The key components in any SSI are a mobile agent (data wallet), a mediator and a plugin called MyData integration component that connects it to MyData Operator services and agreement handling.
An agent is a software representative of a data subject (e.g. an individual) that controls access to a data wallet and other storage, can live in different locations on a network (cloud vs. local), and can facilitate or perform messaging or interactions with other subjects.
A user agent provides individuals or organisations with a software component, that can act on their behalf and interact with others. An individual is provided with a mobile agent and an organisation with a cloud agent. Agent-to-agent communication is performed using interoperable DIDComm protocols: for example, issuing data based on schema, exchanging data with consent metadata etc.A major advantage of an agent is its portability and its in the total control of the data subject (e.g. the individual).
An aries mobile agent resides within the indvidual's mobile device and is as per RFC004.
Data wallets enable entities to own their data. It facilitates portability and reusability of the data. Data wallets are digital containers for data that's required to control self-sovereign identity (SSI) and consents. Data wallets are based on Indy wallet implementation. The picture below shows the architecture for Indy based data wallet implementation.
Data wallets will reside in a location that is owned or controlled by the entity. For example, on an individual's mobile device. iGrant.io offers the capability of cloud backup in external servers or in an organisation’s server. The platform provides entities with the necessary interfaces to interact with their data wallet: for example, a mobile application or a web application. Contents of the data wallet are encrypted using a master secret and stored to a pluggable storage for e.g. an SQLite database.
Aries Mobile Agent - Flutter (AMA-F)
This is an open source cross platform Aries mobile agent (AMA-X (Aries mobile agent - cross platform) that can easily be integrated into any user application that wishes to be a Trusted Digital Agent or TDA. The following SDKs are offered:
|Agent SDKs||Release (as Data Wallet)|
|AMA-Swift (iOS)||iGrant.io Data Wallet (iOS)|
|AMA-Java (Android)||iGrant.io Data Wallet (Android)|
|AMA-Flutter (Cross-platform)||Provided as SDKs|
The major RFCs that are implemented by iGrant.io AMA-F is as given below. This implementation supports Aries Interoperability Profile (RFC0302).
|RFC/ Protocol||Support level in iGrant.io SSI wallet/SDK|
|0094-cross-domain messaging||Fully implemented|
|Basic routing protocol||Mediator protocols used in aries-framework-dotnet implementation|
|MyData operator protocol v1||This is to connect SSI wallets to MyData operators functions|
MyData integration component
The picture below shows MyData integration component and its relationship with iGrant.io MyData Operator. The components are explained further below:
This provides organisations with MyData Operator functions such as:
- Managing consent data models and agreements
- Recording verifiable customer consents
- Designing data exchange templates
- Configuring webhooks based on different events: for e.g., customer consenting to a particular purpose or attribute, customer requesting data download etc.
- Managing customer requests for GDPR rights
For clarity all interacting components are explained further below.
Cloud agent for an organisation
This is a server that interacts with other agents through the DIDComm protocol by receiving and responding to DIDComm messages
Administration server for an organisation
An administrative component that contains REST API(s) for organisational administrators and developers to manage and integrate SSI and MyData Operator functionalities to their existing IT systems. Some of these functions offered are:
- Configuring MyData Operator of choice.
- Establishing a secure communication channel to an individual by exchanging local DID(s) and associated DIDDoc(s) with each other
- Offering data to individuals based on a schema anchored to the ledger
- Requesting verifiable data from an individual with consent metadata
- Recording and fetching consents from the MyData Operator
- Sending consent requests to individuals
Mediator agent (Managed by MyData Operator or organisations)
A component that facilitates DIDComm between a cloud agent and a mobile agent without inbound capabilities. Some of the functions offered are:
- Creating a message inbox for the mobile agent to temporarily hold the encrypted messages sent to them
- Providing a service endpoint and routing key for the mobile agent, to be used in their DIDDoc which is exchanged, when establishing a connection with a cloud agent (for example, an organisation agent). The cloud agent will then send messages intended for the mobile agent to this service endpoint by encrypting the messages first with the mobile agent’s recipient key and then with the mediator's routing key
- Notifying the mobile agents about new messages using push notifications
- Forwarding the messages to the associated agent on request and removing them from the inbox on delivery acknowledgment.
Individual mobile agent
A portable mobile agent component for individuals to interact with other agents (for example, organisation agents, IOT agents etc.). Some of the functions offered are:
- Previewing the data offered by Data Sources.
- Storing the data to the wallet for reusability.
- Exchanging the data by sending verifiable presentations to Data Using Services on request by agreeing to a consent data agreement.