Is Atala Prism Open Source? If not, will it ever be?

Was talking to some friends who were versed in the privacy and security space, and introduced them to Atala Prism. The immediate red flags they brought up was the lack of open source information and concentrated data storage. So i was wondering if there’s more information on this that could be shared that i don’t already know.

First, is Atala Prism Open Source?

Second, would someone be capable of creating multiple accounts so to speak, or separating their data so as to avoid Meta-Data leaks?

Prism member here.

We do have to make most of it open source, at least the necessary stuff to let people build products on our ecosystem, we should do so incrementally, unfortunately, I have no dates.

About multiple accounts, individuals by default get a new private DID while interacting with a new entity.

3 Likes

Thx for sharing this with us. Do you guys designing a new did method or using some already existing one such as did:peer or similar. If it is a new did method then will it be blockchain agnostic or tight coupled to some chain assuming Cardano’s?

1 Like

Right now we have our own did:prism method, as we are still refining details about the overall protocol, we haven’t tried publishing it.

While we initially built everything on top of Bitcoin, lately, we are focusing only on Cardano, while there are discussions to stay ledger-agnostic, I can’t confirm if we’ll do that in the short term.

1 Like

Thx, also will you guys implement verifiable credentials bundled with blinded link secrets? If you implement vc will it support zero knowledge proofs? Is did:prism based on some prior method(s) or written from scratch?

1 Like

There are no plans for blinded link secrets yet, also, we are delaying zero knowledge proofs on vc to the future.

As we are working on incremental changes, we will likely start with selective disclosure based on merkle trees at first.

Thx for sharing these with us. That would be nice if we could have some sight/access to the did:prism method spec even if it’s in a very early stage.

I’d be happy to do so once we have something to share.

That’s ok thx.

That merkle tree selective disclosure is interesting, but in that case where the data would be stored? In some issuer’s (e.g. IOG) server or on the chain (very unlikely and highly not recommended)?

Sorry for being to pushy, but how did doc from a DID resolution would work ? Similar to Bitcoin?

Because, you mentioned that it was initially built on top of the Bitcoin, that means, afaik, that the method specific id of the DID contains a bitcoin transaction details, and that tx’s input (UtxO is the public key) of the DID doc, and it’s resolved by some URL embedded in one of the some tx’s output as metadata.

And that metadata contains some URL or similar to a service for resolving the DID doc.
Will, it the same?

That merkle tree selective disclosure is interesting, but in that case where the data would be stored? In some issuer’s (e.g. IOG) server or on the chain (very unlikely and highly not recommended)?

Whether selective disclosure or not, the data can’t be stored on-chain due to privacy reasons, it is generally driven from a peer to another peer by sending end to end encrypted messages through a middle server.

Institutions have a specific web app where they store the data from people, as well as the credentials they issue/receive, such web app should run on the institution’s infrastructure, and they are in charge of protecting such information.

When a credential is shared to the mobile apps, the app keeps it locally, so that it can share it later with other peers/institutions.

Sorry for being to pushy, but how did doc from a DID resolution would work ? Similar to Bitcoin?

For the first stage, we’d have a separate service that allows resolving our DIDs, the goal is to eventually get our DID Method registered so that it can be resolved from the universal-resolved from DIF.

It is not really related to Bitcoin, while it was supported initially, we haven’t actively worked on that for months, and are fully focused on Cardano.

Because, you mentioned that it was initially built on top of the Bitcoin, that means, afaik, that the method specific id of the DID contains a bitcoin transaction details, and that tx’s input (UtxO is the public key) of the DID doc, and it’s resolved by some URL embedded in one of the some tx’s output as metadata.

While this is a possibility, all the data related to the Prism protocol doesn’t depend on the underlying ledger, hence, it doesn’t matter which address posted the Prism data, we just take data and process the keys that came there.

And that metadata contains some URL or similar to a service for resolving the DID doc.

There are no URLs (or service endpoints) involved, yet, those will likely be required when registering our DID method.

Yes, thx I am quite familiar /w Did specifications and following them for many years now, but I was not and still not clear how prism would work in details for users (not for Georgian gov) but User (e.g. Users center in Daedalus, that CH mentioned sometimes in some of his AMAs). I am asking cos I would not like to see some locked solution in the decentralised nature of SSI.

Anyway, what I could decipher or assume, is that IOG would have some centralised repo for containing user details, users would create some did based on some their wallet’s key, retrieving some VC (signed by IOG’s did’s - stored on chain - priv key) through some IOG’s web server and stored in the holders/prover/user wallet/app and the verifier (other user) could verify through Cardano blockchain.

But, I would like to know the nitty-gritty of Prism, cos there are some use-cases which would be very helpful (did based contacts of ADA users as an example i.e. some merchant-user (even user-user) relationship that could generate some automatic payment code based on some private pairwise DID.

I would (I can eve say we the community who understand SSI) not like see that IOG would create on its own DID ecosystem, despite there is a tremendous of effort and work has done in the last 5 years in SSI community. Like hyperledger (I know IOG is member) indy -aires -usra etc, evernym, sovrin, DIF etc., with some huge companies like Microsoft, IBM etc., wit a lot of good stuff like VC, DID Auth, DKMS/DKMI and DID).

So, I am not sure what IOG are trying to achieve, as these companies (with hundreds of developers coding for years in SSI) are far-far beyond of IOG’s Prism I think, so I do not know where to place the Prism.

Yep, makes sense, and looking forward for the DID method spec.