Canvas

Traditional identity and reputation management systems deployed by sharing platforms to establish trust are fragmented, insecure and exclusive. They are prone to single points of failure that may eventually result in the compromise of sensitive personal and transactional data.

The Canvas framework shall utilise Public Key Infrastructure to generate Decentralised Identifiers (DID's) to represent the identity and reputations of users transacting on different sharing platforms and applications. Every DID on Canvas shall be supported by the Verified Credentials (VC's) of their respective users to securely validate their identity.

Decentralised Identifiers

DID's (as specified by the W3C) are unique sets of identifiers that can facilitate the implementation of verifiable, decentralised, self-sovereign digital identities that can be potentially utilised to generate portable reputation and identities within the sharing economy.

Fundamentally, a DID is a simple string that can be mapped to any subject (person, organisation, object, data model, abstract entity, etc.) as per a defined scheme. The DID is contained within a DID URL which is issued by one or more DID controllers.

DID URL

The DID URL extends the syntax of a DID to incorporate standard URI components such as path, query and fragment to locate resources such as a cryptographic key within the DID document or a resource external to the DID document.

DID Document

Once mapped, the DID serves as a Uniform Resource Identifier (URI) that associates the subject with a DID document. This document defines the set of rules that subjects can use to prove their association with their respective DIDs. Consequently, the subjects do not require any centralised registry, identity provider or certification authority to prove control over their respective DIDs.

The DID document may also contain additional metadata that can be used to define the subject. The objective of the document is to conspicuously expresses the verification and validation methods that facilitate trustworthy transactions with the subject.

Verifiable Data Registry

DID's are recorded on a database system or network. This system should be capable of supporting all operations required to produce and record the DID document. Verifiable data registries can be distributed ledgers, decentralised file systems, peer-to-peer networks or any other form of trusted data storage.

Verifiable Credentials

VC's are open standards for generating encrypted digital representations of government issued physical credentials such as a passport, driver's license, etc. A verifiable credential may represent all or part of the information represented by their physical counterpart.

VC's are usually generated and transmitted to subjects by trusted issuers. To obtain a VC, the subject must submit their physical credentials to the issuer. After validating the submitted information, the issuer generates a verifiable credential for the subject. The issuer may digitally sign the issued credential as an additional layer of security, proving the authenticity of the VC.

Subjects can use their verifiable credentials to generate verifiable presentations to prove their credentials to different digital platforms and applications in a machine verifiable and cryptographically secure manner. Since the presentation are managed by the users, they can determine the specific bits of data that they intend to share with third parties, without revealing their entire personal information.

Identity Hubs

Since the information represented by VC's consists of sensitive personal data, they are usually stored in decentralised off-chain data storage facilities called identity hubs. The hubs offer complete control and autonomy to subjects over their respective verifiable credentials, thereby preventing any unauthorised misuse of their personal data. The choice of how to store the off-chain data is left to tje subject with the possible options being:

• Personal data storage devices

• Trusted cloud storage service

• Decentralised data storage networks such as IPFS

Decentralisation of Identity and Trust

Identity management systems generally deployed by sharing platforms and applications rely on centralised collection, storage and verification of user data and identity. The architecture of such systems necessitate ground-up verfication checks for every new user that signs up on the application. The platforms maintain complete authority over the identity and reputation markers of their users since they are stored in centralised repositories. This centralisation of data and identity not only eliminates the possibility of reputation portability but also escalates the probability of system exploits that may lead to the compromise of sensitive user data.

Through DIDs and VCs, decentralised identity management frameworks can overcome the infirmities of their centralised counterparts. They can offer users and sharing platforms a more secure, efficient and self-sovereign mechanism for identity validation and reuptation portability.

Identity

As DIDs are merely identifiers, they do not provide any information on the identity of the mapped subject. In practice decentralised identifiers can be coupled with verifiable credentials to support digital interactions where subjects are expected to share their credentials with third parties and prove to them the attestations and attributes required to initiate the interaction. This proof can be based on a cryptographic relationship between the subject, the DID controller, the issued credentials and the issuer. Instead of initiating ground-up KYC's every time users sign up on a new sharing platform or application, they can simply share verifiable presentations of their VCs and their DIDs to the platforms.

Reputation

The DID document that defines the authentication and validation protocol of a DID can be utilised to record the transactional scores and reviews of users on sharing platforms in a decentralised manner. Doing so would allow the users to port their hard earned reputation to other sharing platform, thereby improving trust within the sharing economy.

Canvas Framework

The foremost objective of Canvas is to enable interoperability of trust by allowing users to port their transactional reputation between different platforms. Canvas shall amalgamate decentralised identifiers, verified credentials with Zero Knowledge Proof (ZKProof) and distributed ledger technology to establish a self-sovereign identity and reputation management framework for users that transact on sharing platforms and applications. We shall provide dedicated API's and SDK's that will allow sharing platforms and applications to integrate Canvas and its elements.

Every user on the Canvas framework shall be represented by a unique on-chain decentralised identifier linked to the user's verifiable credentials. The framework shall leverage these credentials and identifiers to generate and maintain a decentralised trust score which would serve as a cumulative of the reputational indices of users on different sharing platforms.

The primary participants on the Canvas framework shall include: