Verifiable Data Registries
A verifiable data registry is a role a system plays to manage data related to the creation and verification of verifiable credentials. For example, if an organization is hiring you to drive a delivery truck they might look up your driver’s license number with the authority that issued this credential. This credential data is stored, managed, and connected to a variety of data points in a verifiable data registry managed by the authority that issued your license.
One of the benefits of verifiable credentials is that verifiable data registries are defined in the VC data model. This definition is flexible and broad enough to include a range of different verifiable data registry options such as trusted databases, distributed databases, distributed ledgers, or even blockchains. This flexibility allows verifiable credential data to be managed using custom-fit tools for specific use-cases. Let’s walk through some of the more common types of verifiable data registries.
Trusted Databases: The Classic Option
A “trusted database” is a database that uses strong security protocols and authentication. These verifiable data registries can be centrally managed, meaning that one or more organizations control how data on the registry is accessed, maintained, and distributed. However, trusted databases can also be maintained across multiple systems or even run on a cloud. A database owned and operated by the organization that issued your driver’s license, for example, is an example of a centralized, trusted database.
The trust model for verifiable credentials only requires that “All entities trust the verifiable data registry to be tamper-evident and to be a correct record of which data is controlled by which entities.” If a secure, centralized or distributed database meets those criteria then it meets the criteria for a verifiable data registry.
Ledgers: The Modern-Day Logbook
A ledger database is a verifiable transaction log that is transparent, immutable, and cryptographically verifiable. These properties give ledgers some important and valuable benefits for verifiable credentials. First, though, let’s break down exactly how a ledger database works.
In a nutshell, a ledger is a logbook. In a logbook, you don’t erase previous entries, you simply add or append a new entry. These entries become a sequence of records ordered by time. To put it another way, a logbook retains information about the past. Let’s see how this property plays out compared to a traditional database by using an example. Let’s imagine that a new pair of sneakers is being released, so I go online and order a pair in the hopes that I can flip them for a profit.
In a traditional database the retailer might have a column called “Order Status.” When the status of the order changes for an item contained in a row, they would simply alter the value in the Order Status column for that item. In a ledger, they wouldn’t alter an existing value. Instead, there would be a ledger entry for when the order was being processed and a ledger entry for when it was shipped.
Now that you understand a little more about ledgers, let’s dive into two types of ledgers that can be used as verifiable data registries: centralized and distributed ledgers
Centralized Ledgers
A centralized ledger is a centrally-managed and operated ledger. Users of these ledgers trust that the contents haven’t been tampered with by virtue of trusting the operator of the ledger. For example, Amazon QLDB is a popular centralized ledger that is owned and maintained by Amazon. Centralized ledgers have some critical qualities that make them more appropriate for enterprise-grade verifiable credentials services, which is why we offer QLDB as an option for our clients.
For example, centralized ledgers like QLDB don’t require a consensus mechanism like distributed ledgers do (more on that in a minute), which makes them faster, more efficient, and often cheaper to use as a verifiable data registry. Centralized ledgers have these benefits while retaining the core features of ledgers: immutability, transparency, and cryptographic verifiability.
Distributed Ledgers
A distributed ledger contains data that is replicated, shared, and synchronized across multiple systems or entities. You might be familiar with one kind of distributed ledger already: a blockchain. However, not all distributed ledgers are blockchains.
Distributed ledgers are useful because verifying the contents of the ledger is a group activity. In other words, when a ledger update is made, every group or person that’s working with the ledger (i.e., any entity running a “node”) adds the new transaction to their copy of the ledger. Once each copy of the ledger has the updated information, all the nodes come to a consensus on which copy is “correct.” Once a consensus has been reached, all nodes update themselves with a new and correct copy of the ledger.
While that may seem like a lot of trouble to go through to verify data in a database, this process comes with some valuable properties. For example, tampering with data in the database and trying to cover your tracks becomes very challenging. Depending on which distributed ledger technology is used, entries can be publically verified by comparing a value in a verifiable credential against the data as it appears in the ledger. This makes it easy for anyone to check to see if a credential has been altered.
Blockchains
Blockchains are a specific kind of distributed ledger. A blockchain is a ledger made up of “blocks” that are cryptographically linked together, a quality specific to blockchains. Each block contains a “cryptographic hash” of the previous block which “chains” together each block (hence, “blockchain”). For our purposes it’s important to note that blockchains and distributed ledgers have similar qualities.
Blockchains (and distributed ledgers more broadly) are useful when you want all of the qualities of a ledger and you don’t trust a centralized authority to manage the ledger. While most people think of “cryptocurrency” when they think of blockchains, logging cryptocurrency transactions are just one of a wide range of activities that can be performed on a blockchain. In other words, there are many uses of blockchains beyond logging cryptocurrency transactions, including storing information about verifiable credentials.
Ledger Use-Cases
The major downside of blockchains and distributed ledgers are their inefficiency. As described above, the consensus process is long and arduous. For specific use-cases where data must be publicly available and no decentralized authority is a requirement, a blockchain is a suitable option as a verifiable data registry.
Transmute’s Approach
At Transmute we support a variety of blockchain and non-blockchain ledger technologies. We believe that a mix of both blockchain and non-blockchain tools allows our customers to make informed decisions about how and where their data is stored. Different kinds of distributed ledger technologies come with different trade-offs, and we’d be happy to help explain which of these technologies is best suited for your business use-case.
Last updated