Energy Web Documentation
  • Energy Web Ecosystem
  • Launchpad by Energy Web
  • EWC Validator Documentation
  • Community Ressources
  • Legacy documentation
  • Welcome to Energy Web
  • Glossary
  • Solutions 2023
    • ↔️Data Exchange
      • Data Exchange Overview
      • Data Exchange Architecture
      • Use Cases and Refrence Implementations
        • Digital Spine for Electricity Markets
          • Digital Spine Integration Client Deployment Guide - from Azure marketplace
        • E-Mobility Management
    • 🔌Open Charging Network
      • Create and Manage an OCN Identity
      • Connect an OCPI/OCN Party to a Node
        • 1. Make your backend service OCN-ready
        • 2. Select an OCN Node and register in OCN Registry
        • 3. Manage your Whitelist and Blacklist
        • 4. Connect your service to an OCN Node
      • Run an OCN Node
      • Use the OCN Service Interface
        • Offer an OCN Service
        • Sign up for an OCN Service
      • Develop on the Test Network
      • Develop on the Production Network
      • Open Source Development
        • Maturity Model, Feature Roadmap and Releases
        • Developer Community Calls
      • E-Mobility Dashboard v0.1
  • EW-DOS Technology Components 2023
    • EW-DOS Overview
    • Worker Nodes
      • Worker Node Process Diagrams
      • Worker Node Architecture
      • Worker Node Guides
        • Deploy Worker Nodes
        • Customize Worker Logic
    • Identity and Access Management (IAM)
      • IAM Guides
        • Implement an SSI Hub instance
        • Verifiable Credential API
        • Sign-In with Ethereum
        • Using Switchboard
          • Switchboard Transaction Cost Estimates
      • IAM Patterns
        • Assets as Ownable Smart Contracts
        • Credential Lifecycle
        • Credential Metadata
        • SSI Credential Governance using ENS Domains
      • IAM Libraries
      • SSI Hub
      • Switchboard Application
    • Decentralized Data Hub (DDHub)
      • DDHub Message Broker
      • DDHub Client Gateway
      • DDHub Patterns
        • Channels and Topics
      • DDHub Guides
    • Green Proofs Contracts
    • Energy Web X
    • The Energy Web Chain
      • EWC Overview
      • System Architecture
        • Proof-of-Authority Consensus Mechanism
        • System Contracts
          • Name Registry
          • Holding Contract
          • Block Reward Contract
          • Validator-Set Contracts
        • Validator Node Architecture
      • Energy Web Block Explorer
      • Validator Node Installation Specifications
        • Volta Test Network: Validator Node Installation
      • Energy Web Chain Governance
      • EWC Guides and Tutorials
        • Getting started with Energy Web Chain
        • Developing on the Volta Test Network and Main Network (Energy Web Chain)
        • Run a Local RPC Node
          • Run RPC Node using Nethermind client
        • Deploy a Smart Contract on Volta with Remix
        • Interacting with Smart Contracts in EW-DOS
        • Set up MetaMask to interact with Energy Web Chain
        • Using the Ethereum Name Service
        • Using Oracles
      • Energy Web Token (EWT)
  • 🧠Foundational Concepts
    • Open-Source Software
    • Scaling Access to Grid Flexibility
    • Facilitating Clean Energy Purchases
    • Ethereum
      • Transactions and Transaction Costs
    • Self-Sovereign-Identity
      • Self-Sovereign Use Case Interaction
    • Cryptocurrency Wallets
      • Software cryptocurrency wallets
        • Metamask
        • Mycrypto wallet
      • Hardware cryptocurrency wallets
      • Hierarchical Deterministic (HD) Wallets
Powered by GitBook
On this page
  • Governance
  • Governance Frameworks
  • Energy Web IAM Governance Framework
  • Role-based Hierarchies
  • Verifiable Credentials
  • IAM Stack Governance Components
  • Additional Resources
Export as PDF
  1. EW-DOS Technology Components 2023
  2. Identity and Access Management (IAM)
  3. IAM Patterns

SSI Credential Governance using ENS Domains

Governance frameworks in the IAM stack

PreviousCredential MetadataNextIAM Libraries

Last updated 2 years ago

Governance

Governance provides the rules and procedures to establish behavior, expectations and trust within an environment. While governance is a critical component of any multi-party network, it is especially critical in decentralized environments, where there is no central authority to define and orchestrate governance mechanisms over every component of the ecosystem.

As an example, consider an application built on top of the . Each application must ensure that:

  • Components are in compliance with existing digital frameworks that their application depends on (e.g. , peer-to-peer protocols or )

  • The application has a governance framework that is robust enough to garner stakeholder trust and compliant participation within the application itself (i.e. defining and enforcing who is allowed to do what within the application)

Governance Frameworks

Governance in a network is established through a governance framework (also referred to as a trust framework). The framework provides concrete policies, rules and expectations for the stakeholders within the network.

Energy Web IAM Governance Framework

Energy Web’s IAM governance relies on two systems: and . Used together, these components provide a governance framework for users to interact with the digital infrastructure, and with other users in a secure and self-sovereign manner.

Role credentials are associated with a user’s , which is anchored on the Energy Web Chain in the . This means that a user’s roles and credentials are not siloed within any one application; because a user can use their DID to register with any application built on top of the Energy Web Chain, their roles and credentials are portable.

Role-based Hierarchies

In the Energy Web IAM ecoystem, role-based hierarchies are defined by organizations, applications, and designated roles within them. The tech stack leverages to define and namespace relational hierarchies within a system. We decided to deploy our own copy of ENS on the Energy Web Chain as it provides a standard set of widely-used, well-tested smart contracts. Read more about the ENS smart contracts deployed on the Energy Web Chain .

The namespace hierarchy is built on four levels:

  1. Organization: a top-level organizing body

  2. Sub-organization(s)

  3. Application: a distinct service or functionality provided by an organization or sub-organization

  4. Role: a distinct functionality within an application or within an organization

Role-definition properties

When roles are created within an organization or an application, the creator can define conditions or criteria that restrict who is qualified to take on the role. The role creator can also determine which users (by DID or role) are authorized to issue or revoke a role.

Below is a resolved role definition for a role of "install lead". Note that it contains an enrollment precondition that the subject already has the role (credential) of 'project installer'. The role definition also specifies an expiration date, and asserts that only users that have the role of 'install manager' can issue or revoke this role.

{   
    roleName: "installlead",
    defaultValidityPeriod: 31536000000,
    enrolmentPreconditions: [{
        conditions: ['projectinstaller.roles.testdidproject.apps.suborgs.whitney.iam.ewc'],
        type: role 
    }],
    issuer: {
        issuerType: "ROLE",
        rolename: "installmanager.roles.suborgs.whitney.iam.ewc"
    },
    revoker: {
        issuerType: "ROLE",
        rolename: "installmanager.roles.suborgs.whitney.iam.ewc"
    },
    
    roleType: "org",
    version: 1,
    issuerFields: [],
    requestorFields: []
}

Verifiable Credentials

IAM Stack Governance Components

Additional Resources

Verifiable Credentials enable users and their assets to take on (that is, within an organization, a sub-organization or an application within a hierarchy, as discussed ).

See more extensive documentation on credentials in the IAM stack .

Switchboard provides the user interface for creating and defining these hierarchies. See the Switchboard guide on Governance and role creation .

The supporting provide the functionality for persisting and resolving namespaced domains Namespace domains that are registered and managed in the . Read more about the role of Ethereum Name Space in Energy Web Digital Infrastructure .

These libraries also support governance by providing credential verification mechanisms. This is discussed further in the .

here
Credential documentation
"Unlocking the Potential of Self-Sovereign Identity for Enterprise with Energy Web Switchboard" on Medium
"How Switchboard Tackles the Challenge of Enterprise Identity Management" on
Medium
"Ethereum Name Service (ENS) is now available for the Energy Web" on Medium
roles within a system
above
Energy Web Chain
cryptocurrency wallets
smart contracts
Energy Web’s Ethereum Name Service
here
role-based hierarchies
verifiable credentials
Energy Web Ethereum Namespace smart contracts
here
Decentralized Identifier (DID)
DID registry
IAM libraries
Energy Web IAM Namespace Hierarchy
here