I was wondering, what's your opinion about using indy for enterprise blockchain. Where the members of the system are different applications, which are onboarded on the platform by a master application. These applications are then given a role of trust anchors, they can then issue credentials to their users. The users can then use the credentials to when they want to use the the rest apis exposed by these applications. Effectively removing the need for the user to login, they sort of just send the zkp in the header. Is anybody working on a project like this? does an agent like this exist which enables an application ( Basically a webserver with certain routes to be onboarded ?
Asked
Active
Viewed 84 times
1 Answers
0
You seem to be wanting to use Indy as an authentication service for the users of the application. This is a common use case of Indy, but there are simpler approaches than the formulation you describe.
The most common approach is for an organization to run an issuing service anchored to the Sovrin Network. This service issues a credential to users for each application to which they should have access. Each application would implement credential verification. The first time a user tries to use a system, they will establish a peer connection with that system and present their credential over that connection. From that point on, they are immediately authorized by refreshing that peer connection.
This approach saves the organization maintaining their own internal Indy blockchain.
Other approaches include DID Auth, and integration with OpenID Connect.
resplin
- 436
- 5
- 12