We make it simple to build applications with all the capabilities enabled by W3C-compliant and widely interoperable self-sovereign data management. These include:
- Privacy-preserving auditing
- Robust access control and authentication capabilities
- Granular privacy and enterprise-grade security
- Next generation verifiability of business transactions and legal identities
The name Spherity is a composite of "Sphere" and "Identity"
- The ability to bridge the digital, the physical and the biological spheres
- The ability to create secure and interoperable digital identities
Blockchain-based and other decentralized technologies offer reliable interoperability, trusted transactions, proof of authenticity, and full audit trailing. Even though blockchains and DLTs are state of the art in most of today's decentralization efforts in enterprise IT, Spherity relies on the principle of "Minimal Use of Blockchain," taking a cautious approach to privacy and immutable records. We are using blockchain more as an infrastructure component.
To be more concrete, Spherity's infrastructural usage of distributed ledger technology (DLT) such as Ethereum or Hyperlegder Indy / Sovrin consists primarily of the following features:
- Storing Decentralized Identifiers (DID) documents containing key rotation information, signing keys, and service end-points for public identities (i.e., issuers of verifiable credentials)
- Registries (e.g. Enterprise or Asset Register, Revocation Registry)
- Semantic templates, schemes (can also be stored off-chain locally or publically via IPFS or schema.org)
- We tend to keep Electronic signatures or Verifiable Credentials (VCs) off-chain, all things being equal, although every use case is unique. In combination with DIDs and VCs, we establish cryptographically verifiable audit trails via identity subjects, processes or events, using whichever combination of on-chain data, off-chain storage, private DLTs, and security logging are appropriate to the use-case.
- We mostly use W3C off-chain credentials to implement audit trails to comply with regulatory requirements.
- In some use cases, it can make sense to have a VC on-chain, provided that smart contracts are to process them automatically. With today's production-grade decentralized ledger technology (DLT), this almost always leads to problems with privacy requirements.
[ Further Reading ]