
linkStyle 47 stroke:#55f,stroke-width:2.0px
linkStyle 48 stroke-width:2.0px
linkStyle 49 stroke:green,stroke-width:2.0px
linkStyle 50 stroke:#55f,stroke-width:2.0px
To make the validation process easier, additional hints for public-key look up could have been added, though a validator would have then needed to assess whether that information was itself valid or not.
Overall, just this first, simple educational use case offers strong benefits, because Danika has more independence than ever before to hold and use her credential, and there’s less opportunity than ever before for the issuer to spy upon Danika’s usage of that credential. The result is self-sovereign control: a great first step for privacy.
#2. Danika Restricts Her Revelations (Elision)
- Use Case: Danika wants to avoid prejudice when using her credentials in job applications.
- Independence Benefits: Danika individually choses how her credentials will be viewed every time she submits them. She doesn’t have to ask anyone else for permission or go to any centralized agency to do so.
- Privacy Benefits: Danika elides data from her credential that is irrelevent. This also allows her to exclude information that could be prejudicial, such as her Eastern European name or school. The result contains exactly the minimal data set that she wants.
Danika is very confident in her prowess as an electrical engineer, but she fears prejudice when she seeks employment. Primarily, she is concerned about prejudice over her Eastern Europe name, but she also fears prejudice over the recent date of her certification. As a result, she wants to elide (omit) that information in her credential, as well as other details that she considers irrelevent to her application.
Gordian Envelope gives any holder of a credential the ability to elide information from a credential. Danika simply needs to use an application such as envelope-cli
that removes specific content. Gordian Envelope is designed so that this removal of information doesn’t affect any of the digital hashes within the Envelope. As a result, the signature on the Envelope remains valid. Danika can still present the information and someone examining it can then assess the remaining information and verify that it’s been signed, in this case by the certification board.
When Danika elides her envelope, it shows that information has been removed:
{
CID(4676635a) [
"expirationDate": 2028-01-01
"subject": "RF and Microwave Engineering"
isA: "Certificate of Completion"
issuer: "Example Electrical Engineering Board"
ELIDED (10)
]
} [
note: "Signed by Example Electrical Engineering Board"
verifiedBy: Signature
]
graph LR
1(("820fcb63<br/>NODE"))
2[/"d8f990a1<br/>WRAPPED"\]
3(("b891373a<br/>NODE"))
4["3b888f3c<br/>CID(4676635a)"]
53d00d64f<br/>ELIDED
644736993<br/>ELIDED
7(["46d6cfea<br/>ASSERTION"])
8[/"8982354d<br/>isA"/]
9["112e2cdb<br/>#quot;Certificate of Completion#quot;"]
104a69fca3<br/>ELIDED
11(["5545f6e2<br/>ASSERTION"])
12[/"954c8356<br/>issuer"/]
13["4035b4bd<br/>#quot;Example Electrical Engineering Board#quot;"]
145e75ff3b<br/>ELIDED
15(["61689bb7<br/>ASSERTION"])
16["e6c2932d<br/>#quot;expirationDate#quot;"]
17["b91eea18<br/>2028-01-01"]
1882825e3e<br/>ELIDED
19a0274d1c<br/>ELIDED
20(["e0070876<br/>ASSERTION"])
21["0eb38394<br/>#quot;subject#quot;"]
22["b059b0f2<br/>#quot;RF and Microwave Engineering#quot;"]
23e96b24d9<br/>ELIDED
24eb1f3ba0<br/>ELIDED
25f57c11a8<br/>ELIDED
26fcb3d37a<br/>ELIDED
27(["040e7274<br/>ASSERTION"])
28[/"d59f8c0f<br/>verifiedBy"/]
29["3f1752a0<br/>Signature"]
30(["afe231cc<br/>ASSERTION"])
31[/"61fb6a6b<br/>note"/]
32["f4bf011f<br/>#quot;Signed by Example Electrical Engineering Board#quot;"]
1 -->|subj| 2
2 -->|subj| 3
3 -->|subj| 4
3 --> 5
3 --> 6
3 --> 7
7 -->|pred| 8
7 -->|obj| 9
3 --> 10
3 --> 11
11 -->|pred| 12
11 -->|obj| 13
3 --> 14
3 --> 15
15 -->|pred| 16
15 -->|obj| 17
3 --> 18
3 --> 19
3 --> 20
20 -->|pred| 21
20 -->|obj| 22
3 --> 23
3 --> 24
3 --> 25
3 --> 26
1 --> 27
27 -->|pred| 28
27 -->|obj| 29
1 --> 30
30 -->|pred| 31
30 -->|obj| 32
style 1 stroke:red,stroke-width:3.0px
style 2 stroke:red,stroke-width:3.0px
style 3 stroke:red,stroke-width:3.0px
style 4 stroke:#55f,stroke-width:3.0px
style 5 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 6 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 7 stroke:red,stroke-width:3.0px
style 8 stroke:#55f,stroke-width:3.0px
style 9 stroke:#55f,stroke-width:3.0px
style 10 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 11 stroke:red,stroke-width:3.0px
style 12 stroke:#55f,stroke-width:3.0px
style 13 stroke:#55f,stroke-width:3.0px
style 14 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 15 stroke:red,stroke-width:3.0px
style 16 stroke:#55f,stroke-width:3.0px
style 17 stroke:#55f,stroke-width:3.0px
style 18 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 19 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 20 stroke:red,stroke-width:3.0px
style 21 stroke:#55f,stroke-width:3.0px
style 22 stroke:#55f,stroke-width:3.0px
style 23 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 24 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 25 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 26 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 27 stroke:red,stroke-width:3.0px
style 28 stroke:#55f,stroke-width:3.0px
style 29 stroke:#55f,stroke-width:3.0px
style 30 stroke:red,stroke-width:3.0px
style 31 stroke:#55f,stroke-width:3.0px
style 32 stroke:#55f,stroke-width:3.0px
linkStyle 0 stroke:red,stroke-width:2.0px
linkStyle 1 stroke:red,stroke-width:2.0px
linkStyle 2 stroke:red,stroke-width:2.0px
linkStyle 3 stroke-width:2.0px
linkStyle 4 stroke-width:2.0px
linkStyle 5 stroke-width:2.0px
linkStyle 6 stroke:green,stroke-width:2.0px
linkStyle 7 stroke:#55f,stroke-width:2.0px
linkStyle 8 stroke-width:2.0px
linkStyle 9 stroke-width:2.0px
linkStyle 10 stroke:green,stroke-width:2.0px
linkStyle 11 stroke:#55f,stroke-width:2.0px
linkStyle 12 stroke-width:2.0px
linkStyle 13 stroke-width:2.0px
linkStyle 14 stroke:green,stroke-width:2.0px
linkStyle 15 stroke:#55f,stroke-width:2.0px
linkStyle 16 stroke-width:2.0px
linkStyle 17 stroke-width:2.0px
linkStyle 18 stroke-width:2.0px
linkStyle 19 stroke:green,stroke-width:2.0px
linkStyle 20 str
Danika’s potential employer gains benefits from this elision too, because there can never be a claim that they were unconsciously prejudiced against a protected employment class: Danika elided that data before they ever saw the credential. As a result, everyone is able to live in a more colorblind meritocracy.
After submitting her credentials, Danika supplements them with excellent scores in a third-party proctored test (producing another credential) and is hired by Thunder & Lightning Inc.
3. Thunder & Lightning Spotlights Danika (Third-Party Repackaging)
- Use Case: Thunder & Lightning Inc. needs to repackage Danika’s credentials for their customers.
- Independence Benefits: Any holder of credentials can repackage them for appropriate use, not just the subject. That allows credentials to be more widely used and for a variety of parties to be more confident about the credentials of workers.
- Privacy Benefits: Danika and Thunder & Lightning can work together to produce new elided credentials that match only what’s required by a third party, rather than having to continually reuse either the original, full credentials or the redacted versions forwarded on as part of Danika’s application. This reduces data to the minimum required for any specific task.
- Openness Benefits: Credentials that can be elided, passed on, re-signed, and otherwise updated by a variety of parties reveal that an open infrastructure underlies the use of Gordian Envelopes for credentials.
Thunder & Lightning Inc. is ready to send Danika to a job site! To do so they must both reveal and affirm her credentials to the job-site supervisors. Even though they are neither the issuer nor the subject of Danika’s educational credentials, Thunder & Lightning is able to produce their own version of those credentials based on the copy of the Gordian Envelope that they hold.
They want Danika’s name in the credentials, so they must ask her for a copy of the credentials containing that information, but then they elide the rest of the information just like she did, using an application such as envelope-cli
. This is one of the strengths of Gordian Envelope: each party who holds the Envelope (or even an already-elided form of the Envelope) can choose how to further elide it to match their own requirements and their own risk models. It allows for the exchange of credential data while holding to principles of Data Minimization.
But a holder can do more than that: they can also add information. In this case, Thunder & Lightning wants to add details about Danika’s work with them. The open specification for Gordian Envelopes allows them to do so by wrapping the original, signed information, adding content, and then putting another signature on top of that. The original certification information remains verified by the certification board, and the new employment information is verified by Thunder & Lightning.
Thunder & Lightning’s elided version of Danika’s certification reveals slightly different information than the previous version:
{
CID(4676635a) [
"expirationDate": 2028-01-01
"firstName": "Danika"
"lastName": "Kaschak"
"subject": "RF and Microwave Engineering"
isA: "Certificate of Completion"
issuer: "Example Electrical Engineering Board"
ELIDED (8)
]
} [
note: "Signed by Example Electrical Engineering Board"
verifiedBy: Signature
]
graph LR
1(("820fcb63<br/>NODE"))
2[/"d8f990a1<br/>WRAPPED"\]
3(("b891373a<br/>NODE"))
4["3b888f3c<br/>CID(4676635a)"]
53d00d64f<br/>ELIDED
644736993<br/>ELIDED
7(["46d6cfea<br/>ASSERTION"])
8[/"8982354d<br/>isA"/]
9["112e2cdb<br/>#quot;Certificate of Completion#quot;"]
104a69fca3<br/>ELIDED
11(["5545f6e2<br/>ASSERTION"])
12[/"954c8356<br/>issuer"/]
13["4035b4bd<br/>#quot;Example Electrical Engineering Board#quot;"]
145e75ff3b<br/>ELIDED
15(["61689bb7<br/>ASSERTION"])
16["e6c2932d<br/>#quot;expirationDate#quot;"]
17["b91eea18<br/>2028-01-01"]
18(["82825e3e<br/>ASSERTION"])
19["eb62836d<br/>#quot;lastName#quot;"]
20["86236e63<br/>#quot;Kaschak#quot;"]
21a0274d1c<br/>ELIDED
22(["e0070876<br/>ASSERTION"])
23["0eb38394<br/>#quot;subject#quot;"]
24["b059b0f2<br/>#quot;RF and Microwave Engineering#quot;"]
25e96b24d9<br/>ELIDED
26eb1f3ba0<br/>ELIDED
27(["f57c11a8<br/>ASSERTION"])
28["c4d5323d<br/>#quot;firstName#quot;"]
29["03ead475<br/>#quot;Danika#quot;"]
30fcb3d37a<br/>ELIDED
31(["040e7274<br/>ASSERTION"])
32[/"d59f8c0f<br/>verifiedBy"/]
33["3f1752a0<br/>Signature"]
34(["afe231cc<br/>ASSERTION"])
35[/"61fb6a6b<br/>note"/]
36["f4bf011f<br/>#quot;Signed by Example Electrical Engineering Board#quot;"]
1 -->|subj| 2
2 -->|subj| 3
3 -->|subj| 4
3 --> 5
3 --> 6
3 --> 7
7 -->|pred| 8
7 -->|obj| 9
3 --> 10
3 --> 11
11 -->|pred| 12
11 -->|obj| 13
3 --> 14
3 --> 15
15 -->|pred| 16
15 -->|obj| 17
3 --> 18
18 -->|pred| 19
18 -->|obj| 20
3 --> 21
3 --> 22
22 -->|pred| 23
22 -->|obj| 24
3 --> 25
3 --> 26
3 --> 27
27 -->|pred| 28
27 -->|obj| 29
3 --> 30
1 --> 31
31 -->|pred| 32
31 -->|obj| 33
1 --> 34
34 -->|pred| 35
34 -->|obj| 36
style 1 stroke:red,stroke-width:3.0px
style 2 stroke:red,stroke-width:3.0px
style 3 stroke:red,stroke-width:3.0px
style 4 stroke:#55f,stroke-width:3.0px
style 5 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 6 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 7 stroke:red,stroke-width:3.0px
style 8 stroke:#55f,stroke-width:3.0px
style 9 stroke:#55f,stroke-width:3.0px
style 10 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 11 stroke:red,stroke-width:3.0px
style 12 stroke:#55f,stroke-width:3.0px
style 13 stroke:#55f,stroke-width:3.0px
style 14 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 15 stroke:red,stroke-width:3.0px
style 16 stroke:#55f,stroke-width:3.0px
style 17 stroke:#55f,stroke-width:3.0px
style 18 stroke:red,stroke-width:3.0px
style 19 stroke:#55f,stroke-width:3.0px
style 20 stroke:#55f,stroke-width:3.0px
style 21 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 22 stroke:red,stroke-width:3.0px
style 23 stroke:#55f,stroke-width:3.0px
style 24 stroke:#55f,stroke-width:3.0px
style 25 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 26 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 27 stroke:red,stroke-width:3.0px
style 28 stroke:#55f,stroke-width:3.0px
style 29 stroke:#55f,stroke-width:3.0px
style 30 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 31 stroke:red,stroke-width:3.0px
style 32 stroke:#55f,stroke-width:3.0px
style 33 stroke:#55f,stroke-width:3.0px
style 34 stroke:red,stroke-width:3.0px
style 35 stroke:#55f,stroke-width:3.0px
style 36 stroke:#55f,stroke-width:3.0px
linkStyle 0 stroke:red,stroke-width:2.0px
linkStyle 1 stroke:red,stroke-width:2.0px
linkStyle 2 stroke:red,stroke-width:2.0px
linkStyle 3 stroke-width:2.0px
linkStyle 4 stroke-width:2.0px
linkStyle 5 stroke-width:2.0px
linkStyle 6 stroke:green,stroke-width:2.0px
linkStyle 7 stroke:#55f,stroke-width:2.0px
linkStyle 8 stroke-width:2.0px
linkStyle 9 stroke-width:2.0px
linkStyle 10 stroke:green,stroke-width:2.0px
linkStyle 11 stroke:#55f,stroke-width:2.0px
linkStyle 12 stroke-width:2.0px
linkStyle 13 stroke-width:2.0px
linkStyle 14 stroke:green,stroke-width:2.0px
linkStyle 15 stroke:#55f,stroke-width:2.0px
linkStyle 16 stroke-width:2.0px
linkStyle 17 stroke:green,stroke-width:2.0px
linkStyle 18 stroke:#55f,stroke-width:2.0px
linkStyle 19 stroke-width:2.0px
linkStyle 20 stroke-width:2.0px
linkStyle 21 stroke:green,stroke-width:2.0px
linkStyle 22 stroke:#55f,stroke-width:2.0px
linkStyle 23 stroke-width:2.0px
linkStyle 24 stroke-width:2.0px
linkStyle 25 stroke-width:2.0px
linkStyle 26 stroke:green,stroke-width:2.0px
linkStyle 27 stroke:#55f,stroke-width:2.0px
linkStyle 28 stroke-width:2.0px
linkStyle 29 stroke-width:2.0px
linkStyle 30 stroke:green,stroke-width:2.0px
linkStyle 31 stroke:#55f,stroke-width:2.0px
linkStyle 32 stroke-width:2.0px
linkStyle 33 stroke:green,stroke-width:2.0px
linkStyle 34 stroke:#55f,stroke-width:2.0px
Thunder & Lightning Inc. wraps that envelope (to preserve the original signature) and then adds additional data on Danika’s work with them:
{
{
CID(4676635a) [
"expirationDate": 2028-01-01
"firstName": "Danika"
"lastName": "Kaschak"
"subject": "RF and Microwave Engineering"
isA: "Certificate of Completion"
issuer: "Example Electrical Engineering Board"
ELIDED (8)
]
} [
note: "Signed by Example Electrical Engineering Board"
verifiedBy: Signature
]
} [
"employeeHiredDate": 2022-10-01
"employeeStatus": "active"
]
graph LR
1(("abdedfa9<br/>NODE"))
2[/"41c818e9<br/>WRAPPED"\]
3(("820fcb63<br/>NODE"))
4[/"d8f990a1<br/>WRAPPED"\]
5(("b891373a<br/>NODE"))
6["3b888f3c<br/>CID(4676635a)"]
73d00d64f<br/>ELIDED
844736993<br/>ELIDED
9(["46d6cfea<br/>ASSERTION"])
10[/"8982354d<br/>isA"/]
11["112e2cdb<br/>#quot;Certificate of Completion#quot;"]
124a69fca3<br/>ELIDED
13(["5545f6e2<br/>ASSERTION"])
14[/"954c8356<br/>issuer"/]
15["4035b4bd<br/>#quot;Example Electrical Engineering Board#quot;"]
165e75ff3b<br/>ELIDED
17(["61689bb7<br/>ASSERTION"])
18["e6c2932d<br/>#quot;expirationDate#quot;"]
19["b91eea18<br/>2028-01-01"]
20(["82825e3e<br/>ASSERTION"])
21["eb62836d<br/>#quot;lastName#quot;"]
22["86236e63<br/>#quot;Kaschak#quot;"]
23a0274d1c<br/>ELIDED
24(["e0070876<br/>ASSERTION"])
25["0eb38394<br/>#quot;subject#quot;"]
26["b059b0f2<br/>#quot;RF and Microwave Engineering#quot;"]
27e96b24d9<br/>ELIDED
28eb1f3ba0<br/>ELIDED
29(["f57c11a8<br/>ASSERTION"])
30["c4d5323d<br/>#quot;firstName#quot;"]
31["03ead475<br/>#quot;Danika#quot;"]
32fcb3d37a<br/>ELIDED
33(["040e7274<br/>ASSERTION"])
34[/"d59f8c0f<br/>verifiedBy"/]
35["3f1752a0<br/>Signature"]
36(["afe231cc<br/>ASSERTION"])
37[/"61fb6a6b<br/>note"/]
38["f4bf011f<br/>#quot;Signed by Example Electrical Engineering Board#quot;"]
39(["0001c9c5<br/>ASSERTION"])
40["134a1704<br/>#quot;employeeHiredDate#quot;"]
41["a3687c5b<br/>2022-10-01"]
42(["310b027f<br/>ASSERTION"])
43["f942ee55<br/>#quot;employeeStatus#quot;"]
44["919eb85d<br/>#quot;active#quot;"]
1 -->|subj| 2
2 -->|subj| 3
3 -->|subj| 4
4 -->|subj| 5
5 -->|subj| 6
5 --> 7
5 --> 8
5 --> 9
9 -->|pred| 10
9 -->|obj| 11
5 --> 12
5 --> 13
13 -->|pred| 14
13 -->|obj| 15
5 --> 16
5 --> 17
17 -->|pred| 18
17 -->|obj| 19
5 --> 20
20 -->|pred| 21
20 -->|obj| 22
5 --> 23
5 --> 24
24 -->|pred| 25
24 -->|obj| 26
5 --> 27
5 --> 28
5 --> 29
29 -->|pred| 30
29 -->|obj| 31
5 --> 32
3 --> 33
33 -->|pred| 34
33 -->|obj| 35
3 --> 36
36 -->|pred| 37
36 -->|obj| 38
1 --> 39
39 -->|pred| 40
39 -->|obj| 41
1 --> 42
42 -->|pred| 43
42 -->|obj| 44
style 1 stroke:red,stroke-width:3.0px
style 2 stroke:red,stroke-width:3.0px
style 3 stroke:red,stroke-width:3.0px
style 4 stroke:red,stroke-width:3.0px
style 5 stroke:red,stroke-width:3.0px
style 6 stroke:#55f,stroke-width:3.0px
style 7 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 8 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 9 stroke:red,stroke-width:3.0px
style 10 stroke:#55f,stroke-width:3.0px
style 11 stroke:#55f,stroke-width:3.0px
style 12 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 13 stroke:red,stroke-width:3.0px
style 14 stroke:#55f,stroke-width:3.0px
style 15 stroke:#55f,stroke-width:3.0px
style 16 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 17 stroke:red,stroke-width:3.0px
style 18 stroke:#55f,stroke-width:3.0px
style 19 stroke:#55f,stroke-width:3.0px
style 20 stroke:red,stroke-width:3.0px
style 21 stroke:#55f,stroke-width:3.0px
style 22 stroke:#55f,stroke-width:3.0px
style 23 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 24 stroke:red,stroke-width:3.0px
style 25 stroke:#55f,stroke-width:3.0px
style 26 stroke:#55f,stroke-width:3.0px
style 27 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 28 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 29 stroke:red,stroke-width:3.0px
style 30 stroke:#55f,stroke-width:3.0px
style 31 stroke:#55f,stroke-width:3.0px
style 32 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 33 stroke:red,stroke-width:3.0px
style 34 stroke:#55f,stroke-width:3.0px
style 35 stroke:#55f,stroke-width:3.0px
style 36 stroke:red,stroke-width:3.0px
style 37 stroke:#55f,stroke-width:3.0px
style 38 stroke:#55f,stroke-width:3.0px
style 39 stroke:red,stroke-width:3.0px
style 40 stroke:#55f,stroke-width:3.0px
style 41 stroke:#55f,stroke-width:3.0px
style 42 stroke:red,stroke-width:3.0px
style 43 stroke:#55f,stroke-width:3.0px
style 44 stroke:#55f,stroke-width:3.0px
linkStyle 0 stroke:red,stroke-width:2.0px
linkStyle 1 stroke:red,stroke-width:2.0px
linkStyle 2 stroke:red,stroke-width:2.0px
linkStyle 3 stroke:red,stroke-width:2.0px
linkStyle 4 stroke:red,stroke-width:2.0px
linkStyle 5 stroke-width:2.0px
linkStyle 6 stroke-width:2.0px
linkStyle 7 stroke-width:2.0px
linkStyle 8 stroke:green,stroke-width:2.0px
linkStyle 9 stroke:#55f,stroke-width:2.0px
linkStyle 10 stroke-width:2.0px
linkStyle 11 stroke-width:2.0px
linkStyle 12 stroke:green,stroke-width:2.0px
linkStyle 13 stroke:#55f,stroke-width:2.0px
linkStyle 14 stroke-width:2.0px
linkStyle 15 stroke-width:2.0px
linkStyle 16 stroke:green,stroke-width:2.0px
linkStyle 17 stroke:#55f,stroke-width:2.0px
linkStyle 18 stroke-width:2.0px
linkStyle 19 stroke:green,stroke-width:2.0px
linkStyle 20 stroke:#55f,stroke-width:2.0px
linkStyle 21 stroke-width:2.0px
linkStyle 22 stroke-width:2.0px
linkStyle 23 stroke:green,stroke-width:2.0px
linkStyle 24 stroke:#55f,stroke-width:2.0px
linkStyle 25 stroke-width:2.0px
linkStyle 26 stroke-width:2.0px
linkStyle 27 stroke-width:2.0px
linkStyle 28 stroke:green,stroke-width:2.0px
linkStyle 29 stroke:#55f,stroke-width:2.0px
linkStyle 30 stroke-width:2.0px
linkStyle 31 stroke-width:2.0px
linkStyle 32 stroke:green,stroke-width:2.0px
linkStyle 33 stroke:#55f,stroke-width:2.0px
linkStyle 34 stroke-width:2.0px
linkStyle 35 stroke:green,stroke-width:2.0px
linkStyle 36 stroke:#55f,stroke-width:2.0px
linkStyle 37 stroke-width:2.0px
linkStyle 38 stroke:green,stroke-width:2.0px
linkStyle 39 stroke:#55f,stroke-width:2.0px
linkStyle 40 stroke-width:2.0px
linkStyle 41 stroke:green,stroke-width:2.0px
linkStyle 42 stroke:#55f,stroke-width:2.0px
There’s one final step. Since Thunder & Lightning Inc. added what are essentially new credentials, they need to wrap the envelope one more time, then sign it, to make their new claims verifiable.
{
{
{
CID(4676635a) [
"expirationDate": 2028-01-01
"firstName": "Danika"
"lastName": "Kaschak"
"subject": "RF and Microwave Engineering"
isA: "Certificate of Completion"
issuer: "Example Electrical Engineering Board"
ELIDED (8)
]
} [
note: "Signed by Example Electrical Engineering Board"
verifiedBy: Signature
]
} [
"employeeHiredDate": 2022-10-01
"employeeStatus": "active"
]
} [
note: "Signed by Thunder & Lightning Inc."
verifiedBy: Signature
]
graph LR
1(("275ac4ea<br/>NODE"))
2[/"a7bf95d5<br/>WRAPPED"\]
3(("abdedfa9<br/>NODE"))
4[/"41c818e9<br/>WRAPPED"\]
5(("820fcb63<br/>NODE"))
6[/"d8f990a1<br/>WRAPPED"\]
7(("b891373a<br/>NODE"))
8["3b888f3c<br/>CID(4676635a)"]
93d00d64f<br/>ELIDED
1044736993<br/>ELIDED
11(["46d6cfea<br/>ASSERTION"])
12[/"8982354d<br/>isA"/]
13["112e2cdb<br/>#quot;Certificate of Completion#quot;"]
144a69fca3<br/>ELIDED
15(["5545f6e2<br/>ASSERTION"])
16[/"954c8356<br/>issuer"/]
17["4035b4bd<br/>#quot;Example Electrical Engineering Board#quot;"]
185e75ff3b<br/>ELIDED
19(["61689bb7<br/>ASSERTION"])
20["e6c2932d<br/>#quot;expirationDate#quot;"]
21["b91eea18<br/>2028-01-01"]
22(["82825e3e<br/>ASSERTION"])
23["eb62836d<br/>#quot;lastName#quot;"]
24["86236e63<br/>#quot;Kaschak#quot;"]
25a0274d1c<br/>ELIDED
26(["e0070876<br/>ASSERTION"])
27["0eb38394<br/>#quot;subject#quot;"]
28["b059b0f2<br/>#quot;RF and Microwave Engineering#quot;"]
29e96b24d9<br/>ELIDED
30eb1f3ba0<br/>ELIDED
31(["f57c11a8<br/>ASSERTION"])
32["c4d5323d<br/>#quot;firstName#quot;"]
33["03ead475<br/>#quot;Danika#quot;"]
34fcb3d37a<br/>ELIDED
35(["040e7274<br/>ASSERTION"])
36[/"d59f8c0f<br/>verifiedBy"/]
37["3f1752a0<br/>Signature"]
38(["afe231cc<br/>ASSERTION"])
39[/"61fb6a6b<br/>note"/]
40["f4bf011f<br/>#quot;Signed by Example Electrical Engineering Board#quot;"]
41(["0001c9c5<br/>ASSERTION"])
42["134a1704<br/>#quot;employeeHiredDate#quot;"]
43["a3687c5b<br/>2022-10-01"]
44(["310b027f<br/>ASSERTION"])
45["f942ee55<br/>#quot;employeeStatus#quot;"]
46["919eb85d<br/>#quot;active#quot;"]
47(["36367ff6<br/>ASSERTION"])
48[/"d59f8c0f<br/>verifiedBy"/]
49["edca9a73<br/>Signature"]
50(["829934e2<br/>ASSERTION"])
51[/"61fb6a6b<br/>note"/]
52["0dca250c<br/>#quot;Signed by Thunder & Lightning Inc.#quot;"]
1 -->|subj| 2
2 -->|subj| 3
3 -->|subj| 4
4 -->|subj| 5
5 -->|subj| 6
6 -->|subj| 7
7 -->|subj| 8
7 --> 9
7 --> 10
7 --> 11
11 -->|pred| 12
11 -->|obj| 13
7 --> 14
7 --> 15
15 -->|pred| 16
15 -->|obj| 17
7 --> 18
7 --> 19
19 -->|pred| 20
19 -->|obj| 21
7 --> 22
22 -->|pred| 23
22 -->|obj| 24
7 --> 25
7 --> 26
26 -->|pred| 27
26 -->|obj| 28
7 --> 29
7 --> 30
7 --> 31
31 -->|pred| 32
31 -->|obj| 33
7 --> 34
5 --> 35
35 -->|pred| 36
35 -->|obj| 37
5 --> 38
38 -->|pred| 39
38 -->|obj| 40
3 --> 41
41 -->|pred| 42
41 -->|obj| 43
3 --> 44
44 -->|pred| 45
44 -->|obj| 46
1 --> 47
47 -->|pred| 48
47 -->|obj| 49
1 --> 50
50 -->|pred| 51
50 -->|obj| 52
style 1 stroke:red,stroke-width:3.0px
style 2 stroke:red,stroke-width:3.0px
style 3 stroke:red,stroke-width:3.0px
style 4 stroke:red,stroke-width:3.0px
style 5 stroke:red,stroke-width:3.0px
style 6 stroke:red,stroke-width:3.0px
style 7 stroke:red,stroke-width:3.0px
style 8 stroke:#55f,stroke-width:3.0px
style 9 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 10 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 11 stroke:red,stroke-width:3.0px
style 12 stroke:#55f,stroke-width:3.0px
style 13 stroke:#55f,stroke-width:3.0px
style 14 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 15 stroke:red,stroke-width:3.0px
style 16 stroke:#55f,stroke-width:3.0px
style 17 stroke:#55f,stroke-width:3.0px
style 18 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 19 stroke:red,stroke-width:3.0px
style 20 stroke:#55f,stroke-width:3.0px
style 21 stroke:#55f,stroke-width:3.0px
style 22 stroke:red,stroke-width:3.0px
style 23 stroke:#55f,stroke-width:3.0px
style 24 stroke:#55f,stroke-width:3.0px
style 25 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 26 stroke:red,stroke-width:3.0px
style 27 stroke:#55f,stroke-width:3.0px
style 28 stroke:#55f,stroke-width:3.0px
style 29 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 30 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 31 stroke:red,stroke-width:3.0px
style 32 stroke:#55f,stroke-width:3.0px
style 33 stroke:#55f,stroke-width:3.0px
style 34 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 35 stroke:red,stroke-width:3.0px
style 36 stroke:#55f,stroke-width:3.0px
style 37 stroke:#55f,stroke-width:3.0px
style 38 stroke:red,stroke-width:3.0px
style 39 stroke:#55f,stroke-width:3.0px
style 40 stroke:#55f,stroke-width:3.0px
style 41 stroke:red,stroke-width:3.0px
style 42 stroke:#55f,stroke-width:3.0px
style 43 stroke:#55f,stroke-width:3.0px
style 44 stroke:red,stroke-width:3.0px
style 45 stroke:#55f,stroke-width:3.0px
style 46 stroke:#55f,stroke-width:3.0px
style 47 stroke:red,stroke-width:3.0px
style 48 stroke:#55f,stroke-width:3.0px
style 49 stroke:#55f,stroke-width:3.0px
style 50 stroke:red,stroke-width:3.0px
style 51 stroke:#55f,stroke-width:3.0px
style 52 stroke:#55f,stroke-width:3.0px
linkStyle 0 stroke:red,stroke-width:2.0px
linkStyle 1 stroke:red,stroke-width:2.0px
linkStyle 2 stroke:red,stroke-width:2.0px
linkStyle 3 stroke:red,stroke-width:2.0px
linkStyle 4 stroke:red,stroke-width:2.0px
linkStyle 5 stroke:red,stroke-width:2.0px
linkStyle 6 stroke:red,stroke-width:2.0px
linkStyle 7 stroke-width:2.0px
linkStyle 8 stroke-width:2.0px
linkStyle 9 stroke-width:2.0px
linkStyle 10 stroke:green,stroke-width:2.0px
linkStyle 11 stroke:#55f,stroke-width:2.0px
linkStyle 12 stroke-width:2.0px
linkStyle 13 stroke-width:2.0px
linkStyle 14 stroke:green,stroke-width:2.0px
linkStyle 15 stroke:#55f,stroke-width:2.0px
linkStyle 16 stroke-width:2.0px
linkStyle 17 stroke-width:2.0px
linkStyle 18 stroke:green,stroke-width:2.0px
linkStyle 19 stroke:#55f,stroke-width:2.0px
linkStyle 20 stroke-width:2.0px
linkStyle 21 stroke:green,stroke-width:2.0px
linkStyle 22 stroke:#55f,stroke-width:2.0px
linkStyle 23 stroke-width:2.0px
linkStyle 24 stroke-width:2.0px
linkStyle 25 stroke:green,stroke-width:2.0px
linkStyle 26 stroke:#55f,stroke-width:2.0px
linkStyle 27 stroke-width:2.0px
linkStyle 28 stroke-width:2.0px
linkStyle 29 stroke-width:2.0px
linkStyle 30 stroke:green,stroke-width:2.0px
linkStyle 31 stroke:#55f,stroke-width:2.0px
linkStyle 32 stroke-width:2.0px
linkStyle 33 stroke-width:2.0px
linkStyle 34 stroke:green,stroke-width:2.0px
linkStyle 35 stroke:#55f,stroke-width:2.0px
linkStyle 36 stroke-width:2.0px
linkStyle 37 stroke:green,stroke-width:2.0px
linkStyle 38 stroke:#55f,stroke-width:2.0px
linkStyle 39 stroke-width:2.0px
linkStyle 40 stroke:green,stroke-width:2.0px
linkStyle 41 stroke:#55f,stroke-width:2.0px
linkStyle 42 stroke-width:2.0px
linkStyle 43 stroke:green,stroke-width:2.0px
linkStyle 44 stroke:#55f,stroke-width:2.0px
linkStyle 45 stroke-width:2.0px
linkStyle 46 stroke:green,stroke-width:2.0px
linkStyle 47 stroke:#55f,stroke-width:2.0px
linkStyle 48 stroke-width:2.0px
linkStyle 49 stroke:green,stroke-width:2.0px
linkStyle 50 stroke:#55f,stroke-width:2.0px
In case the hashes have gotten too small to read, here’s a look at the three stages of this use case using the --tree
function from envelope-cli
:
Redacted Credential:
820fcb63 NODE
d8f990a1 subj WRAPPED
b891373a subj NODE
3b888f3c subj CID(4676635a)
3d00d64f ELIDED
44736993 ELIDED
46d6cfea ASSERTION
8982354d pred isA
112e2cdb obj "Certificate of Completion"
4a69fca3 ELIDED
5545f6e2 ASSERTION
954c8356 pred issuer
4035b4bd obj "Example Electrical Engineering Board"
5e75ff3b ELIDED
61689bb7 ASSERTION
e6c2932d pred "expirationDate"
b91eea18 obj 2028-01-01
82825e3e ASSERTION
eb62836d pred "lastName"
86236e63 obj "Kaschak"
a0274d1c ELIDED
e0070876 ASSERTION
0eb38394 pred "subject"
b059b0f2 obj "RF and Microwave Engineering"
e96b24d9 ELIDED
eb1f3ba0 ELIDED
f57c11a8 ASSERTION
c4d5323d pred "firstName"
03ead475 obj "Danika"
fcb3d37a ELIDED
040e7274 ASSERTION
d59f8c0f pred verifiedBy
3f1752a0 obj Signature
afe231cc ASSERTION
61fb6a6b pred note
f4bf011f obj "Signed by Example Electrical Engineering Board"
Redacted Credential with Employment Credentials:
abdedfa9 NODE
41c818e9 subj WRAPPED
820fcb63 subj NODE
d8f990a1 subj WRAPPED
b891373a subj NODE
3b888f3c subj CID(4676635a)
3d00d64f ELIDED
44736993 ELIDED
46d6cfea ASSERTION
8982354d pred isA
112e2cdb obj "Certificate of Completion"
4a69fca3 ELIDED
5545f6e2 ASSERTION
954c8356 pred issuer
4035b4bd obj "Example Electrical Engineering Board"
5e75ff3b ELIDED
61689bb7 ASSERTION
e6c2932d pred "expirationDate"
b91eea18 obj 2028-01-01
82825e3e ASSERTION
eb62836d pred "lastName"
86236e63 obj "Kaschak"
a0274d1c ELIDED
e0070876 ASSERTION
0eb38394 pred "subject"
b059b0f2 obj "RF and Microwave Engineering"
e96b24d9 ELIDED
eb1f3ba0 ELIDED
f57c11a8 ASSERTION
c4d5323d pred "firstName"
03ead475 obj "Danika"
fcb3d37a ELIDED
040e7274 ASSERTION
d59f8c0f pred verifiedBy
3f1752a0 obj Signature
afe231cc ASSERTION
61fb6a6b pred note
f4bf011f obj "Signed by Example Electrical Engineering Board"
0001c9c5 ASSERTION
134a1704 pred "employeeHiredDate"
a3687c5b obj 2022-10-01
310b027f ASSERTION
f942ee55 pred "employeeStatus"
919eb85d obj "active"
Redacted Credentials with Employment Warranty:
275ac4ea NODE
a7bf95d5 subj WRAPPED
abdedfa9 subj NODE
41c818e9 subj WRAPPED
820fcb63 subj NODE
d8f990a1 subj WRAPPED
b891373a subj NODE
3b888f3c subj CID(4676635a)
3d00d64f ELIDED
44736993 ELIDED
46d6cfea ASSERTION
8982354d pred isA
112e2cdb obj "Certificate of Completion"
4a69fca3 ELIDED
5545f6e2 ASSERTION
954c8356 pred issuer
4035b4bd obj "Example Electrical Engineering Board"
5e75ff3b ELIDED
61689bb7 ASSERTION
e6c2932d pred "expirationDate"
b91eea18 obj 2028-01-01
82825e3e ASSERTION
eb62836d pred "lastName"
86236e63 obj "Kaschak"
a0274d1c ELIDED
e0070876 ASSERTION
0eb38394 pred "subject"
b059b0f2 obj "RF and Microwave Engineering"
e96b24d9 ELIDED
eb1f3ba0 ELIDED
f57c11a8 ASSERTION
c4d5323d pred "firstName"
03ead475 obj "Danika"
fcb3d37a ELIDED
040e7274 ASSERTION
d59f8c0f pred verifiedBy
3f1752a0 obj Signature
afe231cc ASSERTION
61fb6a6b pred note
f4bf011f obj "Signed by Example Electrical Engineering Board"
0001c9c5 ASSERTION
134a1704 pred "employeeHiredDate"
a3687c5b obj 2022-10-01
310b027f ASSERTION
f942ee55 pred "employeeStatus"
919eb85d obj "active"
36367ff6 ASSERTION
d59f8c0f pred verifiedBy
edca9a73 obj Signature
829934e2 ASSERTION
61fb6a6b pred note
0dca250c obj "Signed by Thunder & Lightning Inc."
Danika and Thunder & Lightning have successfully minimized Danika’s credential information while simultaneously sharing it as part of an open credential infrastructure.
Part Two: Web of Trust Credentials
It can be relatively easy to validate official credentials from centralized authorities. However, Gordian Envelopes also allow for the issuance of peer-to-peer credentials by incorporating metadata that can aid in their validation.
4. Omar Offers an Open Badge [Web of Trust Credentials]
- Use Case: Jonathan wants to prove his expertise in blockchain tech writing, but there are no official credentials.
- Independence Benefits: Anyone can be an issuer and/or signer of credits in a Web of Trust, reducing the dependence on centralized authorities.
- Openness Benefits: The open system underlying Gordian Envelope is what allows for the ease of issuance.
Jonathan has been doing technical writing on blockchains for a few years and wants to extend that into a freelance career. Unfortunately, most of his extant writing has been internal documents, and so he can’t point potential employers to them.
Omar, an expert in blockchain technical writing, has GitHub repos that are filled with examples of his own excellent writing, and that’s led him to offer Open Badges for other people whose writing he thinks is up to spec. Omar can create a badge for Jonathan by writing a credential and signing it with his GitHub private key. Validators can then assess the validity of that peer-to-peer credential by looking at the contents of Omar’s own GitHub and determining whether he has sufficient expertise to provide that credential.
After positively assessing Jonath’s tech writing, Omar thus creates a credential that identifies Jonathan and certifies his expertise:
"Jonathan Jakes" [
"certificate": "2022-037" [
isA: "Assessment of Blockchain Tech Writing Expertise"
]
"githubID": "jojokes"
"pubkey": "ur:crypto-hdkey/onaxhdclaohldlmdrtlacxhnfpptplfyltwelafsnezslyndhllnvdimmwlpylkbwzjltbdmenaahdcxlejt…"
]
graph LR
1(("890c7f8e<br/>NODE"))
2["2c140637<br/>#quot;Jonathan Jakes#quot;"]
3(["3abce517<br/>ASSERTION"])
4["57c6b19e<br/>#quot;githubID#quot;"]
5["5be46279<br/>#quot;jojokes#quot;"]
6(["476105b1<br/>ASSERTION"])
7["d52596f8<br/>#quot;pubkey#quot;"]
8["b25d41f3<br/>#quot;ur:crypto-hdkey/onaxhdclaohldlmd...#quot;"]
9(["e814cf8a<br/>ASSERTION"])
10["c94ddd29<br/>#quot;certificate#quot;"]
11(("c7f812f6<br/>NODE"))
12["455a611f<br/>#quot;2022-037#quot;"]
13(["23b7e1d5<br/>ASSERTION"])
14[/"8982354d<br/>isA"/]
15["92a65996<br/>#quot;Assessment of Blockchain Tech Writing Expertise#quot;"]
1 -->|subj| 2
1 --> 3
3 -->|pred| 4
3 -->|obj| 5
1 --> 6
6 -->|pred| 7
6 -->|obj| 8
1 --> 9
9 -->|pred| 10
9 -->|obj| 11
11 -->|subj| 12
11 --> 13
13 -->|pred| 14
13 -->|obj| 15
style 1 stroke:red,stroke-width:3.0px
style 2 stroke:#55f,stroke-width:3.0px
style 3 stroke:red,stroke-width:3.0px
style 4 stroke:#55f,stroke-width:3.0px
style 5 stroke:#55f,stroke-width:3.0px
style 6 stroke:red,stroke-width:3.0px
style 7 stroke:#55f,stroke-width:3.0px
style 8 stroke:#55f,stroke-width:3.0px
style 9 stroke:red,stroke-width:3.0px
style 10 stroke:#55f,stroke-width:3.0px
style 11 stroke:red,stroke-width:3.0px
style 12 stroke:#55f,stroke-width:3.0px
style 13 stroke:red,stroke-width:3.0px
style 14 stroke:#55f,stroke-width:3.0px
style 15 stroke:#55f,stroke-width:3.0px
linkStyle 0 stroke:red,stroke-width:2.0px
linkStyle 1 stroke-width:2.0px
linkStyle 2 stroke:green,stroke-width:2.0px
linkStyle 3 stroke:#55f,stroke-width:2.0px
linkStyle 4 stroke-width:2.0px
linkStyle 5 stroke:green,stroke-width:2.0px
linkStyle 6 stroke:#55f,stroke-width:2.0px
linkStyle 7 stroke-width:2.0px
linkStyle 8 stroke:green,stroke-width:2.0px
linkStyle 9 stroke:#55f,stroke-width:2.0px
linkStyle 10 stroke:red,stroke-width:2.0px
linkStyle 11 stroke-width:2.0px
linkStyle 12 stroke:green,stroke-width:2.0px
linkStyle 13 stroke:#55f,stroke-width:2.0px
While creating the credential, Omar adds on information to identify himself by using a certifiedBy
predicate that he places in the certificate
:
"Jonathan Jakes" [
"certificate": "2022-037" [
"certifiedBy": "Omar Chaim" [
"githubID": "omarc-bc-guy"
"pubkeyURL": "https://github.com/omarc-bc-guy.keys"
]
isA: "Assessment of Blockchain Tech Writing Expertise"
]
"githubID": "jojokes"
"pubkey": "ur:crypto-hdkey/onaxhdclaohldlmdrtlacxhnfpptplfyltwelafsnezslyndhllnvdimmwlpylkbwzjltbdmenaahdcxlejt…"
]
graph LR
1(("1e8dd312<br/>NODE"))
2["2c140637<br/>#quot;Jonathan Jakes#quot;"]
3(["3abce517<br/>ASSERTION"])
4["57c6b19e<br/>#quot;githubID#quot;"]
5["5be46279<br/>#quot;jojokes#quot;"]
6(["476105b1<br/>ASSERTION"])
7["d52596f8<br/>#quot;pubkey#quot;"]
8["b25d41f3<br/>#quot;ur:crypto-hdkey/onaxhdclaohldlmd...#quot;"]
9(["93a06fff<br/>ASSERTION"])
10["c94ddd29<br/>#quot;certificate#quot;"]
11(("d885a1ee<br/>NODE"))
12["455a611f<br/>#quot;2022-037#quot;"]
13(["23b7e1d5<br/>ASSERTION"])
14[/"8982354d<br/>isA"/]
15["92a65996<br/>#quot;Assessment of Blockchain Tech Writing Expertise#quot;"]
16(["73691a34<br/>ASSERTION"])
17["7eb11472<br/>#quot;certifiedBy#quot;"]
18(("c3a22f99<br/>NODE"))
19["6759e148<br/>#quot;Omar Chaim#quot;"]
20(["03aee188<br/>ASSERTION"])
21["57c6b19e<br/>#quot;githubID#quot;"]
22["34e0c09c<br/>#quot;omarc-bc-guy#quot;"]
23(["9bc4beec<br/>ASSERTION"])
24["29c0cd61<br/>#quot;pubkeyURL#quot;"]
25["78d7942e<br/>#quot;https://github.com/omarc-bc-guy.keys#quot;"]
1 -->|subj| 2
1 --> 3
3 -->|pred| 4
3 -->|obj| 5
1 --> 6
6 -->|pred| 7
6 -->|obj| 8
1 --> 9
9 -->|pred| 10
9 -->|obj| 11
11 -->|subj| 12
11 --> 13
13 -->|pred| 14
13 -->|obj| 15
11 --> 16
16 -->|pred| 17
16 -->|obj| 18
18 -->|subj| 19
18 --> 20
20 -->|pred| 21
20 -->|obj| 22
18 --> 23
23 -->|pred| 24
23 -->|obj| 25
style 1 stroke:red,stroke-width:3.0px
style 2 stroke:#55f,stroke-width:3.0px
style 3 stroke:red,stroke-width:3.0px
style 4 stroke:#55f,stroke-width:3.0px
style 5 stroke:#55f,stroke-width:3.0px
style 6 stroke:red,stroke-width:3.0px
style 7 stroke:#55f,stroke-width:3.0px
style 8 stroke:#55f,stroke-width:3.0px
style 9 stroke:red,stroke-width:3.0px
style 10 stroke:#55f,stroke-width:3.0px
style 11 stroke:red,stroke-width:3.0px
style 12 stroke:#55f,stroke-width:3.0px
style 13 stroke:red,stroke-width:3.0px
style 14 stroke:#55f,stroke-width:3.0px
style 15 stroke:#55f,stroke-width:3.0px
style 16 stroke:red,stroke-width:3.0px
style 17 stroke:#55f,stroke-width:3.0px
style 18 stroke:red,stroke-width:3.0px
style 19 stroke:#55f,stroke-width:3.0px
style 20 stroke:red,stroke-width:3.0px
style 21 stroke:#55f,stroke-width:3.0px
style 22 stroke:#55f,stroke-width:3.0px
style 23 stroke:red,stroke-width:3.0px
style 24 stroke:#55f,stroke-width:3.0px
style 25 stroke:#55f,stroke-width:3.0px
linkStyle 0 stroke:red,stroke-width:2.0px
linkStyle 1 stroke-width:2.0px
linkStyle 2 stroke:green,stroke-width:2.0px
linkStyle 3 stroke:#55f,stroke-width:2.0px
linkStyle 4 stroke-width:2.0px
linkStyle 5 stroke:green,stroke-width:2.0px
linkStyle 6 stroke:#55f,stroke-width:2.0px
linkStyle 7 stroke-width:2.0px
linkStyle 8 stroke:green,stroke-width:2.0px
linkStyle 9 stroke:#55f,stroke-width:2.0px
linkStyle 10 stroke:red,stroke-width:2.0px
linkStyle 11 stroke-width:2.0px
linkStyle 12 stroke:green,stroke-width:2.0px
linkStyle 13 stroke:#55f,stroke-width:2.0px
linkStyle 14 stroke-width:2.0px
linkStyle 15 stroke:green,stroke-width:2.0px
linkStyle 16 stroke:#55f,stroke-width:2.0px
linkStyle 17 stroke:red,stroke-width:2.0px
linkStyle 18 stroke-width:2.0px
linkStyle 19 stroke:green,stroke-width:2.0px
linkStyle 20 stroke:#55f,stroke-width:2.0px
linkStyle 21 stroke-width:2.0px
linkStyle 22 stroke:green,stroke-width:2.0px
linkStyle 23 stroke:#55f,stroke-width:2.0px
The githubID
is what acts as Omar’s own credential. Validators can view it to decide the worth of Omar’s certification, as is traditional in a web of trust. pubkeyURL
is meant as a hint so that validators don’t have to figure out where to look up the public key associated with the GitHub-ID, but obviously any validator will need to thoughtfully consider whether the hint is proper and links to the ID shown.
To finalize the Open Badge, Omar must then wrap the envelope and sign it with the private key associated with the public key he has registered on GitHub.
{
"Jonathan Jakes" [
"certificate": "2022-037" [
"certifiedBy": "Omar Chaim" [
"githubID": "omarc-bc-guy"
"pubkeyURL": "https://github.com/omarc-bc-guy.keys"
]
isA: "Assessment of Blockchain Tech Writing Expertise"
]
"githubID": "jojokes"
"pubkey": "ur:crypto-hdkey/onaxhdclaohldlmdrtlacxhnfpptplfyltwelafsnezslyndhllnvdimmwlpylkbwzjltbdmenaahdcxlejt…"
]
} [
verifiedBy: Signature
]
graph LR
1(("c038c4f0<br/>NODE"))
2[/"a2e3be2a<br/>WRAPPED"\]
3(("1e8dd312<br/>NODE"))
4["2c140637<br/>#quot;Jonathan Jakes#quot;"]
5(["3abce517<br/>ASSERTION"])
6["57c6b19e<br/>#quot;githubID#quot;"]
7["5be46279<br/>#quot;jojokes#quot;"]
8(["476105b1<br/>ASSERTION"])
9["d52596f8<br/>#quot;pubkey#quot;"]
10["b25d41f3<br/>#quot;ur:crypto-hdkey/onaxhdclaohldlmd...#quot;"]
11(["93a06fff<br/>ASSERTION"])
12["c94ddd29<br/>#quot;certificate#quot;"]
13(("d885a1ee<br/>NODE"))
14["455a611f<br/>#quot;2022-037#quot;"]
15(["23b7e1d5<br/>ASSERTION"])
16[/"8982354d<br/>isA"/]
17["92a65996<br/>#quot;Assessment of Blockchain Tech Writing Expertise#quot;"]
18(["73691a34<br/>ASSERTION"])
19["7eb11472<br/>#quot;certifiedBy#quot;"]
20(("c3a22f99<br/>NODE"))
21["6759e148<br/>#quot;Omar Chaim#quot;"]
22(["03aee188<br/>ASSERTION"])
23["57c6b19e<br/>#quot;githubID#quot;"]
24["34e0c09c<br/>#quot;omarc-bc-guy#quot;"]
25(["9bc4beec<br/>ASSERTION"])
26["29c0cd61<br/>#quot;pubkeyURL#quot;"]
27["78d7942e<br/>#quot;https://github.com/omarc-bc-guy.keys#quot;"]
28(["3b53237e<br/>ASSERTION"])
29[/"d59f8c0f<br/>verifiedBy"/]
30["fc5bb849<br/>Signature"]
1 -->|subj| 2
2 -->|subj| 3
3 -->|subj| 4
3 --> 5
5 -->|pred| 6
5 -->|obj| 7
3 --> 8
8 -->|pred| 9
8 -->|obj| 10
3 --> 11
11 -->|pred| 12
11 -->|obj| 13
13 -->|subj| 14
13 --> 15
15 -->|pred| 16
15 -->|obj| 17
13 --> 18
18 -->|pred| 19
18 -->|obj| 20
20 -->|subj| 21
20 --> 22
22 -->|pred| 23
22 -->|obj| 24
20 --> 25
25 -->|pred| 26
25 -->|obj| 27
1 --> 28
28 -->|pred| 29
28 -->|obj| 30
style 1 stroke:red,stroke-width:3.0px
style 2 stroke:red,stroke-width:3.0px
style 3 stroke:red,stroke-width:3.0px
style 4 stroke:#55f,stroke-width:3.0px
style 5 stroke:red,stroke-width:3.0px
style 6 stroke:#55f,stroke-width:3.0px
style 7 stroke:#55f,stroke-width:3.0px
style 8 stroke:red,stroke-width:3.0px
style 9 stroke:#55f,stroke-width:3.0px
style 10 stroke:#55f,stroke-width:3.0px
style 11 stroke:red,stroke-width:3.0px
style 12 stroke:#55f,stroke-width:3.0px
style 13 stroke:red,stroke-width:3.0px
style 14 stroke:#55f,stroke-width:3.0px
style 15 stroke:red,stroke-width:3.0px
style 16 stroke:#55f,stroke-width:3.0px
style 17 stroke:#55f,stroke-width:3.0px
style 18 stroke:red,stroke-width:3.0px
style 19 stroke:#55f,stroke-width:3.0px
style 20 stroke:red,stroke-width:3.0px
style 21 stroke:#55f,stroke-width:3.0px
style 22 stroke:red,stroke-width:3.0px
style 23 stroke:#55f,stroke-width:3.0px
style 24 stroke:#55f,stroke-width:3.0px
style 25 stroke:red,stroke-width:3.0px
style 26 stroke:#55f,stroke-width:3.0px
style 27 stroke:#55f,stroke-width:3.0px
style 28 stroke:red,stroke-width:3.0px
style 29 stroke:#55f,stroke-width:3.0px
style 30 stroke:#55f,stroke-width:3.0px
linkStyle 0 stroke:red,stroke-width:2.0px
linkStyle 1 stroke:red,stroke-width:2.0px
linkStyle 2 stroke:red,stroke-width:2.0px
linkStyle 3 stroke-width:2.0px
linkStyle 4 stroke:green,stroke-width:2.0px
linkStyle 5 stroke:#55f,stroke-width:2.0px
linkStyle 6 stroke-width:2.0px
linkStyle 7 stroke:green,stroke-width:2.0px
linkStyle 8 stroke:#55f,stroke-width:2.0px
linkStyle 9 stroke-width:2.0px
linkStyle 10 stroke:green,stroke-width:2.0px
linkStyle 11 stroke:#55f,stroke-width:2.0px
linkStyle 12 stroke:red,stroke-width:2.0px
linkStyle 13 stroke-width:2.0px
linkStyle 14 stroke:green,stroke-width:2.0px
linkStyle 15 stroke:#55f,stroke-width:2.0px
linkStyle 16 stroke-width:2.0px
linkStyle 17 stroke:green,stroke-width:2.0px
linkStyle 18 stroke:#55f,stroke-width:2.0px
linkStyle 19 stroke:red,stroke-width:2.0px
linkStyle 20 stroke-width:2.0px
linkStyle 21 stroke:green,stroke-width:2.0px
linkStyle 22 stroke:#55f,stroke-width:2.0px
linkStyle 23 stroke-width:2.0px
linkStyle 24 stroke:green,stroke-width:2.0px
linkStyle 25 stroke:#55f,stroke-width:2.0px
linkStyle 26 stroke-width:2.0px
linkStyle 27 stroke:green,stroke-width:2.0px
linkStyle 28 stroke:#55f,stroke-width:2.0px
It’s not just that Jonathan and Omar were able to create this credential where no official one existed: it’s also that they were able to do so without the support of a centralized entity. Their credential reveals one person supporting another, which was the central promise of the original web of trust.
Part Three: Herd Privacy Credentials
Educational credentials are usually presumed to be packaged in discrete Envelopes that identify a single user. However, some situations may benefit from conglomerating thousands of credentials in a single Envelope, giving each of those users privacy — even from the credential issuer! The following examples include a pair of progressive use cases showing how an internet user can benefit from herd privacy and then a single example demonstrating how a company can do so.
5. Paul Privately Proves Proficiency [Herd Privacy]
- Use Case: Paul wants a credential, but he doesn’t trust the organization giving out the credentials with his personal information!
- Independence Benefits: Paul is in total control. He decides when to apply for a credential. He limits the issuer’s knowledge to only his expertise. He decides whether to ever reveal his possession of the credential.
- Privacy Benefits Paul ensures that the issuer never gains any information about him, not even his email address. He in fact never makes a connection to the issuer other than through an IP address that he uses to take a test, which of course can be hidden through a VPN. Later, his credential is hidden as a hash amidst many others. No one can decipher it without a proof from Paul, which means Paul’s connection to the credential is only revealed if he desires.
Paul wants to get a credential showing proficiency in Gordian Envelope from Blockchain Commons, but he’s a good Cypherpunk: he knows not to trust any organization. Fortunately, Blockchain Commons has privacy-protecting options.
Paul can take an online test in either Basic form (automated Q&A with a time limit) or Advanced form (Q&A with a live proctor on Zoom). He chooses the former, again for privacy reasons. After he succeeds at the test (50 out of 50, of course!), he needs to get his credential.
At this point, most credential issuers would require Paul to give up an email address and then mail them the personal credential, but Blockchain Commons’ privacy preserving methodology simply requires Paul to give them a self certifying identifier or some sort (for which he presumably controls the private key). They’ll then embed that identifier in a very large Envelope with the credentials of everyone who succeeded at the test that month. (Paul must wait until the Envelope is generated before he can prove anything!)
At the end of the month, Blockchain Commons will create a large Gordian Envelope that contains the identifiers of everyone who passed their test that month, with a statement as to whether each DID isBasic
or isAdvanced
. However, it will be largely elided to protect everyone’s privacy! Paul will then be able to create a simple proof that shows he’s a member of the class … but remains relatively anonymous until he does so.
The following example shows a credential for a number of different participants. A real-life example would likely have hundreds of entries to ensure herd privacy, but that’s reduced here for readability:
"Blockchain Commons Certifactions #13" [
"certifiedBy": "Blockchain Commons" [
"pubkeyURL": "https://www.blockchaincommons.com/certification.keys"
]
"date": "11-01-2022"
"isAdvanced": "ur:crypto-cid/hdcxbetimuglwppshfqdsahsktgmnelsjnbdcanspmnshkpecxcfztlkiohgenytntmkaxjngadt"
"isAdvanced": "ur:crypto-cid/hdcxjsdwaegrpfwmbkehhscwmshpchlnhhayadadwszcghhtmnzcgomhutcmytldfwpadmdlcwfe"
"isAdvanced": "ur:crypto-cid/hdcxmhtnnlcshsjzhywyhgttsrgulstdwdnezesekosndnfxswzezolrfdcwlulacxeopdkghnht"
"isBasic": "ur:crypto-cid/hdcxaepthffshppabkgydawmlftbpfrnaefzrdjehybwtskgmwveenwzntpyhdrpsfqzsgqdftnb"
"isBasic": "ur:crypto-cid/hdcxdkmhpfathyyltnnboypsemehkimudnkgeyosgolncfmdnboypsecpsghtefzetkndpeylrfz"
"isBasic": "ur:crypto-cid/hdcxfnmdsrgdkbvekoecwevystbaztbwcshpqdbzkeatjlndlywepyctlkvwemhkiyhtenwnghda"
"isBasic": "ur:crypto-cid/hdcxhnutcyktgtfxotvegrhllypakenlgoetmnnlimsktppkssloghpahsdeparktbkerebatyce"
"isBasic": "ur:crypto-cid/hdcxiadtuowtsrynlfbslgplynrlonpfbaeolkbzztsngtasjpenwmdevojsgmplishhurkebnts"
"isBasic": "ur:crypto-cid/hdcxmnktvdgeettlfmbklytaseayoeplwynbsawdurmuuelbbsfxbbaxkkpsemjovybzswqdssva"
"isBasic": "ur:crypto-cid/hdcxuykblalfdalsvaplrfzsoxqdvdclstmdtssfdatkmecwnsbzmseohswldaytdmsfbwaxvewp"
]
graph LR
1(("8454109e<br/>NODE"))
2["7d0782b8<br/>#quot;Blockchain Commons Certifactions #13#quot;"]
3(["0d31bdce<br/>ASSERTION"])
4["2100a83d<br/>#quot;isBasic#quot;"]
5["03e7479a<br/>#quot;ur:crypto-cid/hdcxdkmhpfathyyltnnboypsemehkimudnkgeyosgolncfmdnboypsecpsghtefzetkndpeylrfz#quot;"]
6(["0e421d2e<br/>ASSERTION"])
7["127a2386<br/>#quot;date#quot;"]
8["c666f06c<br/>#quot;11-01-2022#quot;"]
9(["336f50d3<br/>ASSERTION"])
10["d68d0704<br/>#quot;isAdvanced#quot;"]
11["9fb97d91<br/>#quot;ur:crypto-cid/hdcxjsdwaegrpfwmbkehhscwmshpchlnhhayadadwszcghhtmnzcgomhutcmytldfwpadmdlcwfe#quot;"]
12(["58f1cdd3<br/>ASSERTION"])
13["2100a83d<br/>#quot;isBasic#quot;"]
14["478112c2<br/>#quot;ur:crypto-cid/hdcxiadtuowtsrynlfbslgplynrlonpfbaeolkbzztsngtasjpenwmdevojsgmplishhurkebnts#quot;"]
15(["5b278116<br/>ASSERTION"])
16["2100a83d<br/>#quot;isBasic#quot;"]
17["262db130<br/>#quot;ur:crypto-cid/hdcxhnutcyktgtfxotvegrhllypakenlgoetmnnlimsktppkssloghpahsdeparktbkerebatyce#quot;"]
18(["64e8fe1e<br/>ASSERTION"])
19["7eb11472<br/>#quot;certifiedBy#quot;"]
20(("55378d51<br/>NODE"))
21["8ae1d503<br/>#quot;Blockchain Commons#quot;"]
22(["b0a1cbca<br/>ASSERTION"])
23["29c0cd61<br/>#quot;pubkeyURL#quot;"]
24["04d0d649<br/>#quot;https://www.blockchaincommons.com/certification.keys#quot;"]
25(["92f71067<br/>ASSERTION"])
26["2100a83d<br/>#quot;isBasic#quot;"]
27["37a1d85a<br/>#quot;ur:crypto-cid/hdcxfnmdsrgdkbvekoecwevystbaztbwcshpqdbzkeatjlndlywepyctlkvwemhkiyhtenwnghda#quot;"]
28(["b22278f9<br/>ASSERTION"])
29["d68d0704<br/>#quot;isAdvanced#quot;"]
30["3410120d<br/>#quot;ur:crypto-cid/hdcxmhtnnlcshsjzhywyhgttsrgulstdwdnezesekosndnfxswzezolrfdcwlulacxeopdkghnht#quot;"]
31(["c2f3fe78<br/>ASSERTION"])
32["2100a83d<br/>#quot;isBasic#quot;"]
33["950f78c1<br/>#quot;ur:crypto-cid/hdcxuykblalfdalsvaplrfzsoxqdvdclstmdtssfdatkmecwnsbzmseohswldaytdmsfbwaxvewp#quot;"]
34(["c3bd8189<br/>ASSERTION"])
35["2100a83d<br/>#quot;isBasic#quot;"]
36["a3c3105c<br/>#quot;ur:crypto-cid/hdcxmnktvdgeettlfmbklytaseayoeplwynbsawdurmuuelbbsfxbbaxkkpsemjovybzswqdssva#quot;"]
37(["ca13e82f<br/>ASSERTION"])
38["2100a83d<br/>#quot;isBasic#quot;"]
39["eb9d612b<br/>#quot;ur:crypto-cid/hdcxaepthffshppabkgydawmlftbpfrnaefzrdjehybwtskgmwveenwzntpyhdrpsfqzsgqdftnb#quot;"]
40(["e67d3bb2<br/>ASSERTION"])
41["d68d0704<br/>#quot;isAdvanced#quot;"]
42["a285aabe<br/>#quot;ur:crypto-cid/hdcxbetimuglwppshfqdsahsktgmnelsjnbdcanspmnshkpecxcfztlkiohgenytntmkaxjngadt#quot;"]
1 -->|subj| 2
1 --> 3
3 -->|pred| 4
3 -->|obj| 5
1 --> 6
6 -->|pred| 7
6 -->|obj| 8
1 --> 9
9 -->|pred| 10
9 -->|obj| 11
1 --> 12
12 -->|pred| 13
12 -->|obj| 14
1 --> 15
15 -->|pred| 16
15 -->|obj| 17
1 --> 18
18 -->|pred| 19
18 -->|obj| 20
20 -->|subj| 21
20 --> 22
22 -->|pred| 23
22 -->|obj| 24
1 --> 25
25 -->|pred| 26
25 -->|obj| 27
1 --> 28
28 -->|pred| 29
28 -->|obj| 30
1 --> 31
31 -->|pred| 32
31 -->|obj| 33
1 --> 34
34 -->|pred| 35
34 -->|obj| 36
1 --> 37
37 -->|pred| 38
37 -->|obj| 39
1 --> 40
40 -->|pred| 41
40 -->|obj| 42
style 1 stroke:red,stroke-width:3.0px
style 2 stroke:#55f,stroke-width:3.0px
style 3 stroke:red,stroke-width:3.0px
style 4 stroke:#55f,stroke-width:3.0px
style 5 stroke:#55f,stroke-width:3.0px
style 6 stroke:red,stroke-width:3.0px
style 7 stroke:#55f,stroke-width:3.0px
style 8 stroke:#55f,stroke-width:3.0px
style 9 stroke:red,stroke-width:3.0px
style 10 stroke:#55f,stroke-width:3.0px
style 11 stroke:#55f,stroke-width:3.0px
style 12 stroke:red,stroke-width:3.0px
style 13 stroke:#55f,stroke-width:3.0px
style 14 stroke:#55f,stroke-width:3.0px
style 15 stroke:red,stroke-width:3.0px
style 16 stroke:#55f,stroke-width:3.0px
style 17 stroke:#55f,stroke-width:3.0px
style 18 stroke:red,stroke-width:3.0px
style 19 stroke:#55f,stroke-width:3.0px
style 20 stroke:red,stroke-width:3.0px
style 21 stroke:#55f,stroke-width:3.0px
style 22 stroke:red,stroke-width:3.0px
style 23 stroke:#55f,stroke-width:3.0px
style 24 stroke:#55f,stroke-width:3.0px
style 25 stroke:red,stroke-width:3.0px
style 26 stroke:#55f,stroke-width:3.0px
style 27 stroke:#55f,stroke-width:3.0px
style 28 stroke:red,stroke-width:3.0px
style 29 stroke:#55f,stroke-width:3.0px
style 30 stroke:#55f,stroke-width:3.0px
style 31 stroke:red,stroke-width:3.0px
style 32 stroke:#55f,stroke-width:3.0px
style 33 stroke:#55f,stroke-width:3.0px
style 34 stroke:red,stroke-width:3.0px
style 35 stroke:#55f,stroke-width:3.0px
style 36 stroke:#55f,stroke-width:3.0px
style 37 stroke:red,stroke-width:3.0px
style 38 stroke:#55f,stroke-width:3.0px
style 39 stroke:#55f,stroke-width:3.0px
style 40 stroke:red,stroke-width:3.0px
style 41 stroke:#55f,stroke-width:3.0px
style 42 stroke:#55f,stroke-width:3.0px
linkStyle 0 stroke:red,stroke-width:2.0px
linkStyle 1 stroke-width:2.0px
linkStyle 2 stroke:green,stroke-width:2.0px
linkStyle 3 stroke:#55f,stroke-width:2.0px
linkStyle 4 stroke-width:2.0px
linkStyle 5 stroke:green,stroke-width:2.0px
linkStyle 6 stroke:#55f,stroke-width:2.0px
linkStyle 7 stroke-width:2.0px
linkStyle 8 stroke:green,stroke-width:2.0px
linkStyle 9 stroke:#55f,stroke-width:2.0px
linkStyle 10 stroke-width:2.0px
linkStyle 11 stroke:green,stroke-width:2.0px
linkStyle 12 stroke:#55f,stroke-width:2.0px
linkStyle 13 stroke-width:2.0px
linkStyle 14 stroke:green,stroke-width:2.0px
linkStyle 15 stroke:#55f,stroke-width:2.0px
linkStyle 16 stroke-width:2.0px
linkStyle 17 stroke:green,stroke-width:2.0px
linkStyle 18 stroke:#55f,stroke-width:2.0px
linkStyle 19 stroke:red,stroke-width:2.0px
linkStyle 20 stroke-width:2.0px
linkStyle 21 stroke:green,stroke-width:2.0px
linkStyle 22 stroke:#55f,stroke-width:2.0px
linkStyle 23 stroke-width:2.0px
linkStyle 24 stroke:green,stroke-width:2.0px
linkStyle 25 stroke:#55f,stroke-width:2.0px
linkStyle 26 stroke-width:2.0px
linkStyle 27 stroke:green,stroke-width:2.0px
linkStyle 28 stroke:#55f,stroke-width:2.0px
linkStyle 29 stroke-width:2.0px
linkStyle 30 stroke:green,stroke-width:2.0px
linkStyle 31 stroke:#55f,stroke-width:2.0px
linkStyle 32 stroke-width:2.0px
linkStyle 33 stroke:green,stroke-width:2.0px
linkStyle 34 stroke:#55f,stroke-width:2.0px
linkStyle 35 stroke-width:2.0px
linkStyle 36 stroke:green,stroke-width:2.0px
linkStyle 37 stroke:#55f,stroke-width:2.0px
linkStyle 38 stroke-width:2.0px
linkStyle 39 stroke:green,stroke-width:2.0px
linkStyle 40 stroke:#55f,stroke-width:2.0px
As usual, a signature is required to verify credentials. The credentials are thus wrapped and signed. This signature should match the pubkeyURL
provided.
{
"Blockchain Commons Certifactions #13" [
"certifiedBy": "Blockchain Commons" [
"pubkeyURL": "https://www.blockchaincommons.com/certification.keys"
]
"date": "11-01-2022"
"isAdvanced": "ur:crypto-cid/hdcxbetimuglwppshfqdsahsktgmnelsjnbdcanspmnshkpecxcfztlkiohgenytntmkaxjngadt"
"isAdvanced": "ur:crypto-cid/hdcxjsdwaegrpfwmbkehhscwmshpchlnhhayadadwszcghhtmnzcgomhutcmytldfwpadmdlcwfe"
"isAdvanced": "ur:crypto-cid/hdcxmhtnnlcshsjzhywyhgttsrgulstdwdnezesekosndnfxswzezolrfdcwlulacxeopdkghnht"
"isBasic": "ur:crypto-cid/hdcxaepthffshppabkgydawmlftbpfrnaefzrdjehybwtskgmwveenwzntpyhdrpsfqzsgqdftnb"
"isBasic": "ur:crypto-cid/hdcxdkmhpfathyyltnnboypsemehkimudnkgeyosgolncfmdnboypsecpsghtefzetkndpeylrfz"
"isBasic": "ur:crypto-cid/hdcxfnmdsrgdkbvekoecwevystbaztbwcshpqdbzkeatjlndlywepyctlkvwemhkiyhtenwnghda"
"isBasic": "ur:crypto-cid/hdcxhnutcyktgtfxotvegrhllypakenlgoetmnnlimsktppkssloghpahsdeparktbkerebatyce"
"isBasic": "ur:crypto-cid/hdcxiadtuowtsrynlfbslgplynrlonpfbaeolkbzztsngtasjpenwmdevojsgmplishhurkebnts"
"isBasic": "ur:crypto-cid/hdcxmnktvdgeettlfmbklytaseayoeplwynbsawdurmuuelbbsfxbbaxkkpsemjovybzswqdssva"
"isBasic": "ur:crypto-cid/hdcxuykblalfdalsvaplrfzsoxqdvdclstmdtssfdatkmecwnsbzmseohswldaytdmsfbwaxvewp"
]
} [
verifiedBy: Signature
]
graph LR
1(("c15f15a6<br/>NODE"))
2[/"4e177a1e<br/>WRAPPED"\]
3(("8454109e<br/>NODE"))
4["7d0782b8<br/>#quot;Blockchain Commons Certifactions #13#quot;"]
5(["0d31bdce<br/>ASSERTION"])
6["2100a83d<br/>#quot;isBasic#quot;"]
7["03e7479a<br/>#quot;ur:crypto-cid/hdcxdkmhpfathyyltnnboypsemehkimudnkgeyosgolncfmdnboypsecpsghtefzetkndpeylrfz#quot;"]
8(["0e421d2e<br/>ASSERTION"])
9["127a2386<br/>#quot;date#quot;"]
10["c666f06c<br/>#quot;11-01-2022#quot;"]
11(["336f50d3<br/>ASSERTION"])
12["d68d0704<br/>#quot;isAdvanced#quot;"]
13["9fb97d91<br/>#quot;ur:crypto-cid/hdcxjsdwaegrpfwmbkehhscwmshpchlnhhayadadwszcghhtmnzcgomhutcmytldfwpadmdlcwfe#quot;"]
14(["58f1cdd3<br/>ASSERTION"])
15["2100a83d<br/>#quot;isBasic#quot;"]
16["478112c2<br/>#quot;ur:crypto-cid/hdcxiadtuowtsrynlfbslgplynrlonpfbaeolkbzztsngtasjpenwmdevojsgmplishhurkebnts#quot;"]
17(["5b278116<br/>ASSERTION"])
18["2100a83d<br/>#quot;isBasic#quot;"]
19["262db130<br/>#quot;ur:crypto-cid/hdcxhnutcyktgtfxotvegrhllypakenlgoetmnnlimsktppkssloghpahsdeparktbkerebatyce#quot;"]
20(["64e8fe1e<br/>ASSERTION"])
21["7eb11472<br/>#quot;certifiedBy#quot;"]
22(("55378d51<br/>NODE"))
23["8ae1d503<br/>#quot;Blockchain Commons#quot;"]
24(["b0a1cbca<br/>ASSERTION"])
25["29c0cd61<br/>#quot;pubkeyURL#quot;"]
26["04d0d649<br/>#quot;https://www.blockchaincommons.com/certification.keys#quot;"]
27(["92f71067<br/>ASSERTION"])
28["2100a83d<br/>#quot;isBasic#quot;"]
29["37a1d85a<br/>#quot;ur:crypto-cid/hdcxfnmdsrgdkbvekoecwevystbaztbwcshpqdbzkeatjlndlywepyctlkvwemhkiyhtenwnghda#quot;"]
30(["b22278f9<br/>ASSERTION"])
31["d68d0704<br/>#quot;isAdvanced#quot;"]
32["3410120d<br/>#quot;ur:crypto-cid/hdcxmhtnnlcshsjzhywyhgttsrgulstdwdnezesekosndnfxswzezolrfdcwlulacxeopdkghnht#quot;"]
33(["c2f3fe78<br/>ASSERTION"])
34["2100a83d<br/>#quot;isBasic#quot;"]
35["950f78c1<br/>#quot;ur:crypto-cid/hdcxuykblalfdalsvaplrfzsoxqdvdclstmdtssfdatkmecwnsbzmseohswldaytdmsfbwaxvewp#quot;"]
36(["c3bd8189<br/>ASSERTION"])
37["2100a83d<br/>#quot;isBasic#quot;"]
38["a3c3105c<br/>#quot;ur:crypto-cid/hdcxmnktvdgeettlfmbklytaseayoeplwynbsawdurmuuelbbsfxbbaxkkpsemjovybzswqdssva#quot;"]
39(["ca13e82f<br/>ASSERTION"])
40["2100a83d<br/>#quot;isBasic#quot;"]
41["eb9d612b<br/>#quot;ur:crypto-cid/hdcxaepthffshppabkgydawmlftbpfrnaefzrdjehybwtskgmwveenwzntpyhdrpsfqzsgqdftnb#quot;"]
42(["e67d3bb2<br/>ASSERTION"])
43["d68d0704<br/>#quot;isAdvanced#quot;"]
44["a285aabe<br/>#quot;ur:crypto-cid/hdcxbetimuglwppshfqdsahsktgmnelsjnbdcanspmnshkpecxcfztlkiohgenytntmkaxjngadt#quot;"]
45(["2729c308<br/>ASSERTION"])
46[/"d59f8c0f<br/>verifiedBy"/]
47["19644509<br/>Signature"]
1 -->|subj| 2
2 -->|subj| 3
3 -->|subj| 4
3 --> 5
5 -->|pred| 6
5 -->|obj| 7
3 --> 8
8 -->|pred| 9
8 -->|obj| 10
3 --> 11
11 -->|pred| 12
11 -->|obj| 13
3 --> 14
14 -->|pred| 15
14 -->|obj| 16
3 --> 17
17 -->|pred| 18
17 -->|obj| 19
3 --> 20
20 -->|pred| 21
20 -->|obj| 22
22 -->|subj| 23
22 --> 24
24 -->|pred| 25
24 -->|obj| 26
3 --> 27
27 -->|pred| 28
27 -->|obj| 29
3 --> 30
30 -->|pred| 31
30 -->|obj| 32
3 --> 33
33 -->|pred| 34
33 -->|obj| 35
3 --> 36
36 -->|pred| 37
36 -->|obj| 38
3 --> 39
39 -->|pred| 40
39 -->|obj| 41
3 --> 42
42 -->|pred| 43
42 -->|obj| 44
1 --> 45
45 -->|pred| 46
45 -->|obj| 47
style 1 stroke:red,stroke-width:3.0px
style 2 stroke:red,stroke-width:3.0px
style 3 stroke:red,stroke-width:3.0px
style 4 stroke:#55f,stroke-width:3.0px
style 5 stroke:red,stroke-width:3.0px
style 6 stroke:#55f,stroke-width:3.0px
style 7 stroke:#55f,stroke-width:3.0px
style 8 stroke:red,stroke-width:3.0px
style 9 stroke:#55f,stroke-width:3.0px
style 10 stroke:#55f,stroke-width:3.0px
style 11 stroke:red,stroke-width:3.0px
style 12 stroke:#55f,stroke-width:3.0px
style 13 stroke:#55f,stroke-width:3.0px
style 14 stroke:red,stroke-width:3.0px
style 15 stroke:#55f,stroke-width:3.0px
style 16 stroke:#55f,stroke-width:3.0px
style 17 stroke:red,stroke-width:3.0px
style 18 stroke:#55f,stroke-width:3.0px
style 19 stroke:#55f,stroke-width:3.0px
style 20 stroke:red,stroke-width:3.0px
style 21 stroke:#55f,stroke-width:3.0px
style 22 stroke:red,stroke-width:3.0px
style 23 stroke:#55f,stroke-width:3.0px
style 24 stroke:red,stroke-width:3.0px
style 25 stroke:#55f,stroke-width:3.0px
style 26 stroke:#55f,stroke-width:3.0px
style 27 stroke:red,stroke-width:3.0px
style 28 stroke:#55f,stroke-width:3.0px
style 29 stroke:#55f,stroke-width:3.0px
style 30 stroke:red,stroke-width:3.0px
style 31 stroke:#55f,stroke-width:3.0px
style 32 stroke:#55f,stroke-width:3.0px
style 33 stroke:red,stroke-width:3.0px
style 34 stroke:#55f,stroke-width:3.0px
style 35 stroke:#55f,stroke-width:3.0px
style 36 stroke:red,stroke-width:3.0px
style 37 stroke:#55f,stroke-width:3.0px
style 38 stroke:#55f,stroke-width:3.0px
style 39 stroke:red,stroke-width:3.0px
style 40 stroke:#55f,stroke-width:3.0px
style 41 stroke:#55f,stroke-width:3.0px
style 42 stroke:red,stroke-width:3.0px
style 43 stroke:#55f,stroke-width:3.0px
style 44 stroke:#55f,stroke-width:3.0px
style 45 stroke:red,stroke-width:3.0px
style 46 stroke:#55f,stroke-width:3.0px
style 47 stroke:#55f,stroke-width:3.0px
linkStyle 0 stroke:red,stroke-width:2.0px
linkStyle 1 stroke:red,stroke-width:2.0px
linkStyle 2 stroke:red,stroke-width:2.0px
linkStyle 3 stroke-width:2.0px
linkStyle 4 stroke:green,stroke-width:2.0px
linkStyle 5 stroke:#55f,stroke-width:2.0px
linkStyle 6 stroke-width:2.0px
linkStyle 7 stroke:green,stroke-width:2.0px
linkStyle 8 stroke:#55f,stroke-width:2.0px
linkStyle 9 stroke-width:2.0px
linkStyle 10 stroke:green,stroke-width:2.0px
linkStyle 11 stroke:#55f,stroke-width:2.0px
linkStyle 12 stroke-width:2.0px
linkStyle 13 stroke:green,stroke-width:2.0px
linkStyle 14 stroke:#55f,stroke-width:2.0px
linkStyle 15 stroke-width:2.0px
linkStyle 16 stroke:green,stroke-width:2.0px
linkStyle 17 stroke:#55f,stroke-width:2.0px
linkStyle 18 stroke-width:2.0px
linkStyle 19 stroke:green,stroke-width:2.0px
linkStyle 20 stroke:#55f,stroke-width:2.0px
linkStyle 21 stroke:red,stroke-width:2.0px
linkStyle 22 stroke-width:2.0px
linkStyle 23 stroke:green,stroke-width:2.0px
linkStyle 24 stroke:#55f,stroke-width:2.0px
linkStyle 25 stroke-width:2.0px
linkStyle 26 stroke:green,stroke-width:2.0px
linkStyle 27 stroke:#55f,stroke-width:2.0px
linkStyle 28 stroke-width:2.0px
linkStyle 29 stroke:green,stroke-width:2.0px
linkStyle 30 stroke:#55f,stroke-width:2.0px
linkStyle 31 stroke-width:2.0px
linkStyle 32 stroke:green,stroke-width:2.0px
linkStyle 33 stroke:#55f,stroke-width:2.0px
linkStyle 34 stroke-width:2.0px
linkStyle 35 stroke:green,stroke-width:2.0px
linkStyle 36 stroke:#55f,stroke-width:2.0px
linkStyle 37 stroke-width:2.0px
linkStyle 38 stroke:green,stroke-width:2.0px
linkStyle 39 stroke:#55f,stroke-width:2.0px
linkStyle 40 stroke-width:2.0px
linkStyle 41 stroke:green,stroke-width:2.0px
linkStyle 42 stroke:#55f,stroke-width:2.0px
linkStyle 43 stroke-width:2.0px
linkStyle 44 stroke:green,stroke-width:2.0px
linkStyle 45 stroke:#55f,stroke-width:2.0px
However, to create herd privacy, Blockchain Commons doesn’t release the full Envelope. Instead, they release an elided version that only contains the certification information and signature.
{
"Blockchain Commons Certifactions #13" [
"certifiedBy": "Blockchain Commons" [
"pubkeyURL": "https://www.blockchaincommons.com/certification.keys"
]
"date": "11-01-2022"
ELIDED (10)
]
} [
verifiedBy: Signature
]
graph LR
1(("c15f15a6<br/>NODE"))
2[/"4e177a1e<br/>WRAPPED"\]
3(("8454109e<br/>NODE"))
4["7d0782b8<br/>#quot;Blockchain Commons Certifactions #13#quot;"]
50d31bdce<br/>ELIDED
6(["0e421d2e<br/>ASSERTION"])
7["127a2386<br/>#quot;date#quot;"]
8["c666f06c<br/>#quot;11-01-2022#quot;"]
9336f50d3<br/>ELIDED
1058f1cdd3<br/>ELIDED
115b278116<br/>ELIDED
12(["64e8fe1e<br/>ASSERTION"])
13["7eb11472<br/>#quot;certifiedBy#quot;"]
14(("55378d51<br/>NODE"))
15["8ae1d503<br/>#quot;Blockchain Commons#quot;"]
16(["b0a1cbca<br/>ASSERTION"])
17["29c0cd61<br/>#quot;pubkeyURL#quot;"]
18["04d0d649<br/>#quot;https://www.blockchaincommons.com/certification.keys#quot;"]
1992f71067<br/>ELIDED
20b22278f9<br/>ELIDED
21c2f3fe78<br/>ELIDED
22c3bd8189<br/>ELIDED
23ca13e82f<br/>ELIDED
24e67d3bb2<br/>ELIDED
25(["2729c308<br/>ASSERTION"])
26[/"d59f8c0f<br/>verifiedBy"/]
27["19644509<br/>Signature"]
1 -->|subj| 2
2 -->|subj| 3
3 -->|subj| 4
3 --> 5
3 --> 6
6 -->|pred| 7
6 -->|obj| 8
3 --> 9
3 --> 10
3 --> 11
3 --> 12
12 -->|pred| 13
12 -->|obj| 14
14 -->|subj| 15
14 --> 16
16 -->|pred| 17
16 -->|obj| 18
3 --> 19
3 --> 20
3 --> 21
3 --> 22
3 --> 23
3 --> 24
1 --> 25
25 -->|pred| 26
25 -->|obj| 27
style 1 stroke:red,stroke-width:3.0px
style 2 stroke:red,stroke-width:3.0px
style 3 stroke:red,stroke-width:3.0px
style 4 stroke:#55f,stroke-width:3.0px
style 5 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 6 stroke:red,stroke-width:3.0px
style 7 stroke:#55f,stroke-width:3.0px
style 8 stroke:#55f,stroke-width:3.0px
style 9 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 10 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 11 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 12 stroke:red,stroke-width:3.0px
style 13 stroke:#55f,stroke-width:3.0px
style 14 stroke:red,stroke-width:3.0px
style 15 stroke:#55f,stroke-width:3.0px
style 16 stroke:red,stroke-width:3.0px
style 17 stroke:#55f,stroke-width:3.0px
style 18 stroke:#55f,stroke-width:3.0px
style 19 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 20 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 21 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 22 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 23 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 24 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 25 stroke:red,stroke-width:3.0px
style 26 stroke:#55f,stroke-width:3.0px
style 27 stroke:#55f,stroke-width:3.0px
linkStyle 0 stroke:red,stroke-width:2.0px
linkStyle 1 stroke:red,stroke-width:2.0px
linkStyle 2 stroke:red,stroke-width:2.0px
linkStyle 3 stroke-width:2.0px
linkStyle 4 stroke-width:2.0px
linkStyle 5 stroke:green,stroke-width:2.0px
linkStyle 6 stroke:#55f,stroke-width:2.0px
linkStyle 7 stroke-width:2.0px
linkStyle 8 stroke-width:2.0px
linkStyle 9 stroke-width:2.0px
linkStyle 10 stroke-width:2.0px
linkStyle 11 stroke:green,stroke-width:2.0px
linkStyle 12 stroke:#55f,stroke-width:2.0px
linkStyle 13 stroke:red,stroke-width:2.0px
linkStyle 14 stroke-width:2.0px
linkStyle 15 stroke:green,stroke-width:2.0px
linkStyle 16 stroke:#55f,stroke-width:2.0px
linkStyle 17 stroke-width:2.0px
linkStyle 18 stroke-width:2.0px
linkStyle 19 stroke-width:2.0px
linkStyle 20 stroke-width:2.0px
linkStyle 21 stroke-width:2.0px
linkStyle 22 stroke-width:2.0px
linkStyle 23 stroke-width:2.0px
linkStyle 24 stroke:green,stroke-width:2.0px
linkStyle 25 stroke:#55f,stroke-width:2.0px
Note that each elided entry of certification still has its previously seen hash. All that Paul needs to do to prove participation in the class is to show that he can generate one of those hashes with his identifier. That will prove his certification!
Blockchain Commons publishes instructions for how to do so. Test takers just need to create an assertion with either the “isBasic” predicate or the “isAdvanced” predicate and their portable ur:crypto-cid
identifier. When they hash that assertion with the appropriate hashing method, they can then prove that the digest is part of the partially redacted list of credentials.
Paul creates his assertion based on the instructions:
"isBasic": "ur:crypto-cid/hdcxiadtuowtsrynlfbslgplynrlonpfbaeolkbzztsngtasjpenwmdevojsgmplishhurkebnts"
graph LR
1(["58f1cdd3<br/>ASSERTION"])
2["2100a83d<br/>#quot;isBasic#quot;"]
3["478112c2<br/>#quot;ur:crypto-cid/hdcxiadtuowtsrynlfbslgplynrlonpfbaeolkbzztsngtasjpenwmdevojsgmplishhurkebnts#quot;"]
1 -->|pred| 2
1 -->|obj| 3
style 1 stroke:red,stroke-width:3.0px
style 2 stroke:#55f,stroke-width:3.0px
style 3 stroke:#55f,stroke-width:3.0px
linkStyle 0 stroke:green,stroke-width:2.0px
linkStyle 1 stroke:#55f,stroke-width:2.0px
He then creates the hashed digest of that credential:
ur:crypto-digest/hdcxhdwnsntebthnrhzmzsjpvazttpzctlmhcwrffnlthhgdkptscsayzmcxndpdessabzjekbur
That’s the Blake3 hash of his assertion in UR form. If converted to hex, it is:
58F1CDD30D60B9FFFA72E6FCD8FDD5901BBC3C875C5075D71808FF209BA839C2
As can be seen, that matches the third redacted hash in the Mermaid diagram above, which was the isBasic
assertion for ur:crypto-cid/hdcxiadtuowtsrynlfbslgplynrlonpfbaeolkbzztsngtasjpenwmdevojsgmplishhurkebnts
.
Now, Paul can point to Blockchain Common’s partially redacted tree of November 2022 certifications, reveal his CID, acknowledge that he passed the basic testing, and show his digest. Together these facts prove that his identifier is part of the tree.
More notably, Paul can decide never to reveal his CID, in which case it is at least somewhat difficult for anyone else to prove that Paul is a member of the group.
Mind you, because the tree is partially redacted, and because no particular attempt has been made to prevent correlation, it’s possible that identifiers in the Envelope could be guessed (though someone would have to know a precise identifier to look for, which shouldn’t occur if Paul has practiced proper ID hygeine). There are several ways this could be prevented. They all require Blockchain Commons to provide additional information to Paul, increasing the communication requirements (and thus potentially impacting privacy), but they add strong non-correlation defenses.
1.) Blockchain Commons could choose to fully redact the Envelope, publishing only a top-level hash. They would then supply Paul with a path to his lower-level hash by partially redacting the tree when he supplied them with his CID. Paul could then prove his presence in the Envelope with his digest and that path. If that path were to be more widely released, there would be the same correlation problems, but obviously they’d be lesser because it probably would never be widely published.
2.) Alternatively, Blockchain Commons could restructure the Envelope so that every 5 or 10 or 20 CIDs were placed in a subenvelope. Their publicly published proof would only show the hashes of these subenvelopes, which will be relatively impossible to correlate. Paul would then be able to request a path to his own subenvelope. Even if this path were more widely released, there would only be a possibility of correlation for the other CIDs that happen to be in that subenvelope. (This example is shown in the next use case.)
3.) Finally, Blockchain Commons could choose to salt every CID in the Envelope. They would then have to supply Paul with his salt. (The twin limitations here are that salting everything dramatically increases the size of the Envelope and that Paul then has a piece of data that he can’t lose).
6. Paul Proves Proficiency with Improved Privacy [Herd Privacy with Non-Correlation]
- Use Case: Blockchain Commons wants to improve the herd privacy of its test takers by reducing correlation.
- Independence Benefits: Though Paul will have to engage in additional back-and-forth with Blockchain Commons to receive a proof, once he has it in hand, he has total independence in the control of his credential, just as with simpler use cases.
- Privacy Benefits: Through a better structure for an envelope, fewer low-level hashes are revealed, making it much harder to “guess” the source of any hash. This is a largely administrative process that requires good Envelope design on the part of an issue.
Blockchain Commons is aware of the correlation possibilities in their test-result Envelopes. They choose a middle road to dramatically reduce correlation: they store every 5 CIDs in a separate sub-Envelope. (A real-life example might instead have clumps of 10 or 20 CIDs, but again this one is reduced in size to make it manageable.) Paul will then be able to request a path to his specific envelope, which he can combine with an assertion and the published top-level hashes of the envelope to, once more, show his participation. However the published hashes, which just contain the subenvelope, are more-or-less impossible to correlate.
The envelope of certifications is bundled in a new, hierarchical manner:
"Blockchain Commons Certifactions #13A" [
"certifiedBy": "Blockchain Commons" [
"pubkeyURL": "https://www.blockchaincommons.com/certification.keys"
]
"date": "11-01-2022"
"isBundle": "13A-001" [
"isAdvanced": "ur:crypto-cid/hdcxbetimuglwppshfqdsahsktgmnelsjnbdcanspmnshkpecxcfztlkiohgenytntmkaxjngadt"
"isAdvanced": "ur:crypto-cid/hdcxjsdwaegrpfwmbkehhscwmshpchlnhhayadadwszcghhtmnzcgomhutcmytldfwpadmdlcwfe"
"isAdvanced": "ur:crypto-cid/hdcxmhtnnlcshsjzhywyhgttsrgulstdwdnezesekosndnfxswzezolrfdcwlulacxeopdkghnht"
"isBasic": "ur:crypto-cid/hdcxaepthffshppabkgydawmlftbpfrnaefzrdjehybwtskgmwveenwzntpyhdrpsfqzsgqdftnb"
"isBasic": "ur:crypto-cid/hdcxdkmhpfathyyltnnboypsemehkimudnkgeyosgolncfmdnboypsecpsghtefzetkndpeylrfz"
]
"isBundle": "13A-002" [
"isBasic": "ur:crypto-cid/hdcxfnmdsrgdkbvekoecwevystbaztbwcshpqdbzkeatjlndlywepyctlkvwemhkiyhtenwnghda"
"isBasic": "ur:crypto-cid/hdcxhnutcyktgtfxotvegrhllypakenlgoetmnnlimsktppkssloghpahsdeparktbkerebatyce"
"isBasic": "ur:crypto-cid/hdcxiadtuowtsrynlfbslgplynrlonpfbaeolkbzztsngtasjpenwmdevojsgmplishhurkebnts"
"isBasic": "ur:crypto-cid/hdcxmnktvdgeettlfmbklytaseayoeplwynbsawdurmuuelbbsfxbbaxkkpsemjovybzswqdssva"
"isBasic": "ur:crypto-cid/hdcxuykblalfdalsvaplrfzsoxqdvdclstmdtssfdatkmecwnsbzmseohswldaytdmsfbwaxvewp"
]
]
graph LR
1(("27953cfd<br/>NODE"))
2["88b3ff17<br/>#quot;Blockchain Commons Certifactions #13A#quot;"]
3(["0e421d2e<br/>ASSERTION"])
4["127a2386<br/>#quot;date#quot;"]
5["c666f06c<br/>#quot;11-01-2022#quot;"]
6(["12b89490<br/>ASSERTION"])
7["2969c9d5<br/>#quot;isBundle#quot;"]
8(("f51ac46f<br/>NODE"))
9["c2719309<br/>#quot;13A-002#quot;"]
10(["58f1cdd3<br/>ASSERTION"])
11["2100a83d<br/>#quot;isBasic#quot;"]
12["478112c2<br/>#quot;ur:crypto-cid/hdcxiadtuowtsrynlfbslgplynrlonpfbaeolkbzztsngtasjpenwmdevojsgmplishhurkebnts#quot;"]
13(["5b278116<br/>ASSERTION"])
14["2100a83d<br/>#quot;isBasic#quot;"]
15["262db130<br/>#quot;ur:crypto-cid/hdcxhnutcyktgtfxotvegrhllypakenlgoetmnnlimsktppkssloghpahsdeparktbkerebatyce#quot;"]
16(["92f71067<br/>ASSERTION"])
17["2100a83d<br/>#quot;isBasic#quot;"]
18["37a1d85a<br/>#quot;ur:crypto-cid/hdcxfnmdsrgdkbvekoecwevystbaztbwcshpqdbzkeatjlndlywepyctlkvwemhkiyhtenwnghda#quot;"]
19(["c2f3fe78<br/>ASSERTION"])
20["2100a83d<br/>#quot;isBasic#quot;"]
21["950f78c1<br/>#quot;ur:crypto-cid/hdcxuykblalfdalsvaplrfzsoxqdvdclstmdtssfdatkmecwnsbzmseohswldaytdmsfbwaxvewp#quot;"]
22(["c3bd8189<br/>ASSERTION"])
23["2100a83d<br/>#quot;isBasic#quot;"]
24["a3c3105c<br/>#quot;ur:crypto-cid/hdcxmnktvdgeettlfmbklytaseayoeplwynbsawdurmuuelbbsfxbbaxkkpsemjovybzswqdssva#quot;"]
25(["64e8fe1e<br/>ASSERTION"])
26["7eb11472<br/>#quot;certifiedBy#quot;"]
27(("55378d51<br/>NODE"))
28["8ae1d503<br/>#quot;Blockchain Commons#quot;"]
29(["b0a1cbca<br/>ASSERTION"])
30["29c0cd61<br/>#quot;pubkeyURL#quot;"]
31["04d0d649<br/>#quot;https://www.blockchaincommons.com/certification.keys#quot;"]
32(["bf0d2ed8<br/>ASSERTION"])
33["2969c9d5<br/>#quot;isBundle#quot;"]
34(("e60bed3c<br/>NODE"))
35["6ded4d4c<br/>#quot;13A-001#quot;"]
36(["0d31bdce<br/>ASSERTION"])
37["2100a83d<br/>#quot;isBasic#quot;"]
38["03e7479a<br/>#quot;ur:crypto-cid/hdcxdkmhpfathyyltnnboypsemehkimudnkgeyosgolncfmdnboypsecpsghtefzetkndpeylrfz#quot;"]
39(["336f50d3<br/>ASSERTION"])
40["d68d0704<br/>#quot;isAdvanced#quot;"]
41["9fb97d91<br/>#quot;ur:crypto-cid/hdcxjsdwaegrpfwmbkehhscwmshpchlnhhayadadwszcghhtmnzcgomhutcmytldfwpadmdlcwfe#quot;"]
42(["b22278f9<br/>ASSERTION"])
43["d68d0704<br/>#quot;isAdvanced#quot;"]
44["3410120d<br/>#quot;ur:crypto-cid/hdcxmhtnnlcshsjzhywyhgttsrgulstdwdnezesekosndnfxswzezolrfdcwlulacxeopdkghnht#quot;"]
45(["ca13e82f<br/>ASSERTION"])
46["2100a83d<br/>#quot;isBasic#quot;"]
47["eb9d612b<br/>#quot;ur:crypto-cid/hdcxaepthffshppabkgydawmlftbpfrnaefzrdjehybwtskgmwveenwzntpyhdrpsfqzsgqdftnb#quot;"]
48(["e67d3bb2<br/>ASSERTION"])
49["d68d0704<br/>#quot;isAdvanced#quot;"]
50["a285aabe<br/>#quot;ur:crypto-cid/hdcxbetimuglwppshfqdsahsktgmnelsjnbdcanspmnshkpecxcfztlkiohgenytntmkaxjngadt#quot;"]
1 -->|subj| 2
1 --> 3
3 -->|pred| 4
3 -->|obj| 5
1 --> 6
6 -->|pred| 7
6 -->|obj| 8
8 -->|subj| 9
8 --> 10
10 -->|pred| 11
10 -->|obj| 12
8 --> 13
13 -->|pred| 14
13 -->|obj| 15
8 --> 16
16 -->|pred| 17
16 -->|obj| 18
8 --> 19
19 -->|pred| 20
19 -->|obj| 21
8 --> 22
22 -->|pred| 23
22 -->|obj| 24
1 --> 25
25 -->|pred| 26
25 -->|obj| 27
27 -->|subj| 28
27 --> 29
29 -->|pred| 30
29 -->|obj| 31
1 --> 32
32 -->|pred| 33
32 -->|obj| 34
34 -->|subj| 35
34 --> 36
36 -->|pred| 37
36 -->|obj| 38
34 --> 39
39 -->|pred| 40
39 -->|obj| 41
34 --> 42
42 -->|pred| 43
42 -->|obj| 44
34 --> 45
45 -->|pred| 46
45 -->|obj| 47
34 --> 48
48 -->|pred| 49
48 -->|obj| 50
style 1 stroke:red,stroke-width:3.0px
style 2 stroke:#55f,stroke-width:3.0px
style 3 stroke:red,stroke-width:3.0px
style 4 stroke:#55f,stroke-width:3.0px
style 5 stroke:#55f,stroke-width:3.0px
style 6 stroke:red,stroke-width:3.0px
style 7 stroke:#55f,stroke-width:3.0px
style 8 stroke:red,stroke-width:3.0px
style 9 stroke:#55f,stroke-width:3.0px
style 10 stroke:red,stroke-width:3.0px
style 11 stroke:#55f,stroke-width:3.0px
style 12 stroke:#55f,stroke-width:3.0px
style 13 stroke:red,stroke-width:3.0px
style 14 stroke:#55f,stroke-width:3.0px
style 15 stroke:#55f,stroke-width:3.0px
style 16 stroke:red,stroke-width:3.0px
style 17 stroke:#55f,stroke-width:3.0px
style 18 stroke:#55f,stroke-width:3.0px
style 19 stroke:red,stroke-width:3.0px
style 20 stroke:#55f,stroke-width:3.0px
style 21 stroke:#55f,stroke-width:3.0px
style 22 stroke:red,stroke-width:3.0px
style 23 stroke:#55f,stroke-width:3.0px
style 24 stroke:#55f,stroke-width:3.0px
style 25 stroke:red,stroke-width:3.0px
style 26 stroke:#55f,stroke-width:3.0px
style 27 stroke:red,stroke-width:3.0px
style 28 stroke:#55f,stroke-width:3.0px
style 29 stroke:red,stroke-width:3.0px
style 30 stroke:#55f,stroke-width:3.0px
style 31 stroke:#55f,stroke-width:3.0px
style 32 stroke:red,stroke-width:3.0px
style 33 stroke:#55f,stroke-width:3.0px
style 34 stroke:red,stroke-width:3.0px
style 35 stroke:#55f,stroke-width:3.0px
style 36 stroke:red,stroke-width:3.0px
style 37 stroke:#55f,stroke-width:3.0px
style 38 stroke:#55f,stroke-width:3.0px
style 39 stroke:red,stroke-width:3.0px
style 40 stroke:#55f,stroke-width:3.0px
style 41 stroke:#55f,stroke-width:3.0px
style 42 stroke:red,stroke-width:3.0px
style 43 stroke:#55f,stroke-width:3.0px
style 44 stroke:#55f,stroke-width:3.0px
style 45 stroke:red,stroke-width:3.0px
style 46 stroke:#55f,stroke-width:3.0px
style 47 stroke:#55f,stroke-width:3.0px
style 48 stroke:red,stroke-width:3.0px
style 49 stroke:#55f,stroke-width:3.0px
style 50 stroke:#55f,stroke-width:3.0px
linkStyle 0 stroke:red,stroke-width:2.0px
linkStyle 1 stroke-width:2.0px
linkStyle 2 stroke:green,stroke-width:2.0px
linkStyle 3 stroke:#55f,stroke-width:2.0px
linkStyle 4 stroke-width:2.0px
linkStyle 5 stroke:green,stroke-width:2.0px
linkStyle 6 stroke:#55f,stroke-width:2.0px
linkStyle 7 stroke:red,stroke-width:2.0px
linkStyle 8 stroke-width:2.0px
linkStyle 9 stroke:green,stroke-width:2.0px
linkStyle 10 stroke:#55f,stroke-width:2.0px
linkStyle 11 stroke-width:2.0px
linkStyle 12 stroke:green,stroke-width:2.0px
linkStyle 13 stroke:#55f,stroke-width:2.0px
linkStyle 14 stroke-width:2.0px
linkStyle 15 stroke:green,stroke-width:2.0px
linkStyle 16 stroke:#55f,stroke-width:2.0px
linkStyle 17 stroke-width:2.0px
linkStyle 18 stroke:green,stroke-width:2.0px
linkStyle 19 stroke:#55f,stroke-width:2.0px
linkStyle 20 stroke-width:2.0px
linkStyle 21 stroke:green,stroke-width:2.0px
linkStyle 22 stroke:#55f,stroke-width:2.0px
linkStyle 23 stroke-width:2.0px
linkStyle 24 stroke:green,stroke-width:2.0px
linkStyle 25 stroke:#55f,stroke-width:2.0px
linkStyle 26 stroke:red,stroke-width:2.0px
linkStyle 27 stroke-width:2.0px
linkStyle 28 stroke:green,stroke-width:2.0px
linkStyle 29 stroke:#55f,stroke-width:2.0px
linkStyle 30 stroke-width:2.0px
linkStyle 31 stroke:green,stroke-width:2.0px
linkStyle 32 stroke:#55f,stroke-width:2.0px
linkStyle 33 stroke:red,stroke-width:2.0px
linkStyle 34 stroke-width:2.0px
linkStyle 35 stroke:green,stroke-width:2.0px
linkStyle 36 stroke:#55f,stroke-width:2.0px
linkStyle 37 stroke-width:2.0px
linkStyle 38 stroke:green,stroke-width:2.0px
linkStyle 39 stroke:#55f,stroke-width:2.0px
linkStyle 40 stroke-width:2.0px
linkStyle 41 stroke:green,stroke-width:2.0px
linkStyle 42 stroke:#55f,stroke-width:2.0px
linkStyle 43 stroke-width:2.0px
linkStyle 44 stroke:green,stroke-width:2.0px
linkStyle 45 stroke:#55f,stroke-width:2.0px
linkStyle 46 stroke-width:2.0px
linkStyle 47 stroke:green,stroke-width:2.0px
linkStyle 48 stroke:#55f,stroke-width:2.0px
Of course, it must still be signed. (This example uses a different signing key primarily because the former example key was no longer available due to a reboot resetting shell variables; practice #SmartCustody & keep your keys safe!)
{
"Blockchain Commons Certifactions #13A" [
"certifiedBy": "Blockchain Commons" [
"pubkeyURL": "https://www.blockchaincommons.com/certification.keys"
]
"date": "11-01-2022"
"isBundle": "13A-001" [
"isAdvanced": "ur:crypto-cid/hdcxbetimuglwppshfqdsahsktgmnelsjnbdcanspmnshkpecxcfztlkiohgenytntmkaxjngadt"
"isAdvanced": "ur:crypto-cid/hdcxjsdwaegrpfwmbkehhscwmshpchlnhhayadadwszcghhtmnzcgomhutcmytldfwpadmdlcwfe"
"isAdvanced": "ur:crypto-cid/hdcxmhtnnlcshsjzhywyhgttsrgulstdwdnezesekosndnfxswzezolrfdcwlulacxeopdkghnht"
"isBasic": "ur:crypto-cid/hdcxaepthffshppabkgydawmlftbpfrnaefzrdjehybwtskgmwveenwzntpyhdrpsfqzsgqdftnb"
"isBasic": "ur:crypto-cid/hdcxdkmhpfathyyltnnboypsemehkimudnkgeyosgolncfmdnboypsecpsghtefzetkndpeylrfz"
]
"isBundle": "13A-002" [
"isBasic": "ur:crypto-cid/hdcxfnmdsrgdkbvekoecwevystbaztbwcshpqdbzkeatjlndlywepyctlkvwemhkiyhtenwnghda"
"isBasic": "ur:crypto-cid/hdcxhnutcyktgtfxotvegrhllypakenlgoetmnnlimsktppkssloghpahsdeparktbkerebatyce"
"isBasic": "ur:crypto-cid/hdcxiadtuowtsrynlfbslgplynrlonpfbaeolkbzztsngtasjpenwmdevojsgmplishhurkebnts"
"isBasic": "ur:crypto-cid/hdcxmnktvdgeettlfmbklytaseayoeplwynbsawdurmuuelbbsfxbbaxkkpsemjovybzswqdssva"
"isBasic": "ur:crypto-cid/hdcxuykblalfdalsvaplrfzsoxqdvdclstmdtssfdatkmecwnsbzmseohswldaytdmsfbwaxvewp"
]
]
} [
verifiedBy: Signature
]
graph LR
1(("63be8b49<br/>NODE"))
2[/"c5b7e587<br/>WRAPPED"\]
3(("27953cfd<br/>NODE"))
4["88b3ff17<br/>#quot;Blockchain Commons Certifactions #13A#quot;"]
5(["0e421d2e<br/>ASSERTION"])
6["127a2386<br/>#quot;date#quot;"]
7["c666f06c<br/>#quot;11-01-2022#quot;"]
8(["12b89490<br/>ASSERTION"])
9["2969c9d5<br/>#quot;isBundle#quot;"]
10(("f51ac46f<br/>NODE"))
11["c2719309<br/>#quot;13A-002#quot;"]
12(["58f1cdd3<br/>ASSERTION"])
13["2100a83d<br/>#quot;isBasic#quot;"]
14["478112c2<br/>#quot;ur:crypto-cid/hdcxiadtuowtsrynlfbslgplynrlonpfbaeolkbzztsngtasjpenwmdevojsgmplishhurkebnts#quot;"]
15(["5b278116<br/>ASSERTION"])
16["2100a83d<br/>#quot;isBasic#quot;"]
17["262db130<br/>#quot;ur:crypto-cid/hdcxhnutcyktgtfxotvegrhllypakenlgoetmnnlimsktppkssloghpahsdeparktbkerebatyce#quot;"]
18(["92f71067<br/>ASSERTION"])
19["2100a83d<br/>#quot;isBasic#quot;"]
20["37a1d85a<br/>#quot;ur:crypto-cid/hdcxfnmdsrgdkbvekoecwevystbaztbwcshpqdbzkeatjlndlywepyctlkvwemhkiyhtenwnghda#quot;"]
21(["c2f3fe78<br/>ASSERTION"])
22["2100a83d<br/>#quot;isBasic#quot;"]
23["950f78c1<br/>#quot;ur:crypto-cid/hdcxuykblalfdalsvaplrfzsoxqdvdclstmdtssfdatkmecwnsbzmseohswldaytdmsfbwaxvewp#quot;"]
24(["c3bd8189<br/>ASSERTION"])
25["2100a83d<br/>#quot;isBasic#quot;"]
26["a3c3105c<br/>#quot;ur:crypto-cid/hdcxmnktvdgeettlfmbklytaseayoeplwynbsawdurmuuelbbsfxbbaxkkpsemjovybzswqdssva#quot;"]
27(["64e8fe1e<br/>ASSERTION"])
28["7eb11472<br/>#quot;certifiedBy#quot;"]
29(("55378d51<br/>NODE"))
30["8ae1d503<br/>#quot;Blockchain Commons#quot;"]
31(["b0a1cbca<br/>ASSERTION"])
32["29c0cd61<br/>#quot;pubkeyURL#quot;"]
33["04d0d649<br/>#quot;https://www.blockchaincommons.com/certification.keys#quot;"]
34(["bf0d2ed8<br/>ASSERTION"])
35["2969c9d5<br/>#quot;isBundle#quot;"]
36(("e60bed3c<br/>NODE"))
37["6ded4d4c<br/>#quot;13A-001#quot;"]
38(["0d31bdce<br/>ASSERTION"])
39["2100a83d<br/>#quot;isBasic#quot;"]
40["03e7479a<br/>#quot;ur:crypto-cid/hdcxdkmhpfathyyltnnboypsemehkimudnkgeyosgolncfmdnboypsecpsghtefzetkndpeylrfz#quot;"]
41(["336f50d3<br/>ASSERTION"])
42["d68d0704<br/>#quot;isAdvanced#quot;"]
43["9fb97d91<br/>#quot;ur:crypto-cid/hdcxjsdwaegrpfwmbkehhscwmshpchlnhhayadadwszcghhtmnzcgomhutcmytldfwpadmdlcwfe#quot;"]
44(["b22278f9<br/>ASSERTION"])
45["d68d0704<br/>#quot;isAdvanced#quot;"]
46["3410120d<br/>#quot;ur:crypto-cid/hdcxmhtnnlcshsjzhywyhgttsrgulstdwdnezesekosndnfxswzezolrfdcwlulacxeopdkghnht#quot;"]
47(["ca13e82f<br/>ASSERTION"])
48["2100a83d<br/>#quot;isBasic#quot;"]
49["eb9d612b<br/>#quot;ur:crypto-cid/hdcxaepthffshppabkgydawmlftbpfrnaefzrdjehybwtskgmwveenwzntpyhdrpsfqzsgqdftnb#quot;"]
50(["e67d3bb2<br/>ASSERTION"])
51["d68d0704<br/>#quot;isAdvanced#quot;"]
52["a285aabe<br/>#quot;ur:crypto-cid/hdcxbetimuglwppshfqdsahsktgmnelsjnbdcanspmnshkpecxcfztlkiohgenytntmkaxjngadt#quot;"]
53(["90f9cd74<br/>ASSERTION"])
54[/"d59f8c0f<br/>verifiedBy"/]
55["b9f2cc21<br/>Signature"]
1 -->|subj| 2
2 -->|subj| 3
3 -->|subj| 4
3 --> 5
5 -->|pred| 6
5 -->|obj| 7
3 --> 8
8 -->|pred| 9
8 -->|obj| 10
10 -->|subj| 11
10 --> 12
12 -->|pred| 13
12 -->|obj| 14
10 --> 15
15 -->|pred| 16
15 -->|obj| 17
10 --> 18
18 -->|pred| 19
18 -->|obj| 20
10 --> 21
21 -->|pred| 22
21 -->|obj| 23
10 --> 24
24 -->|pred| 25
24 -->|obj| 26
3 --> 27
27 -->|pred| 28
27 -->|obj| 29
29 -->|subj| 30
29 --> 31
31 -->|pred| 32
31 -->|obj| 33
3 --> 34
34 -->|pred| 35
34 -->|obj| 36
36 -->|subj| 37
36 --> 38
38 -->|pred| 39
38 -->|obj| 40
36 --> 41
41 -->|pred| 42
41 -->|obj| 43
36 --> 44
44 -->|pred| 45
44 -->|obj| 46
36 --> 47
47 -->|pred| 48
47 -->|obj| 49
36 --> 50
50 -->|pred| 51
50 -->|obj| 52
1 --> 53
53 -->|pred| 54
53 -->|obj| 55
style 1 stroke:red,stroke-width:3.0px
style 2 stroke:red,stroke-width:3.0px
style 3 stroke:red,stroke-width:3.0px
style 4 stroke:#55f,stroke-width:3.0px
style 5 stroke:red,stroke-width:3.0px
style 6 stroke:#55f,stroke-width:3.0px
style 7 stroke:#55f,stroke-width:3.0px
style 8 stroke:red,stroke-width:3.0px
style 9 stroke:#55f,stroke-width:3.0px
style 10 stroke:red,stroke-width:3.0px
style 11 stroke:#55f,stroke-width:3.0px
style 12 stroke:red,stroke-width:3.0px
style 13 stroke:#55f,stroke-width:3.0px
style 14 stroke:#55f,stroke-width:3.0px
style 15 stroke:red,stroke-width:3.0px
style 16 stroke:#55f,stroke-width:3.0px
style 17 stroke:#55f,stroke-width:3.0px
style 18 stroke:red,stroke-width:3.0px
style 19 stroke:#55f,stroke-width:3.0px
style 20 stroke:#55f,stroke-width:3.0px
style 21 stroke:red,stroke-width:3.0px
style 22 stroke:#55f,stroke-width:3.0px
style 23 stroke:#55f,stroke-width:3.0px
style 24 stroke:red,stroke-width:3.0px
style 25 stroke:#55f,stroke-width:3.0px
style 26 stroke:#55f,stroke-width:3.0px
style 27 stroke:red,stroke-width:3.0px
style 28 stroke:#55f,stroke-width:3.0px
style 29 stroke:red,stroke-width:3.0px
style 30 stroke:#55f,stroke-width:3.0px
style 31 stroke:red,stroke-width:3.0px
style 32 stroke:#55f,stroke-width:3.0px
style 33 stroke:#55f,stroke-width:3.0px
style 34 stroke:red,stroke-width:3.0px
style 35 stroke:#55f,stroke-width:3.0px
style 36 stroke:red,stroke-width:3.0px
style 37 stroke:#55f,stroke-width:3.0px
style 38 stroke:red,stroke-width:3.0px
style 39 stroke:#55f,stroke-width:3.0px
style 40 stroke:#55f,stroke-width:3.0px
style 41 stroke:red,stroke-width:3.0px
style 42 stroke:#55f,stroke-width:3.0px
style 43 stroke:#55f,stroke-width:3.0px
style 44 stroke:red,stroke-width:3.0px
style 45 stroke:#55f,stroke-width:3.0px
style 46 stroke:#55f,stroke-width:3.0px
style 47 stroke:red,stroke-width:3.0px
style 48 stroke:#55f,stroke-width:3.0px
style 49 stroke:#55f,stroke-width:3.0px
style 50 stroke:red,stroke-width:3.0px
style 51 stroke:#55f,stroke-width:3.0px
style 52 stroke:#55f,stroke-width:3.0px
style 53 stroke:red,stroke-width:3.0px
style 54 stroke:#55f,stroke-width:3.0px
style 55 stroke:#55f,stroke-width:3.0px
linkStyle 0 stroke:red,stroke-width:2.0px
linkStyle 1 stroke:red,stroke-width:2.0px
linkStyle 2 stroke:red,stroke-width:2.0px
linkStyle 3 stroke-width:2.0px
linkStyle 4 stroke:green,stroke-width:2.0px
linkStyle 5 stroke:#55f,stroke-width:2.0px
linkStyle 6 stroke-width:2.0px
linkStyle 7 stroke:green,stroke-width:2.0px
linkStyle 8 stroke:#55f,stroke-width:2.0px
linkStyle 9 stroke:red,stroke-width:2.0px
linkStyle 10 stroke-width:2.0px
linkStyle 11 stroke:green,stroke-width:2.0px
linkStyle 12 stroke:#55f,stroke-width:2.0px
linkStyle 13 stroke-width:2.0px
linkStyle 14 stroke:green,stroke-width:2.0px
linkStyle 15 stroke:#55f,stroke-width:2.0px
linkStyle 16 stroke-width:2.0px
linkStyle 17 stroke:green,stroke-width:2.0px
linkStyle 18 stroke:#55f,stroke-width:2.0px
linkStyle 19 stroke-width:2.0px
linkStyle 20 stroke:green,stroke-width:2.0px
linkStyle 21 stroke:#55f,stroke-width:2.0px
linkStyle 22 stroke-width:2.0px
linkStyle 23 stroke:green,stroke-width:2.0px
linkStyle 24 stroke:#55f,stroke-width:2.0px
linkStyle 25 stroke-width:2.0px
linkStyle 26 stroke:green,stroke-width:2.0px
linkStyle 27 stroke:#55f,stroke-width:2.0px
linkStyle 28 stroke:red,stroke-width:2.0px
linkStyle 29 stroke-width:2.0px
linkStyle 30 stroke:green,stroke-width:2.0px
linkStyle 31 stroke:#55f,stroke-width:2.0px
linkStyle 32 stroke-width:2.0px
linkStyle 33 stroke:green,stroke-width:2.0px
linkStyle 34 stroke:#55f,stroke-width:2.0px
linkStyle 35 stroke:red,stroke-width:2.0px
linkStyle 36 stroke-width:2.0px
linkStyle 37 stroke:green,stroke-width:2.0px
linkStyle 38 stroke:#55f,stroke-width:2.0px
linkStyle 39 stroke-width:2.0px
linkStyle 40 stroke:green,stroke-width:2.0px
linkStyle 41 stroke:#55f,stroke-width:2.0px
linkStyle 42 stroke-width:2.0px
linkStyle 43 stroke:green,stroke-width:2.0px
linkStyle 44 stroke:#55f,stroke-width:2.0px
linkStyle 45 stroke-width:2.0px
linkStyle 46 stroke:green,stroke-width:2.0px
linkStyle 47 stroke:#55f,stroke-width:2.0px
linkStyle 48 stroke-width:2.0px
linkStyle 49 stroke:green,stroke-width:2.0px
linkStyle 50 stroke:#55f,stroke-width:2.0px
linkStyle 51 stroke-width:2.0px
linkStyle 52 stroke:green,stroke-width:2.0px
linkStyle 53 stroke:#55f,stroke-width:2.0px
As before, Blockchain Commons publishes a partially elided Envelope with the foundational information about the test results.
{
"Blockchain Commons Certifactions #13A" [
"certifiedBy": "Blockchain Commons" [
"pubkeyURL": "https://www.blockchaincommons.com/certification.keys"
]
"date": "11-01-2022"
ELIDED (2)
]
} [
verifiedBy: Signature
]
graph LR
1(("a356dca2<br/>NODE"))
2[/"c5b7e587<br/>WRAPPED"\]
3(("27953cfd<br/>NODE"))
4["88b3ff17<br/>#quot;Blockchain Commons Certifactions #13A#quot;"]
5(["0e421d2e<br/>ASSERTION"])
6["127a2386<br/>#quot;date#quot;"]
7["c666f06c<br/>#quot;11-01-2022#quot;"]
812b89490<br/>ELIDED
9(["64e8fe1e<br/>ASSERTION"])
10["7eb11472<br/>#quot;certifiedBy#quot;"]
11(("55378d51<br/>NODE"))
12["8ae1d503<br/>#quot;Blockchain Commons#quot;"]
13(["b0a1cbca<br/>ASSERTION"])
14["29c0cd61<br/>#quot;pubkeyURL#quot;"]
15["04d0d649<br/>#quot;https://www.blockchaincommons.com/certification.keys#quot;"]
16bf0d2ed8<br/>ELIDED
17(["59ab0d7d<br/>ASSERTION"])
18[/"d59f8c0f<br/>verifiedBy"/]
19["76510b9f<br/>Signature"]
1 -->|subj| 2
2 -->|subj| 3
3 -->|subj| 4
3 --> 5
5 -->|pred| 6
5 -->|obj| 7
3 --> 8
3 --> 9
9 -->|pred| 10
9 -->|obj| 11
11 -->|subj| 12
11 --> 13
13 -->|pred| 14
13 -->|obj| 15
3 --> 16
1 --> 17
17 -->|pred| 18
17 -->|obj| 19
style 1 stroke:red,stroke-width:3.0px
style 2 stroke:red,stroke-width:3.0px
style 3 stroke:red,stroke-width:3.0px
style 4 stroke:#55f,stroke-width:3.0px
style 5 stroke:red,stroke-width:3.0px
style 6 stroke:#55f,stroke-width:3.0px
style 7 stroke:#55f,stroke-width:3.0px
style 8 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 9 stroke:red,stroke-width:3.0px
style 10 stroke:#55f,stroke-width:3.0px
style 11 stroke:red,stroke-width:3.0px
style 12 stroke:#55f,stroke-width:3.0px
style 13 stroke:red,stroke-width:3.0px
style 14 stroke:#55f,stroke-width:3.0px
style 15 stroke:#55f,stroke-width:3.0px
style 16 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 17 stroke:red,stroke-width:3.0px
style 18 stroke:#55f,stroke-width:3.0px
style 19 stroke:#55f,stroke-width:3.0px
linkStyle 0 stroke:red,stroke-width:2.0px
linkStyle 1 stroke:red,stroke-width:2.0px
linkStyle 2 stroke:red,stroke-width:2.0px
linkStyle 3 stroke-width:2.0px
linkStyle 4 stroke:green,stroke-width:2.0px
linkStyle 5 stroke:#55f,stroke-width:2.0px
linkStyle 6 stroke-width:2.0px
linkStyle 7 stroke-width:2.0px
linkStyle 8 stroke:green,stroke-width:2.0px
linkStyle 9 stroke:#55f,stroke-width:2.0px
linkStyle 10 stroke:red,stroke-width:2.0px
linkStyle 11 stroke-width:2.0px
linkStyle 12 stroke:green,stroke-width:2.0px
linkStyle 13 stroke:#55f,stroke-width:2.0px
linkStyle 14 stroke-width:2.0px
linkStyle 15 stroke-width:2.0px
linkStyle 16 stroke:green,stroke-width:2.0px
linkStyle 17 stroke:#55f,stroke-width:2.0px
This time there’s effectively zero chance of correlation because the two remaining ELIDED
elements each contain several (5) identifiers, drawn from the set of all identifiers. There’s no practical way to figure out what is in each bundle, greatly improving the privacy of the content in relation to the general public.
In order to prove his participation, Paul creates an assertion, just like before:
"isBasic": "ur:crypto-cid/hdcxiadtuowtsrynlfbslgplynrlonpfbaeolkbzztsngtasjpenwmdevojsgmplishhurkebnts"
graph LR
1(["58f1cdd3<br/>ASSERTION"])
2["2100a83d<br/>#quot;isBasic#quot;"]
3["478112c2<br/>#quot;ur:crypto-cid/hdcxiadtuowtsrynlfbslgplynrlonpfbaeolkbzztsngtasjpenwmdevojsgmplishhurkebnts#quot;"]
1 -->|pred| 2
1 -->|obj| 3
style 1 stroke:red,stroke-width:3.0px
style 2 stroke:#55f,stroke-width:3.0px
style 3 stroke:#55f,stroke-width:3.0px
linkStyle 0 stroke:green,stroke-width:2.0px
linkStyle 1 stroke:#55f,stroke-width:2.0px
However, due to the fact that the contents of the bundles of identifiers remain hidden, that’s not enough. Paul needs to hand his assertion to Blockchain Commons, and then they need to send back a proof that reveals just enough of the Envelope structure to open up the bundle that contains his identifier. Though this is more back-and-forth than in the previous Use Case, it can still be done in a privacy preserving way, such as Paul requesting the Proof over a Tor connection.
Here’s what the proof looks like.
{
ELIDED [
ELIDED: ELIDED [
ELIDED (5)
]
ELIDED (3)
]
} [
ELIDED
]
graph LR
1(("a356dca2<br/>NODE"))
2[/"c5b7e587<br/>WRAPPED"\]
3(("27953cfd<br/>NODE"))
488b3ff17<br/>ELIDED
50e421d2e<br/>ELIDED
6(["12b89490<br/>ASSERTION"])
72969c9d5<br/>ELIDED
8(("f51ac46f<br/>NODE"))
9c2719309<br/>ELIDED
1058f1cdd3<br/>ELIDED
115b278116<br/>ELIDED
1292f71067<br/>ELIDED
13c2f3fe78<br/>ELIDED
14c3bd8189<br/>ELIDED
1564e8fe1e<br/>ELIDED
16bf0d2ed8<br/>ELIDED
1759ab0d7d<br/>ELIDED
1 -->|subj| 2
2 -->|subj| 3
3 -->|subj| 4
3 --> 5
3 --> 6
6 -->|pred| 7
6 -->|obj| 8
8 -->|subj| 9
8 --> 10
8 --> 11
8 --> 12
8 --> 13
8 --> 14
3 --> 15
3 --> 16
1 --> 17
style 1 stroke:red,stroke-width:3.0px
style 2 stroke:red,stroke-width:3.0px
style 3 stroke:red,stroke-width:3.0px
style 4 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 5 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 6 stroke:red,stroke-width:3.0px
style 7 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 8 stroke:red,stroke-width:3.0px
style 9 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 10 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 11 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 12 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 13 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 14 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 15 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 16 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 17 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
linkStyle 0 stroke:red,stroke-width:2.0px
linkStyle 1 stroke:red,stroke-width:2.0px
linkStyle 2 stroke:red,stroke-width:2.0px
linkStyle 3 stroke-width:2.0px
linkStyle 4 stroke-width:2.0px
linkStyle 5 stroke:green,stroke-width:2.0px
linkStyle 6 stroke:#55f,stroke-width:2.0px
linkStyle 7 stroke:red,stroke-width:2.0px
linkStyle 8 stroke-width:2.0px
linkStyle 9 stroke-width:2.0px
linkStyle 10 stroke-width:2.0px
linkStyle 11 stroke-width:2.0px
linkStyle 12 stroke-width:2.0px
linkStyle 13 stroke-width:2.0px
linkStyle 14 stroke-width:2.0px
linkStyle 15 stroke-width:2.0px
A proof is the minimum path needed to reveal the hash that a user requires to demonstrate the existence of his assertion. As can be seen, one of the bundles (f51ac46f
) has now been opened up. That reveals Paul’s hash (58F1CDD3
).
To prove his inclusion, Paul would now have to reveal his assertion digest, the “proof” from Blockchain Commons, and the original publication from Blockchain Commons. Though he had to contact Blockchain Commons once to get his proof, Paul never has to again, giving him total independence with regard to his credential once he has all the initial data.
Through this methodology, the possibility of correlation is much reduced. The proof is the only thing that contains a low-level hash that could theoretically be correlated if someone knew what to look for. They’re not meant to be published, which greatly reduces their danger, but even if they were, only the other DIDs in the same bundle are subject to potential correlation. (Salted assertions still offer better correlation protection, but as noted previously, only at a cost in space, complexity, and required secrets. The bundled assertions of this example offer an excellent middle ground.)
7. Burton Bank Avoids Toxicity (Herd Privacy with Selective Correlation)
- Use Case: Burton Bank needs to verify the success of its student loans without acquiring toxic data while doing so!
- Privacy Benefit: No information is exchanged! Burton Bank simply uses hashes to prove the existence of data that they already have. That’s the ultimate in data minimization.
- Openness Benefit: Thanks to the open Gordian Envelope specification, multiple parties are able to depend on data being hashed in precisely the same way, which allows for them to create individual proofs of inclusion, each based on the data that they individually know.
Personal data can be toxic! It can be a major liability for companies holding the data, especially in an age where online data breaches are becoming increasingly common and where laws such the GDPR and the CCPA are providing increasing protections to users (while simultaneously punishing companies who do not successfully protect user information).
Despite that, companies still need to work with personal information, and that’s the case for Burton Bank. They fund student loans based on government backing, and as a result they have to follow a variety of regulations. One of them states that they may only offer funds to educational institutes whose loan holders maintain an 80% graduation rate within two years for professional schools and within four years for colleges. As a result, Burton Bank needs to receive information on the graduation of its loan holders, but this can be tricky as they sometimes buy loans from other banks or sell them to other banks: no one but Burton knows what loans they hold!
Acme Professional School thus prepares a general report on graduation for all of their students three times a year. To protect the recipients, they elide it so that no toxic data is transmitted. Burton Bank can then selectively correlate the elided data using the personal data they already have on hand, but without accepting any new responsibility for the data of students not associated with the bank!
Acme’s yearly report lists the identifiers for their students, plus enough additional information to allow verification, all signed by Acme.
{
"Acme Professional School 2022-12-24 Graduation" [
"freedoniaID": "fasa-marx-1" [
"dateOfBirth": "2002-12-06"
"lastName": "Elsher"
]
"socialSecurity": "000345678" [
"dateOfBirth": "2001-07-04"
"lastName": "Hansley"
]
"socialSecurity": "078051120" [
"dateOfBirth": "1984-03-21"
"lastName": "Dawson"
]
"socialSecurity": "123004567" [
"dateOfBirth": "1999-12-31"
"lastName": "Hayes"
]
"socialSecurity": "123456789" [
"dateOfBirth": "2004-02-29"
"lastName": "Gray"
]
"socialSecurity": "567890000" [
"dateOfBirth": "2002-06-06"
"lastName": "Wang"
]
"socialSecurity": "666786543" [
"dateOfBirth": "2001-10-31"
"lastName": "Liu"
]
"wakandaID": "W6368616420626f73656d616e" [
"dateOfBirth": "1997-08-28"
"lastName": "Challa"
]
]
} [
verifiedBy: Signature
]
graph LR
1(("38e3f10e<br/>NODE"))
2[/"6d68c797<br/>WRAPPED"\]
3(("441bc0d3<br/>NODE"))
4["1c42df20<br/>#quot;Acme Professional School 2022-12-24 Graduation#quot;"]
5(["0fbe062c<br/>ASSERTION"])
6["32f06bb1<br/>#quot;socialSecurity#quot;"]
7(("68b165ed<br/>NODE"))
8["3e7d4a32<br/>#quot;123456789#quot;"]
9(["0d206284<br/>ASSERTION"])
10["eb62836d<br/>#quot;lastName#quot;"]
11["c8027fab<br/>#quot;Gray#quot;"]
12(["e3ff7458<br/>ASSERTION"])
13["06d2aaa3<br/>#quot;dateOfBirth#quot;"]
14["c246b6c0<br/>#quot;2004-02-29#quot;"]
15(["1a9d204c<br/>ASSERTION"])
16["32f06bb1<br/>#quot;socialSecurity#quot;"]
17(("db478b2f<br/>NODE"))
18["71734aec<br/>#quot;666786543#quot;"]
19(["71acbb68<br/>ASSERTION"])
20["06d2aaa3<br/>#quot;dateOfBirth#quot;"]
21["18886fb7<br/>#quot;2001-10-31#quot;"]
22(["94f521bc<br/>ASSERTION"])
23["eb62836d<br/>#quot;lastName#quot;"]
24["a4304222<br/>#quot;Liu#quot;"]
25(["1ccceace<br/>ASSERTION"])
26["32f06bb1<br/>#quot;socialSecurity#quot;"]
27(("2df44dd7<br/>NODE"))
28["d436d93f<br/>#quot;078051120#quot;"]
29(["19436235<br/>ASSERTION"])
30["eb62836d<br/>#quot;lastName#quot;"]
31["b0c5165e<br/>#quot;Dawson#quot;"]
32(["dcd91ac9<br/>ASSERTION"])
33["06d2aaa3<br/>#quot;dateOfBirth#quot;"]
34["3b23c99a<br/>#quot;1984-03-21#quot;"]
35(["301cb6f4<br/>ASSERTION"])
36["0308a0ff<br/>#quot;wakandaID#quot;"]
37(("986dfa41<br/>NODE"))
38["a9d35651<br/>#quot;W6368616420626f73656d616e#quot;"]
39(["4a7c4b11<br/>ASSERTION"])
40["eb62836d<br/>#quot;lastName#quot;"]
41["12184656<br/>#quot;Challa#quot;"]
42(["4ef16b62<br/>ASSERTION"])
43["06d2aaa3<br/>#quot;dateOfBirth#quot;"]
44["e1636bfc<br/>#quot;1997-08-28#quot;"]
45(["40e63258<br/>ASSERTION"])
46["32f06bb1<br/>#quot;socialSecurity#quot;"]
47(("40221b32<br/>NODE"))
48["0e5442a4<br/>#quot;123004567#quot;"]
49(["491aa1a4<br/>ASSERTION"])
50["eb62836d<br/>#quot;lastName#quot;"]
51["2168c1a1<br/>#quot;Hayes#quot;"]
52(["f9436c96<br/>ASSERTION"])
53["06d2aaa3<br/>#quot;dateOfBirth#quot;"]
54["aa912b0c<br/>#quot;1999-12-31#quot;"]
55(["8136bd53<br/>ASSERTION"])
56["32f06bb1<br/>#quot;socialSecurity#quot;"]
57(("a21cb4f5<br/>NODE"))
58["c1e8e7c4<br/>#quot;000345678#quot;"]
59(["4b5e029d<br/>ASSERTION"])
60["06d2aaa3<br/>#quot;dateOfBirth#quot;"]
61["1da89ba1<br/>#quot;2001-07-04#quot;"]
62(["b0716075<br/>ASSERTION"])
63["eb62836d<br/>#quot;lastName#quot;"]
64["c658c290<br/>#quot;Hansley#quot;"]
65(["df10fd36<br/>ASSERTION"])
66["32f06bb1<br/>#quot;socialSecurity#quot;"]
67(("8222c8ae<br/>NODE"))
68["40d32d37<br/>#quot;567890000#quot;"]
69(["07d1947b<br/>ASSERTION"])
70["eb62836d<br/>#quot;lastName#quot;"]
71["8e45fffa<br/>#quot;Wang#quot;"]
72(["169cfb83<br/>ASSERTION"])
73["06d2aaa3<br/>#quot;dateOfBirth#quot;"]
74["901adfac<br/>#quot;2002-06-06#quot;"]
75(["e79e2110<br/>ASSERTION"])
76["a16163df<br/>#quot;freedoniaID#quot;"]
77(("6bcbca2d<br/>NODE"))
78["a4465da4<br/>#quot;fasa-marx-1#quot;"]
79(["1852d5ed<br/>ASSERTION"])
80["eb62836d<br/>#quot;lastName#quot;"]
81["dd94ae7a<br/>#quot;Elsher#quot;"]
82(["ba154096<br/>ASSERTION"])
83["06d2aaa3<br/>#quot;dateOfBirth#quot;"]
84["93eda65a<br/>#quot;2002-12-06#quot;"]
85(["42815a8c<br/>ASSERTION"])
86[/"d59f8c0f<br/>verifiedBy"/]
87["0376c2bc<br/>Signature"]
1 -->|subj| 2
2 -->|subj| 3
3 -->|subj| 4
3 --> 5
5 -->|pred| 6
5 -->|obj| 7
7 -->|subj| 8
7 --> 9
9 -->|pred| 10
9 -->|obj| 11
7 --> 12
12 -->|pred| 13
12 -->|obj| 14
3 --> 15
15 -->|pred| 16
15 -->|obj| 17
17 -->|subj| 18
17 --> 19
19 -->|pred| 20
19 -->|obj| 21
17 --> 22
22 -->|pred| 23
22 -->|obj| 24
3 --> 25
25 -->|pred| 26
25 -->|obj| 27
27 -->|subj| 28
27 --> 29
29 -->|pred| 30
29 -->|obj| 31
27 --> 32
32 -->|pred| 33
32 -->|obj| 34
3 --> 35
35 -->|pred| 36
35 -->|obj| 37
37 -->|subj| 38
37 --> 39
39 -->|pred| 40
39 -->|obj| 41
37 --> 42
42 -->|pred| 43
42 -->|obj| 44
3 --> 45
45 -->|pred| 46
45 -->|obj| 47
47 -->|subj| 48
47 --> 49
49 -->|pred| 50
49 -->|obj| 51
47 --> 52
52 -->|pred| 53
52 -->|obj| 54
3 --> 55
55 -->|pred| 56
55 -->|obj| 57
57 -->|subj| 58
57 --> 59
59 -->|pred| 60
59 -->|obj| 61
57 --> 62
62 -->|pred| 63
62 -->|obj| 64
3 --> 65
65 -->|pred| 66
65 -->|obj| 67
67 -->|subj| 68
67 --> 69
69 -->|pred| 70
69 -->|obj| 71
67 --> 72
72 -->|pred| 73
72 -->|obj| 74
3 --> 75
75 -->|pred| 76
75 -->|obj| 77
77 -->|subj| 78
77 --> 79
79 -->|pred| 80
79 -->|obj| 81
77 --> 82
82 -->|pred| 83
82 -->|obj| 84
1 --> 85
85 -->|pred| 86
85 -->|obj| 87
style 1 stroke:red,stroke-width:3.0px
style 2 stroke:red,stroke-width:3.0px
style 3 stroke:red,stroke-width:3.0px
style 4 stroke:#55f,stroke-width:3.0px
style 5 stroke:red,stroke-width:3.0px
style 6 stroke:#55f,stroke-width:3.0px
style 7 stroke:red,stroke-width:3.0px
style 8 stroke:#55f,stroke-width:3.0px
style 9 stroke:red,stroke-width:3.0px
style 10 stroke:#55f,stroke-width:3.0px
style 11 stroke:#55f,stroke-width:3.0px
style 12 stroke:red,stroke-width:3.0px
style 13 stroke:#55f,stroke-width:3.0px
style 14 stroke:#55f,stroke-width:3.0px
style 15 stroke:red,stroke-width:3.0px
style 16 stroke:#55f,stroke-width:3.0px
style 17 stroke:red,stroke-width:3.0px
style 18 stroke:#55f,stroke-width:3.0px
style 19 stroke:red,stroke-width:3.0px
style 20 stroke:#55f,stroke-width:3.0px
style 21 stroke:#55f,stroke-width:3.0px
style 22 stroke:red,stroke-width:3.0px
style 23 stroke:#55f,stroke-width:3.0px
style 24 stroke:#55f,stroke-width:3.0px
style 25 stroke:red,stroke-width:3.0px
style 26 stroke:#55f,stroke-width:3.0px
style 27 stroke:red,stroke-width:3.0px
style 28 stroke:#55f,stroke-width:3.0px
style 29 stroke:red,stroke-width:3.0px
style 30 stroke:#55f,stroke-width:3.0px
style 31 stroke:#55f,stroke-width:3.0px
style 32 stroke:red,stroke-width:3.0px
style 33 stroke:#55f,stroke-width:3.0px
style 34 stroke:#55f,stroke-width:3.0px
style 35 stroke:red,stroke-width:3.0px
style 36 stroke:#55f,stroke-width:3.0px
style 37 stroke:red,stroke-width:3.0px
style 38 stroke:#55f,stroke-width:3.0px
style 39 stroke:red,stroke-width:3.0px
style 40 stroke:#55f,stroke-width:3.0px
style 41 stroke:#55f,stroke-width:3.0px
style 42 stroke:red,stroke-width:3.0px
style 43 stroke:#55f,stroke-width:3.0px
style 44 stroke:#55f,stroke-width:3.0px
style 45 stroke:red,stroke-width:3.0px
style 46 stroke:#55f,stroke-width:3.0px
style 47 stroke:red,stroke-width:3.0px
style 48 stroke:#55f,stroke-width:3.0px
style 49 stroke:red,stroke-width:3.0px
style 50 stroke:#55f,stroke-width:3.0px
style 51 stroke:#55f,stroke-width:3.0px
style 52 stroke:red,stroke-width:3.0px
style 53 stroke:#55f,stroke-width:3.0px
style 54 stroke:#55f,stroke-width:3.0px
style 55 stroke:red,stroke-width:3.0px
style 56 stroke:#55f,stroke-width:3.0px
style 57 stroke:red,stroke-width:3.0px
style 58 stroke:#55f,stroke-width:3.0px
style 59 stroke:red,stroke-width:3.0px
style 60 stroke:#55f,stroke-width:3.0px
style 61 stroke:#55f,stroke-width:3.0px
style 62 stroke:red,stroke-width:3.0px
style 63 stroke:#55f,stroke-width:3.0px
style 64 stroke:#55f,stroke-width:3.0px
style 65 stroke:red,stroke-width:3.0px
style 66 stroke:#55f,stroke-width:3.0px
style 67 stroke:red,stroke-width:3.0px
style 68 stroke:#55f,stroke-width:3.0px
style 69 stroke:red,stroke-width:3.0px
style 70 stroke:#55f,stroke-width:3.0px
style 71 stroke:#55f,stroke-width:3.0px
style 72 stroke:red,stroke-width:3.0px
style 73 stroke:#55f,stroke-width:3.0px
style 74 stroke:#55f,stroke-width:3.0px
style 75 stroke:red,stroke-width:3.0px
style 76 stroke:#55f,stroke-width:3.0px
style 77 stroke:red,stroke-width:3.0px
style 78 stroke:#55f,stroke-width:3.0px
style 79 stroke:red,stroke-width:3.0px
style 80 stroke:#55f,stroke-width:3.0px
style 81 stroke:#55f,stroke-width:3.0px
style 82 stroke:red,stroke-width:3.0px
style 83 stroke:#55f,stroke-width:3.0px
style 84 stroke:#55f,stroke-width:3.0px
style 85 stroke:red,stroke-width:3.0px
style 86 stroke:#55f,stroke-width:3.0px
style 87 stroke:#55f,stroke-width:3.0px
linkStyle 0 stroke:red,stroke-width:2.0px
linkStyle 1 stroke:red,stroke-width:2.0px
linkStyle 2 stroke:red,stroke-width:2.0px
linkStyle 3 stroke-width:2.0px
linkStyle 4 stroke:green,stroke-width:2.0px
linkStyle 5 stroke:#55f,stroke-width:2.0px
linkStyle 6 stroke:red,stroke-width:2.0px
linkStyle 7 stroke-width:2.0px
linkStyle 8 stroke:green,stroke-width:2.0px
linkStyle 9 stroke:#55f,stroke-width:2.0px
linkStyle 10 stroke-width:2.0px
linkStyle 11 stroke:green,stroke-width:2.0px
linkStyle 12 stroke:#55f,stroke-width:2.0px
linkStyle 13 stroke-width:2.0px
linkStyle 14 stroke:green,stroke-width:2.0px
linkStyle 15 stroke:#55f,stroke-width:2.0px
linkStyle 16 stroke:red,stroke-width:2.0px
linkStyle 17 stroke-width:2.0px
linkStyle 18 stroke:green,stroke-width:2.0px
linkStyle 19 stroke:#55f,stroke-width:2.0px
linkStyle 20 stroke-width:2.0px
linkStyle 21 stroke:green,stroke-width:2.0px
linkStyle 22 stroke:#55f,stroke-width:2.0px
linkStyle 23 stroke-width:2.0px
linkStyle 24 stroke:green,stroke-width:2.0px
linkStyle 25 stroke:#55f,stroke-width:2.0px
linkStyle 26 stroke:red,stroke-width:2.0px
linkStyle 27 stroke-width:2.0px
linkStyle 28 stroke:green,stroke-width:2.0px
linkStyle 29 stroke:#55f,stroke-width:2.0px
linkStyle 30 stroke-width:2.0px
linkStyle 31 stroke:green,stroke-width:2.0px
linkStyle 32 stroke:#55f,stroke-width:2.0px
linkStyle 33 stroke-width:2.0px
linkStyle 34 stroke:green,stroke-width:2.0px
linkStyle 35 stroke:#55f,stroke-width:2.0px
linkStyle 36 stroke:red,stroke-width:2.0px
linkStyle 37 stroke-width:2.0px
linkStyle 38 stroke:green,stroke-width:2.0px
linkStyle 39 stroke:#55f,stroke-width:2.0px
linkStyle 40 stroke-width:2.0px
linkStyle 41 stroke:green,stroke-width:2.0px
linkStyle 42 stroke:#55f,stroke-width:2.0px
linkStyle 43 stroke-width:2.0px
linkStyle 44 stroke:green,stroke-width:2.0px
linkStyle 45 stroke:#55f,stroke-width:2.0px
linkStyle 46 stroke:red,stroke-width:2.0px
linkStyle 47 stroke-width:2.0px
linkStyle 48 stroke:green,stroke-width:2.0px
linkStyle 49 stroke:#55f,stroke-width:2.0px
linkStyle 50 stroke-width:2.0px
linkStyle 51 stroke:green,stroke-width:2.0px
linkStyle 52 stroke:#55f,stroke-width:2.0px
linkStyle 53 stroke-width:2.0px
linkStyle 54 stroke:green,stroke-width:2.0px
linkStyle 55 stroke:#55f,stroke-width:2.0px
linkStyle 56 stroke:red,stroke-width:2.0px
linkStyle 57 stroke-width:2.0px
linkStyle 58 stroke:green,stroke-width:2.0px
linkStyle 59 stroke:#55f,stroke-width:2.0px
linkStyle 60 stroke-width:2.0px
linkStyle 61 stroke:green,stroke-width:2.0px
linkStyle 62 stroke:#55f,stroke-width:2.0px
linkStyle 63 stroke-width:2.0px
linkStyle 64 stroke:green,stroke-width:2.0px
linkStyle 65 stroke:#55f,stroke-width:2.0px
linkStyle 66 stroke:red,stroke-width:2.0px
linkStyle 67 stroke-width:2.0px
linkStyle 68 stroke:green,stroke-width:2.0px
linkStyle 69 stroke:#55f,stroke-width:2.0px
linkStyle 70 stroke-width:2.0px
linkStyle 71 stroke:green,stroke-width:2.0px
linkStyle 72 stroke:#55f,stroke-width:2.0px
linkStyle 73 stroke-width:2.0px
linkStyle 74 stroke:green,stroke-width:2.0px
linkStyle 75 stroke:#55f,stroke-width:2.0px
linkStyle 76 stroke:red,stroke-width:2.0px
linkStyle 77 stroke-width:2.0px
linkStyle 78 stroke:green,stroke-width:2.0px
linkStyle 79 stroke:#55f,stroke-width:2.0px
linkStyle 80 stroke-width:2.0px
linkStyle 81 stroke:green,stroke-width:2.0px
linkStyle 82 stroke:#55f,stroke-width:2.0px
linkStyle 83 stroke-width:2.0px
linkStyle 84 stroke:green,stroke-width:2.0px
linkStyle 85 stroke:#55f,stroke-width:2.0px
Obviously, this is highly toxic information. Social security numbers are so toxic that a reference was used just to verify that invalid numbers were being used in this example. Worse, names and birthdates could aid in identity theft, especially if associated with a social security number (or other identifer). As a result, Acme doesn’t want to transmit this bare information, and Burton Bank doesn’t want to receive information on students not associated with the bank. But, a full set of information must be transmitted to support the governmental regulations!
Acme thus sends out the information in a fully elided form:
{
"Acme Professional School 2022-12-24 Graduation" [
ELIDED (8)
]
} [
verifiedBy: Signature
]
graph LR
1(("38e3f10e<br/>NODE"))
2[/"6d68c797<br/>WRAPPED"\]
3(("441bc0d3<br/>NODE"))
4["1c42df20<br/>#quot;Acme Professional School 2022-12-24 Graduation#quot;"]
50fbe062c<br/>ELIDED
61a9d204c<br/>ELIDED
71ccceace<br/>ELIDED
8301cb6f4<br/>ELIDED
940e63258<br/>ELIDED
108136bd53<br/>ELIDED
11df10fd36<br/>ELIDED
12e79e2110<br/>ELIDED
13(["42815a8c<br/>ASSERTION"])
14[/"d59f8c0f<br/>verifiedBy"/]
15["0376c2bc<br/>Signature"]
1 -->|subj| 2
2 -->|subj| 3
3 -->|subj| 4
3 --> 5
3 --> 6
3 --> 7
3 --> 8
3 --> 9
3 --> 10
3 --> 11
3 --> 12
1 --> 13
13 -->|pred| 14
13 -->|obj| 15
style 1 stroke:red,stroke-width:3.0px
style 2 stroke:red,stroke-width:3.0px
style 3 stroke:red,stroke-width:3.0px
style 4 stroke:#55f,stroke-width:3.0px
style 5 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 6 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 7 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 8 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 9 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 10 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 11 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 12 stroke:#55f,stroke-width:3.0px,stroke-dasharray:5.0 5.0
style 13 stroke:red,stroke-width:3.0px
style 14 stroke:#55f,stroke-width:3.0px
style 15 stroke:#55f,stroke-width:3.0px
linkStyle 0 stroke:red,stroke-width:2.0px
linkStyle 1 stroke:red,stroke-width:2.0px
linkStyle 2 stroke:red,stroke-width:2.0px
linkStyle 3 stroke-width:2.0px
linkStyle 4 stroke-width:2.0px
linkStyle 5 stroke-width:2.0px
linkStyle 6 stroke-width:2.0px
linkStyle 7 stroke-width:2.0px
linkStyle 8 stroke-width:2.0px
linkStyle 9 stroke-width:2.0px
linkStyle 10 stroke-width:2.0px
linkStyle 11 stroke-width:2.0px
linkStyle 12 stroke:green,stroke-width:2.0px
linkStyle 13 stroke:#55f,stroke-width:2.0px
They also include precise information on how to form the elided assertions, with examples.
Using a tool such as envelope-cli
, Burton can now use the exact format specified by Acme to form an assertion for each of their loan holders that combines their identifier, their last name, and their date of birth:
"socialSecurity": "123456789" [
"dateOfBirth": "2004-02-29"
"lastName": "Gray"
]
0fbe062c ASSERTION
32f06bb1 pred "socialSecurity"
68b165ed obj NODE
3e7d4a32 subj "123456789"
0d206284 ASSERTION
eb62836d pred "lastName"
c8027fab obj "Gray"
e3ff7458 ASSERTION
06d2aaa3 pred "dateOfBirth"
c246b6c0 obj "2004-02-29"
graph LR
1(["0fbe062c<br/>ASSERTION"])
2["32f06bb1<br/>#quot;socialSecurity#quot;"]
3(("68b165ed<br/>NODE"))
4["3e7d4a32<br/>#quot;123456789#quot;"]
5(["0d206284<br/>ASSERTION"])
6["eb62836d<br/>#quot;lastName#quot;"]
7["c8027fab<br/>#quot;Gray#quot;"]
8(["e3ff7458<br/>ASSERTION"])
9["06d2aaa3<br/>#quot;dateOfBirth#quot;"]
10["c246b6c0<br/>#quot;2004-02-29#quot;"]
1 -->|pred| 2
1 -->|obj| 3
3 -->|subj| 4
3 --> 5
5 -->|pred| 6
5 -->|obj| 7
3 --> 8
8 -->|pred| 9
8 -->|obj| 10
style 1 stroke:red,stroke-width:3.0px
style 2 stroke:#55f,stroke-width:3.0px
style 3 stroke:red,stroke-width:3.0px
style 4 stroke:#55f,stroke-width:3.0px
style 5 stroke:red,stroke-width:3.0px
style 6 stroke:#55f,stroke-width:3.0px
style 7 stroke:#55f,stroke-width:3.0px
style 8 stroke:red,stroke-width:3.0px
style 9 stroke:#55f,stroke-width:3.0px
style 10 stroke:#55f,stroke-width:3.0px
linkStyle 0 stroke:green,stroke-width:2.0px
linkStyle 1 stroke:#55f,stroke-width:2.0px
linkStyle 2 stroke:red,stroke-width:2.0px
linkStyle 3 stroke-width:2.0px
linkStyle 4 stroke:green,stroke-width:2.0px
linkStyle 5 stroke:#55f,stroke-width:2.0px
linkStyle 6 stroke-width:2.0px
linkStyle 7 stroke:green,stroke-width:2.0px
linkStyle 8 stroke:#55f,stroke-width:2.0px
If the hash for the assertion (0fbe062c
for Gray
) appears in the elided Gordian Envelope, then the Bank knows that they can update their records to show that loan holder has graduated.
And, this was all done without exchanging toxic information, but instead depending on selective correlation. Only someone who already held the information could possibly correlate the hash back to its original data! As a result, data was entirely minimized!