Distributed infrastructure (Trustable) in a DataSpace Environment

[mohamedkhalilbeldi]

Hi All,

In the context of decentralized identity systems using Eclipse Data Connector (EDC) and identity Hub, I would like to enable participants to look up Decentralized Identifiers (DIDs) of others within a distributed infrastructure. How can I implement this distributed infrastructure within a DataSpace environment?

I’ve noticed that the MinimumViableDataspace repository utilizes an Nginx web server as part of the distributed infrastructure where DID documents are stored, right ? Does this suggest a centralized architecture, or can Nginx be used effectively within a decentralized system? Additionally, are there alternative approaches to implementing the distributed infrastructure for DID resolution without relying on centralized components such as Nginx?

As I understand, the distributed infrastructure is a crucial component of a decentralized identity system, and it must be trusted by everyone for the system to function effectively. How can I set up a trusted distributed infrastructure within my DataSpace environment that all participants can rely on? Without this trust, the core functionality of a decentralized identity system would be compromised.

Thank you for considering my discussion!

[paullatzelsperger]

No, I think you misunderstood something here. In this example dataspace we don't have a dedicated credential issuer yet. We are currently building that component according to the DCP specification. Therefore, as a temporary workaround, signing VCs is done in a semi-manual, unstandardized process. However, because participants still need to verify credentials now, they need access to the public key material that was used to sign the VCs.

In order to make the public key material accessible, NGINX hosts a DID document that contains key material that was used for signing the credentials. So in a way, NGINX only hosts the issuer's DID doc.

To be clear though: every participant indeed hosts their DID document individually. That is the purpose of decentralized identifiers. For that, each IdentityHub has a dedicated web endpoint that serves DID documents as per DID:web specification.

Side note: naturally, other DID methods are possible as well, but you will need to implement and register a custom DidResolver for that.

[mohamedkhalilbeldi]

Thank you for the clarification—I understand it much better now!