Danube Tech

23 minute read

Digital identity and personal data, including personal agents, semantic graphs, and blockchain.

Markus Sabadello (Peacekeeper)Blockchain-Identity

DANUBE TECH is a company working on technologies in the field of digital identity and personal data, including personal agents, semantic graphs, and decentralized identity.

These emerging tools essentially place individuals at the center of their online relationships and transactions, and give us all the ability to create, manage, use, and destroy our online identities according to our own rules, and without delegating power to intermediaries.

  • A position paper on blockchain enabled identity and the road ahead—Identity Working Group of the German Blockchain Association [ϟ]

    In a SSI proof-of-concept during the first half of 2018, 3 banks, an insurance company, the Austrian Post, and an institution representing notaries has cooperated to implement a range of use cases based on DIDs, Verifiable Credentials, Sovrin, and the XDI protocol. The use cases included:

    • digital ID onboarding for existing clients,
    • SSO for new clients,
    • sharing of KYC data between organizations,
    • dynamic data verification (change-of-address),
    • secure communication (e-mail with ID confirmation),
    • change of identity service providers,
    • personal ID verification in a peer-to-peer marketplace
  • Developer Showcase Series: Markus Sabadello, Danube Tech

    I have worked on digital identity technologies for a long time, the question of who we are, how we present ourselves, and what do others know about us in the digital world. There’s this concept of user-centric identity, and more recently self-sovereign identity, which places individuals at the center of their online relationships and transactions, and gives us all the ability to create, manage, use, and destroy our online identities according to our own rules.

  • News Release: DHS S&T Awards 143K for Blockchain Interoperability Infrastructureledgerinsights.com

    “Danube Tech is building core interoperability infrastructure for issuers and verifiers,” said Anil John, SVIP Technical Director. “Interoperability between blockchains is enabled by using emerging World Wide Web Consortium standards to globally resolve and find information where it exists on a particular blockchain.”



  • RWoT#10: Why Matrix Parameters?

    This enables not only self-sovereign identifiers for applications such as DID Auth or DIDComm agents, but it also enables persistent, self-sovereign URLs for identifying any arbitrary resource on the web. In order to not interfere with that, the core DID specification must not define any special uses of the traditional syntax components path, query string, and fragment, in the same way as the HTTP(S) specification does not define special uses of path, query string, and fragment.


  • RWoT#9: DID Resolution collected diagrams

    The DID Resolution spec is a work item of the W3C Credentials Community Group (CCG) that builds on the main DID spec. A version v0.1 has recently been released as part of the CCG’s Work Item Process. The released v0.1 is still an early draft; work now continues on v0.2.

    The following is a collection of the diagrams that have been used so far to illustrate various key topics of DID Resolution.

  • RWoT#9: Rubrics for Decentralization of DID Methods Creative Brief

    The Rubrics for Decentralization of DID Methods document (the Document) will help people evaluate real or potential DID Methods. This document outlines the collaborative aspirations of the Document’s editors.

  • RWoT#9: Gently introducing DIDs to the Mastodon/ActivityPub Fediverse

    Our goal is to bring self sovereign identity concepts to the current ActivityPub fediverse as soon and as securely as possible.

    The hypothesis behind that goal is that long term stability of a federated service crucially depends on persistent trust relations across all participants (developers, admins, users) that are not distorted by the implicit hierarchical structure of a centralized reference system, such as DNS.

  • Markus Sabadello and Infominer33 on Identity Landscape (Kumu Visualization)
  • RWoT#8: Universal DID Operations

    Decentralized Identifiers (DIDs) have seen increasing adoption across a wide number of distributed ledger ecosystems and blockchains. This is in large part due to our ability to effectively communicate by resolving these DIDs. The process of obtaining a DID Document associated with a particular DID is outlined in the DID Resolution spec.

    A blockchain-agnostic implementation of the spec is hosted at the Decentralized Identity Foundation and is fully open-sourced. The Universal Resolver can be found at its website and also runs locally or remotely through an API. It currently supports DIDs on Sovrin, BTCR, uPort, Jolocom, Veres One, ERC-725, Blockstack, IPFS, and DNS via a number of community-contributed drivers built on top of the Universal Resolver.

  • Markus Sabadello and Infominer33 on Identity Landscape

    Combination of Markus Sabadello and Infominer33 githubs

    about Self Sovereign Identity and Identity Landscape.

    This may take longer time to load and longer time to response to commands such as showcasing control since there are a lot of elements and codes.


  • RWoT#6: Introduction to DID Auth

    The term DID Auth has been used in different ways and is currently not well-defined. We define DID Auth as a ceremony where an identity owner, with the help of various components such as web browsers, mobile devices, and other agents, proves to a relying party that they are in control of a DID. This means demonstrating control of the DID using the mechanism specified in the DID Document’s “authentication” object. This could take place using a number of different data formats, protocols, and flows. DID Auth includes the ability to establish mutually authenticated communication channels and to authenticate to web sites and applications. Authorization, Verifiable Credentials, and Capabilities are built on top of DID Auth and are out of scope for this document. This paper gives on overview of the scope of DID Auth, supported protocols and flows, and the use of components of the DID Documents that are relevant to authentication, as well as formats for challenges and responses.

  • RWoT#6: did:erc725 method

    Decentralized Identifiers (DIDs, see [1]) are designed to be compatible with any distributed ledger or network (called the target system). In the Ethereum community, a pattern known as ERC725 (see [2]) utilizes smart contracts for standard key management functions. We propose a new DID method that allows ERC725 identities to be treated as valid DIDs. One advantage of this DID method over others appears to be the ability to use the full flexibility of Ethereum smart contracts for key management purposes.

  • RWoT#7: DID Resolution Topics

    We know that DID Resolution is the process of obtaining the DID Document associated with a DID. Sounds simple, but what are some of the deeper questions and topics to be considered here?


  • RWoT#4: XDI Verifiable Claims and Link Contracts

    There is a high level of interest in the Rebooting-the-Web-of-Trust community and beyond in “verifiable claims”, i.e. “a cryptographically non-repudiable set of statements made by an entity about another entity” (see [1]). This work foresees that “the next generation of web applications will authorize entities to perform actions based on rich sets of credentials issued by trusted parties” (see [2]).

    XDI (eXtensible Data Interchange) is a technology for modeling, storing and sharing personal and organizational identity data. One key component of this technology is the “link contract”, i.e. a “data sharing agreement between the publisher of the data, called the authorizing authority, and a party who wants to access the data, called the requesting authority” (see [3]).

    XDI link contracts contain a policy tree which is used to decide if the permissions granted by the link contract can be invoked by a requesting authority. This policy evaluates conditions based on input elements such as the authorizing authority, requesting authority, and an incoming request message. Simple conditions of the policy could e.g. require the presentation of a valid password or signature.

  • A Universal Resolver for Self-Sovereign Identifiers

    This tool fulfills a similar purpose as Bind does in the DNS system: resolution of identifiers. However, instead of working with domain names, we work with self-sovereign identifiers that can be created and registered directly by the entities they refer to. This is important, because identifiers are the basis for any identity and communications system — without identifiers, we cannot have relationships, transactions, data sharing or messaging between entities. Historically identifiers have always been assigned to us by some kind of corporate or state authority. The Universal Resolver lets us build architectures and protocols on top of identifiers that are completely self-sovereign. There is no longer a need for a central authority to issue, maintain and revoke identifiers.

    However, just having an identifier is not enough. We need some further information in order to know how to communicate with the entity represented by the identifier. The job of a “Resolver” is to discover and retrieve this further information. At a minimum, this information includes elements such as service endpoints for communicating with the entity, as well as the cryptographic keys associated with it. The Universal Resolver performs this task to enable the basic building blocks of a self-sovereign identity world.

  • RWoT#5: First XDI Link Contract between “btcr” DID and “sov” DID

    We describe an XDI link contract established between two XDI peers, one of which is identified by a btcr DID, and one by a sov DID. We believe this is the first working example of cross-DID-method data sharing and messaging.


  • RWoT#2: XDI Graphs in IPFS

    XDI (eXtensible Data Interchange) is a technology for modeling, storing and connecting any kind of personal and organizational data. Its underlying data model is a graph consisting of nodes and directed arcs. XDI is well-suited for digital identity that is distributed and heterogeneous. Through the use of mappings and connectors, XDI can be used to model even data that is not itself natively in XDI format (e.g. a Facebook profile, a government ID, or a record in a corporate database). Traditionally, XDI assumes a network topology that involves service providers and endpoints, e.g. a connection can be established between an individual and an organization through their respective endpoints.

  • RWoT#3: JXD Examples

    JXD is a JSON-based serialization format for the XDI graph model, designed to combine the simplicity of JSON with the semantic richness of XDI.

    An XDI graph can sometimes be serialized to JXD in different ways (some more verbose, some more compact), but deserializing a JXD back to XDI always results in the same original XDI graph. Every XDI graph can be serialized to JXD, and every JXD document can be deserialized to a valid XDI graph.

    An XDI graph is built from XDI context nodes, which form a semantic tree. In JXD, an XDI context node is represented as a JSON object, with an @id JSON object key set to the XDI context node’s address.


  • RWoT#1: XDI, Blockstore, and BIP32

    XDI (eXtensible Data Interchange) is a semantic graph technology for modeling, accessing, and linking any data online. It is similar to RDF insofar as it is also based on triples describing a graph of nodes that represent resources (called “contexts” in XDI), properties that connect resources (called “relations” in XDI), and literals. Unlike RDF which uses opaque URIs (mostly HTTP) as identifiers and which constructs all semantics purely from the graph structure, XDI identifiers use an abstract syntax where semantics are established not only from graph structure, but also from the identifiers themselves. For example, in RDF an identifier for a person may be http://danubetech.com#markus, whereas in XDI, an identifier for a person would be =markus. XDI often assigns two or more identifiers to a resource, e.g. while =markus is considered a “reassignable XDI name”, a corresponding “permanent XDI number” such as =!:uuid:91f28153-f600-ae24-91f2-8153f600ae24 may also be assigned. Simply by parsing the identifiers, some limited semantics can already be extracted (“=” stands for person, “!” stands for permanent).

  • Decentralized Public Key Infrastructure

    Today’s Internet places control of online identities into the hands of third-parties. Email addresses, usernames, and website domains are borrowed or “rented” through DNS, X.509, and social networks. This results in severe usability and security challenges Internet-wide. This paper describes a possible alternate approach called decentralized public key infrastructure (DPKI), which returns control of online identities to the entities they belong to. By doing so, DPKI addresses many usability and security challenges that plague traditional public key infrastructure (PKI). DPKI has advantages at each stage of the PKI life cycle. It makes permissionless bootstrapping of online identities possible and provides for the simple creation of stronger SSL certificates. In usage, it can help “Johnny” to finally encrypt thanks to its relegation of public key management to secure decentralized datastores. Finally, it includes mechanisms to recover lost or compromised identifiers.


  • Personal Data Journal: Decentralized Architectures

    One of the most fundamental challenges for the PDE to consider will be the design and deployment of suitable underlying architectures for realizing emerging visions around the management and use of personal data. The basic organizational structures, according to which participants of an ecosystem exchange information with each other, influence many of its fundamental properties, such as privacy, security, flexibility, discovery, or the dependencies between different actors. The possible types of architectural patterns that can be implemented are highly diverse, with centralized structures on one end of the spectrum, and fully distributed systems on the other end. On the Internet, very different forms have always existed, depending on the infrastructural layer and the concrete applications and services one looks at.

  • Personal Data Journal: Understanding OAuth

    Selecting the OAuth (“Open Authorization”) protocol as the topic for the second feature article of our Personal Data Journal is a logical choice for two reasons. Firstly, the vision of establishing an ecosystem around personal data is intrinsically linked to the topics of authorization and access control. Whether we are talking about giving individuals more privacy and more control over their personal data, or whether we are exploring new economic models to be built around it, the question of who can access what under which permissions and obligations is central to achieving them.

  • Personal Data Journal: Privacy By Design

    The idea of an emerging Personal Data Ecosystem (PDE) is based on several different lines of thought. Ultimately the purpose of the PDE is to help us all make sense of the unprecedented amount of online personal data we observe today. It is about creating new business models and economic opportunities based on this personal data, which has been called a new currency, or asset. It will give individuals the means to control how this asset is used. In doing so, an awareness of the importance of privacy will develop on one hand and on the other privacy by design will become one of the key principles of the concrete solutions that ecosystem members are developing. In this article, we will offer a quick introduction to privacy and then move on to describe concrete resources and approaches to Privacy-By-Design, which is the idea of “baking in” privacy up front into the design of software architectures, rather than considering it a secondary or 3rd-party aspect of classic software engineering or deployment.

  • Personal Data Journal: Startup Technology Report

    The Internet Society thorough our Trust and Identity Initiatives have followed with great interest the work of the user-centric developers and deployers within the Identity EcoSystem. The recent work on Personal Data offers a number of interesting choices for individual users and we are pleased to support this initial survey of some of the leading solutions currently under way. It is our hope this information will encourage additional dialogue within the community and will lead to greater interoperability and better engagement with end-users.


  • A Federated Social Web for Peace

    For a global civil society to truly work, both the architectural structure and the governance mechanisms of its communication channels must be based on civil society principles itself. This paper argues that the main promise of the Federated Social Web – in addition to the obvious advantages of improved privacy, control and resistance to manipulation – will be a network structure that deep at its core resembles civil society and is therefore a powerful instrument for a more peaceful world.

  • Human Rights in the Information Society

    Much has been said about the potential threats and opportunities of modern communication technologies, and about whether they provide a liberating potential at the human level, or whether they constitute yet another mechanism for reinforcing old structures and for transferring wealth from the poor to the rich. In light of such discourses and in the best tradition of the “Golden Rule” of Human Rights, we must lay out a system of freedoms and obligations for a prosperous and just Information Society, in which we all do (not) to others what we (do not) want others to do to us.

  • ICTs for a Global Civil Society

    Having always been closely linked to the ideal of peace, the concept of civil society has a long history as a third actor besides the state and the economy. It is a nonviolent “zone of civility” that can debate and address war and other problems. In today’s interconnected world we see the emergence of a “global civil society”, which transcends national borders and attempts to solve global challenges that established political and economic structures fail to address. This global civil society is organized like a network, just like the global communication systems that produced it are also organized like a network. However, while popular social network services such as Facebook, Twitter and Youtube are often said to be powerful tools for peace and democracy, they are in fact highly centralized services operated by for-profit companies. For a global civil society to truly work, both the architectural structure and the governance mechanisms of its communication channels must themselves be based on civil society principles.

  • ICTs for a Global Culture of Peace

    The concept of culture is closely linked to that of identity. Our identity is what defines us as an individual. Identity is complex and always in transition. It can be defined by oneself, or it can be observed by others, and it exists on multiple levels. On the micro level, our personal identity includes features that are specific to us alone, such as our name, address, phone number, or our educational and professional curriculum. On a higher level, our social identity determines our role and position within a society. It includes our overall social roles and status, our friends, and our social responsibilities such as being a parent. Finally, on the macro level, our cultural identity determines cultural features that we embody within ourselves and share with others to a more or less extent.

  • ICTs for Citizen and Peace Journalism

    The profession of journalism has traditionally often been described as playing an important role for maintaining a strong civil society and therefore contributing to democracy and peace. Today, modern Information and Communication Technologies (ICTs) such as the Internet, cell phones and other “new media” have decisively contributed to the globalization process and had numerous impacts on social and political structures and the ways in which we interact with each other world-wide1. These technologies have greatly transformed the way in which information is being generated, processed, transmitted, interlinked and received. As a medium, they are cheaper, faster and more interactive than more traditional media such as radio or television. It is therefore obvious that the introduction and widespread availability of modern ICTs have also in multiple ways affected the field of journalism, a field in which the creation, handling and publishing of information lie at the very core of activities.

  • ICTs and Democratic Processes

    It is interesting to note that the very idea of establishing world peace through a global communication system is not new. With the introduction of the telegraph 200 years ago, as well as with the introduction of the communications satellite 50 years ago, there was a general sense that such technologies would overcome barriers of space and time, and therefore enable all peoples of the world to communicate with each other at a new level, which would enable the democratic solving of conflicts and therefore lead to lasting peace.

    This paper is an attempt to first quickly establish the link between democracy and peace (see section 2), to discuss the instrument of voting (see section 3), and then to touch on how democratic processes can be supported by ICTs (see section 4), as well as on how democratic processes occur within ICTs themselves (see section 5). Finally there will be some reservations and criticism (see section 6) as well as a conclusion (see section 7).

  • Scenarios: ICTs for Peace and Conflict in 2020

    This paper is an attempt to apply the Scenario Building technique to consider the role that ICTs might have for peace and conflict in the year 2020. This chosen topic is especially challenging for two reasons: First, hardly any field moves as fast as modern ICTs. The speed and unpredictability of achievements in computer technology and the Internet have again and again astonished both the general public and professional analysts. Second, when trying to make statements about the future role of technology, there is always a general tendency to emotional debate and to overstating their influence. For example, with the introduction of the telegraph 200 years ago, as well as with the introduction of the communications satellite 50 years ago, there was a general sense that such technologies would overcome barriers of space and time, and therefore enable all peoples of the world to communicate with each other at a new level, which would avoid conflicts altogether and lead to a perpetual peace.

  • Oppression and Liberation with Social Networks

    “Slacktivism” or NewTool forPolitical Change? Web-based activism platforms like Avaaz.org claim to herald a new era of global citizen empowerment for political change. Critics object that theymight do moreharm thangood. Whatare their arguments?

    In today’s “global village”, the Internet has made it possible to distribute more information to a larger number of people in less time than ever before. This development has not spared social and political movements: web-based activ-ism platforms have emerged which aim at turning large-scale public attention towards a causein order to transform it into pressure on decision makers. The impact of these communities, how-ever,is controversial: While proponents hail them as a powerful new tool of bringing about change,critics hold that they not only lack effectiveness, but may even be harmful to citizen engagement

  • Rationale and Design for the Peace Box

    This thesis offers a summary of different lines of thought on how Information and Communication Technologies (ICTs) can be used for promoting the ideal of peace, for example by helping to manage a crisis, by supporting development and education, by overcoming authoritaran regimes, or by promoting a global civil society and global culture of peace. After introducing these ideas, the concept of a „Peace Box“ is presented, which is a small computer-like device that can be set up in any home or office to provide applications and services for actively supporting the various visions of using ICTs for peace.

  • The Role of New Media for the Democratization Processes in the Arab World (Article)

    Reflections on the Role of Civil Society, Human Rights and New Media in the Transformation Processes

  • The Role of New Media for the Democratization Processes in the Arab World (Presentation)


  • Potential of ICTs for Peace

    Information and Communication Technologies (ICTs) have greatly transformed societies, cultures and economies as well as created both new opportunities and threats for humankind. The academic field of Peace and Conflict Studies with its inherent character of being based on concrete values rather than striving to always be objective on all accounts is especially suited and challenged to explore how ICTs should be judged and used when it comes to working toward an ideal – the ideal of peace.

  • Potential of ICTs for Conflict

    Following Sigmund Freud’s concept of the two forces Eros and Thanatos – a drive for creation and a drive for destruction which both live in all of us, the Internet has often been described as a neutral tool which can be used for good or evil, just like a hammer can be used to build a house or to murder a person. When the Internet became widely available in mainstream society during the 1990s, the fast spreading of this then new technology sparked strong reactions on both ends of the spectrum, ranging from utopist hopes that new levels of democracy and transparency would lead to a more peaceful and just world, to the fear that its effects on humanity would threaten political and social orders world-wide.

  • Comparing terrorist and Internet networks

    The network, stronger than the node, Can circumvent a failing part, Security and control code keep alive the network’s heart. But what if every spark goes dark, abandons network, node and core, what if they cease to light the night, because the people send no more?

On Github


XDI.org is a non-profit public trust organization whose purpose is to provide public infrastructure for digital identity, security, and privacy using the open standard XDI semantic data interchange protocol developed by the OASIS XDI Technical Committee.







XDI Cloud

XDI Server Deployed Via


Comments by Staticman and Identosphere

Leave a Comment

Your email address will not be published. Required fields are marked *