Trusted identity

IBM Blockchain Trusted Identity: Sovrin Steward closed beta offering

Share this post:

Individuals, organizations, and things are not in control of their identity in the digital world. Everything is rooted in usernames and passwords, controlled by identity providers and third parties, creating a much-needed missing layer for identity on the Internet.

At IBM, we have been doing a lot in the decentralized identity space. We’ve done some work over the last few months and as a first step; we are looking to provide services to help establish secure, highly available decentralized identity networks.

What is self-sovereign, or multi-source identity?

Within decentralized identity, self-sovereign identity is a concept where no one but you owns or controls the flow of your identity. Although we lack this in the digital world, we have similar concepts today in the physical world. In the physical world, we have wallets; those wallets contain credentials that have been issued by known, trusted issuers — a birth certificate or driver’s license for example.

When we build relationships with banks, hospitals and other entities, we take these credentials out of our wallet and present them, based on the policy of that relationship — we are not using a username or password. Entities verify us in real time and offer a service, such as creating a bank account, applying for insurance, receiving healthcare and more. As we build more relationships, more credentials are added to our wallets to prove higher and higher levels of identity control. This concept is called multi-source identity, where we build our trust through attestations from relationships we’ve established over time. This isn’t anything new — we do this today, in the physical world.

Transform digital identity into trusted identity with blockchain

As we bridge physical world concepts to how we transact more and more in the digital world, we need to rethink how we identify ourselves. To enable this, there are many identity frameworks being established.

One of those new identity frameworks is Sovrin, a global public, permissioned identity utility for exchanging identity more securely. Sovrin establishes a trust framework for point-to-point exchanges of credentials, putting identity owners in control. Sovrin leverages blockchain as the root of trust, through a web of trust to establish secure, trusted relationships. No personally identifiable information (PII) is ever stored on the public ledger.

What IBM has been up to

In 2017 we made a commitment to decentralized identity, seeing the rightful need in putting identity owners in control of their identity. With the emergence of blockchain, new identity models surfaced, creating frameworks for how identity can be exchanged in a new digital era.

On April 2018, IBM joined the Sovrin foundation as a Sovrin Steward. Since then, other peers such as Workday and Cisco have also joined, expressing the need for solving the identity problem. IBM, along with other Sovrin Stewards, operates, performs consensus and more, for the global public identity utility that is the Sovrin network.

At Consensus 2018, we demonstrated how decentralized identity can be leveraged to transform business process workflow, such as know your customer (KYC), when verifying name, address, and, date of birth to reduce fraud and save costs for simple individual bank onboarding. Infusing decentralized identity into vertical solutions, as shown in the demo, provides additional trust in business relationships.

My team at IBM also realize how important education is in this space. As we speak with customers, a lot of our conversations start with understanding decentralized identity and how it works, where blockchain intersects and what it means to be self-sovereign. Using this feedback, we added some details to IBM Blockchain Trusted Identity™ to provide basic education.

We continue to collaborate with customers, leveraging IBM Design Thinking and are very excited in the passion we see. These sessions serve as market feedback on the product and services we need to build, specifically around:

  • Establishing decentralized identity networks
  • Participating and exchanging credentials in heterogeneous decentralized identity networks
  • Transforming business process workflow with decentralized identity, leveraging Watson AI and industry expertise through Promontory

A solution for Sovrin Stewards

IBM Blockchain Trusted Identity is pleased to announce a closed beta offering for fellow Sovrin Stewards. IBM can help simplify deployment, management and operations for stewards, and provide a highly available, secure environment.

Here is a look at the components to a Sovrin Steward — a validator node and client deployment.

Validator Node

Performs consensus and maintains public ledger

  • This is the allocated compute, network and security resources
  • Validator nodes can connect to other validator nodes
  • Validator can connect to one client at a time


Performs authenticated actions to the public ledger

  • Done by invoking validator nodes
  • Clients can connect to multiple validator nodes, but one at a time

The validator node gets deployed as part of this offering. The client deployment is simplified so Stewards can locally build and configure their client environment in their development environment of choice.

Steps to deploy a validator and client can be found in the Sovrin Steward Preparation where a lot of these processes have been automated through the Sovrin Steward Service by IBM, with security, availability, rapid provisioning and experience, top of mind.

As part of the Sovrin Trust Framework, Stewards are required to follow technical policies, which require investment in compute and administration resources. The IBM offering takes steward node, monitoring and reporting and SLA components of the trust framework into consideration and automates things like the management, deployment (and others) of Sovrin (Indy) and dependent code to offload those requirements for accepted Stewards.

Global IBM Cloud is leveraged to offer a highly available validator deployment. IBM deploys each validator node with failover capabilities, the broader network benefits as a whole, ensuring high network integrity and availability.

Getting started

If you are interested in being a Sovrin Steward, start by visiting the Stewards page:

  1. Review sections 5.2 and 7 of the Sovrin Trust Framework.
  2. All Sovrin Steward applications must be submitted to the Sovrin Foundation for approval. Visit Sovrin Steward to apply. Contact IBM or Sovrin if you have any questions.
  3. Follow the steps as part of applying. They will require submission of business and technical readiness to join.

Once approved to join by the foundation, please reach out to our experts to inquire about how you can get access to our Sovrin Steward beta.

Please also connect with me @milan3patel for anything decentralized identity.

Email an IBM Blockchain Trusted Identity expert today

Offering Manager, Blockchain Trusted Identity - IBM Industry Platform

More Trusted identity stories

The internet’s next step: The era of digital credentials

Imagine being able to rid your wallet of a driver’s license, an insurance card, a student or employee ID and more. Imagine not having to worry about losing your passport and vaccination records on a trip abroad, or about the authenticity of the designer shoes you just purchased. This and much more is possible with […]

Continue reading

Automating workplace vaccination verification — a path out of the pandemic

Workplace vaccination mandates are coming for employers. In the United States, The Department of Labor’s Occupational Safety and Health Administration (OSHA) recently released a rule on requiring all employers with 100 or more employees to ensure their workforce is fully vaccinated or require any workers who remain unvaccinated to produce a negative test result on […]

Continue reading

How to outsmart crypto thieves with blockchain-based security

Over the past several years, digital intruders have stolen millions of dollars’ worth of cryptocurrency. Some crypto exchanges have been hit multiple times; some even went bankrupt. Last year’s series of record-setting hacks seems to indicate that crypto exchanges have a long way to go when it comes to protecting their clients’ digital assets. IBM […]

Continue reading