Aries mobile agent

The key components in any SSI are a mobile agent (data wallet), a mediator and a plugin called MyData integration component that connects it to MyData Operator services and agreement handling.

An agent is a software representative of a data subject (e.g. an individual) that controls access to a data wallet and other storage, can live in different locations on a network (cloud vs. local), and can facilitate or perform messaging or interactions with other subjects.

A user agent provides individuals or organisations with a software component, that can act on their behalf and interact with others. An individual is provided with a mobile agent and an organisation with a cloud agent. Agent-to-agent communication is performed using interoperable DIDComm protocols: for example, issuing data based on schema, exchanging data with consent metadata etc.A major advantage of an agent is its portability and its in the total control of the data subject (e.g. the individual).

An aries mobile agent resides within the indvidual's mobile device and is as per RFC004.

Data wallet

Data wallets enable entities to own their data. It facilitates portability and reusability of the data. Data wallets are digital containers for data that's required to control self-sovereign identity (SSI) and consents. Data wallets are based on Indy wallet implementation. The picture below shows the architecture for Indy based data wallet implementation.

Data wallets will reside in a location that is owned or controlled by the entity. For example, on an individual's mobile device. iGrant.io offers the capability of cloud backup in external servers or in an organisation’s server. The platform provides entities with the necessary interfaces to interact with their data wallet: for example, a mobile application or a web application. Contents of the data wallet are encrypted using a master secret and stored to a pluggable storage for e.g. an SQLite database.

Mobile SDKs

Aries Mobile Agent - Flutter (AMA-F)

This is an open source cross platform Aries mobile agent (AMA-X (Aries mobile agent - cross platform) that can easily be integrated into any user application that wishes to be a Trusted Digital Agent or TDA. The following SDKs are offered:

Agent SDKsRelease status
AMA-Swift (iOS)Release v1.0 (Expected approval from Apstore: 04-Feb-2021)
AMA-Java (Android)Release v1.0 (Exected approval from Playstore: 04-Feb-2021)
AMA-Flutter (Cross-platform)TBA

Supported protocols

Aries RFCs/Protocols

The major RFCs that are implemented by iGrant.io AMA-F is as given below. This implementation supports Aries Interoperability Profile (RFC0302).

RFC/ ProtocolSupport level in iGrant.io SSI wallet/SDK
0003-protocolsFully implemented
0004-agentsFully implemented
0005-didcommFully implemented
0008-message-id-and-threadingFully implemented
0011-decoratorsFully implemented
0015-acksFully implemented
0017-attachmentsFully implemented
0019-encryption-envelopeFully implemented
0020-message-typesFully implemented
0025-didcomm-transportsFully implemented
0031-discover-features-v1Fully implemented
0035-report-problemFully implemented
0036-issue-credentialFully implemented
0037-present-proof-v1Fully implemented
0046-mediators-and-relaysFully implemented
0047-json-LD-compatibilityFully implemented
0048-trust-ping-v1Fully implemented
0050-walletsFully implemented
0056-service-decoratorFully implemented
0094-cross-domain messagingFully implemented
0160-connection-protocolFully implemented

Additional protocols

Protocol/RFCDescription
Basic routing protocolMediator protocols used in aries-framework-dotnet implementation
MyData operator protocol v1This is to connect SSI wallets to MyData operators functions

MyData integration component

The picture below shows MyData integration component and its relationship with iGrant.io MyData Operator. The components are explained further below:

This provides organisations with MyData Operator functions such as:

  • Managing consent data models and agreements
  • Recording verifiable customer consents
  • Designing data exchange templates
  • Configuring webhooks based on different events: for e.g., customer consenting to a particular purpose or attribute, customer requesting data download etc.
  • Managing customer requests for GDPR rights

For clarity all interacting components are explained further below.

Cloud agent for an organisation

This is a server that interacts with other agents through the DIDComm protocol by receiving and responding to DIDComm messages

Administration server for an organisation

An administrative component that contains REST API(s) for organisational administrators and developers to manage and integrate SSI and MyData Operator functionalities to their existing IT systems. Some of these functions offered are:

  • Configuring MyData Operator of choice.
  • Establishing a secure communication channel to an individual by exchanging local DID(s) and associated DIDDoc(s) with each other
  • Offering data to individuals based on a schema anchored to the ledger
  • Requesting verifiable data from an individual with consent metadata
  • Recording and fetching consents from the MyData Operator
  • Sending consent requests to individuals

Mediator agent (Managed by MyData Operator or organisations)

A component that facilitates DIDComm between a cloud agent and a mobile agent without inbound capabilities. Some of the functions offered are:

  • Creating a message inbox for the mobile agent to temporarily hold the encrypted messages sent to them
  • Providing a service endpoint and routing key for the mobile agent, to be used in their DIDDoc which is exchanged, when establishing a connection with a cloud agent (for example, an organisation agent). The cloud agent will then send messages intended for the mobile agent to this service endpoint by encrypting the messages first with the mobile agent’s recipient key and then with the mediator's routing key
  • Notifying the mobile agents about new messages using push notifications
  • Forwarding the messages to the associated agent on request and removing them from the inbox on delivery acknowledgment.

Individual mobile agent

A portable mobile agent component for individuals to interact with other agents (for example, organisation agents, IOT agents etc.). Some of the functions offered are:

  • Previewing the data offered by Data Sources.
  • Storing the data to the wallet for reusability.
  • Exchanging the data by sending verifiable presentations to Data Using Services on request by agreeing to a consent data agreement.