feat: Updates to prism-node, bbs and verfiable data concept (#12)

Co-authored-by: Yurii Shynbuiev - IOHK <102033808+yshyn-iohk@users.noreply.github.com>
input-output-hk · Mar 1, 2023 · 87a5fde · 87a5fde
1 parent e8948e1
commit 87a5fde
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 42 deletions.
diff --git a/documentation/docs/atala-prism/prism-cloud-agent/building-blocks.md b/documentation/docs/atala-prism/prism-cloud-agent/building-blocks.md
@@ -6,25 +6,12 @@ This modular architecture also provides a great deal of flexibility and customiz
 
 A brief overview of the current building blocks of Atala Prism are outlined below.
 
-> Option 1:
-
-**Building Block**|**Definition**|**Reasoning**
+**Building Block**|**Definition**|**Code Name**
 :-----:|:-----:|:-----:
-Apollo|A suite of cryptographic primitives to ensure properties of integrity, authenticity and confidentiality of any data we store and process in a provably secure manner.|(god of truth)
-Castor|A suite of decentralised identifier (DID) operations to create, manage and resolve standards based decentralised identifiers in a user-controlled manner.|(the twin gods) 
-Pollux|A suite of credential operations to issue, manage and verify standards based verifiable credentials in a privacy preserving manner.|(the twin gods)
-Mercury|A set of secure, standards based communications protocols to establish and manage trusted, peer-to-peer connections and interactions between DIDs in a transport agnostic and interoperable manner.|(god of comms)
-> What about Iris?
-
-> Option 2:
-
-**Building Block**|**Definition**
-:-----:|:-----:
-Cryptography|A suite of cryptographic primitives to ensure properties of integrity, authenticity and confidentiality of any data we store and process in a provably secure manner.
-Dcentralised Identifiers (DID)|A suite of decentralised identifier (DID) operations to create, manage and resolve standards based decentralised identifiers in a user-controlled manner.
-Verifiable Credentials|A suite of credential operations to issue, manage and verify standards based verifiable credentials in a privacy preserving manner.
-DIDComm V2|A set of secure, standards based communications protocols to establish and manage trusted, peer-to-peer connections and interactions between DIDs in a transport agnostic and interoperable manner.
-> What about Iris?
+Cryptography|A suite of cryptographic primitives to ensure properties of integrity, authenticity, and confidentiality of any data we store and process in a provably secure manner.|Apollo
+Decentralized Identifiers (DID)|A suite of decentralized identifier (DID) operations to create, manage and resolve standards-based decentralized identifiers in a user-controlled manner.|Castor
+Verifiable Credentials|A suite of credential operations to issue, manage, and verify standards-based verifiable credentials in a privacy-preserving manner.|Pollux
+DIDComm V2|A set of secure, standards-based communications protocols to establish and manage trusted, peer-to-peer connections and interactions between DIDs in a transport-agnostic and interoperable manner.|Mercury
 
 ## Apollo - Cryptography Module
 Apollo is one of the building blocks of Atala Prism, and it is a suite of cryptographic primitives that ensure the security of data stored and processed within the platform. Cryptographic primitives are mathematical algorithms and protocols that form the foundation for secure communication and data protection.

diff --git a/documentation/docs/atala-prism/prism-node.md b/documentation/docs/atala-prism/prism-node.md
@@ -1 +1,28 @@
-# PRISM Node
+# PRISM node
+PRISM Node acts as a second-layer node for the Cardano blockchain. It is designed to function as a verifiable data registry, providing a secure and reliable way to store and manage data.
+
+The primary purpose of PRISM Node is to provide a secure and trustworthy platform for storing and managing data on the Cardano blockchain. By leveraging the blockchain's security and decentralization, PRISM Node stores and retrieves data in a secure and tamper-proof manner. All operations are independently verified and authenticated using cryptographic signatures and other security measures, so all data is accurate and trustworthy.
+
+PRISM Node runs alongside a blockchain. The Cardano Node keeps the internal state synchronized with the underlying blockchain and indexed for efficient lookup operations. Furthermore, it implements did:PRISM method in an efficient and scalable way by publishing the transactions to the Cardano blockchain to support the PRISM Node protocol and perform the creation, update, resolution, and deactivation of DIDs.
+
+PRISM Node generates a PRISM transaction with information about DID operation and proof of work. Then, the transaction publishes to the blockchain network for verification and validation. Once the transaction gets confirmed on the blockchain, the PRISM Node updates its internal state to reflect the changes.
+
+The second-layer node also plays a critical role in resolving DIDs. PRISM Node keeps the internal state indexed, which allows retrieving information about a particular DID quickly and efficiently without requiring access to the underlying blockchain.
+
+Overall, second-layer nodes are essential for the PRISM Node protocol, providing the necessary off-chain processing and data storage capabilities to make DIDs scalable and efficient.
+
+At its core, PRISM depends on protocols defining how to manage Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs).
+The PRISM node is the main component that implements these protocols. First, we should explain how the protocol works to understand what the node does.
+
+- Any user can run a PRISM node to self-validate information or rely on a set of actors that run nodes on his behalf. The level of delegation of trust is a decision made by each user.
+- Any user willing to create a DID can do so without any need to interact with any PRISM node. Creating a DID can be optionally announced publicly by publishing a creation operation on-chain. The action of posting an operation on-chain does require interaction with a PRISM node.
+- Users can update the DID documents associated with their DIDs. To do this, they must publish respective update operations on-chain by interacting with a PRISM node.
+- Deactivating a DID can be performed along the same lines as an update but publishing a deactivation operation.
+- PRISM nodes read the operations published on-chain (by possibly other nodes) and internally maintain the map of DIDs to the history of changes of their associated DID documents.
+- Clients can query any PRISM node and obtain a DID's historical change log information.
+- DID resolvers can take the output of PRISM nodes and construct the current DID document associated with a DID.
+- An additional consideration is that operations can be posted on-chain in blocks, helping on the scalability side and general reduction of fees.
+- 
+In short, users can create, update and deactivate DIDs by posting respective actions on-chain. The operation of creating a DID can optionally not be published on-chain. Based on the operations posted on-chain, nodes can construct the DID Documents associated with a given DID.
+
+Additionally, the node provides an interface to track the status of operations submitted to the node.
diff --git a/documentation/docs/concepts/verifiable-data.md b/documentation/docs/concepts/verifiable-data.md
@@ -1,31 +1,15 @@
 # Verifiable data
 
-Digital identity brings several flavors of authentication to the table. Verifiable credentials (VCs) are the most commonly referenced methodology, but there is a concept of verifiable data, which may leverage VCs or DIDs, but it is different.
+Verifiable data plays a crucial role in the emerging field of self-sovereign identity and verifiable credentials. In this context, verifiable data refers to data anyone can verify without a centralized authority or intermediary.
 
+Self-sovereign identity (SSI) is a concept that empowers individuals to take control of their own digital identities, which includes managing their data and controlling with whom it's shared. Verifiable credentials are a crucial component of SSI, as they allow individuals to share specific data about themselves (such as their name, date of birth, or educational qualifications) with others in a secure and trustworthy way.
 
-## Verifiable Credentials
+Creating verifiable credentials uses blockchain technology, cryptography, and standardized data formats. They consist of claims describing a particular aspect of an individual's identity or qualifications, along with cryptographic proofs that allow authentication of the claims. These proofs get created using public key cryptography, which enables anyone to verify that the data in the credential hasn't been tampered with or altered.
 
-VCs are claims made about a subject. A subject is typically the holder of the credential. Credentials can be anything. A few examples are below:
+Verifiable data in SSI and verifiable credentials have several significant benefits.
 
+First, it gives individuals greater control over their data and how it's shared. It can help reduce the risk of identity theft and fraud and make it easier for individuals to manage their identities across multiple contexts and services.
 
-| Issues and makes a claim       | That the subject                            |
-| ------------------------------ | ------------------------------------------- |
-| Government                     | is a citizen                                |
-| Insurance company              | is insured                                  |
-| Streaming service              | has an account                              |
-| Programming reputation website | subject has an account                      |
-|                                | and is proficient in a programming language |
-| Medical board                  | can practice medicine                       |
-| University                     | graduated with a specific degree            |
+Second, verifiable data provides higher trust and security in online interactions. By allowing anyone to verify the authenticity of data, it's possible to establish trust and confidence in online transactions without needing a centralized authority or intermediary. As a result, it has important implications for various industries, from healthcare and finance to education and e-commerce.
 
-These claims are all verifiable by having the holder present the credentials to a verifier. Depending on the level of certainty required will determine how the credential is verified. Generally, if the issuing DID is trusted (via a governance framework and trust registry), there is assurance that the claims made by that issuer are valid. 
-
-
-
-## Verifiable Data
-
-Authenticating a credential is a crucial function of an ecosystem, like validating the source material for a shirt. But what about where that material went from the source? What ports did it stop at, for how long, who handled it, etc.? This functionality is possible if an ecosystem is utilizing digital identity. Third-party auditors, insurers, etc., would also be able to verify the authenticity of the data. In supply-chain ecosystems, this data would be invaluable.
-
-
-
-> Figure 1.1 Image showing shirt being sourced and moving through ecosystem
+Verifiable data is critical to the emerging field of digital identity. Verifiable data will change how we manage and share our identities online by enabling individuals to take control of their data and providing a higher level of trust and security in online interactions.