Written by Edward Jackson, Founder at AlliedBlock.com
Since the inception of the internet, the concept of digital identity has gone through iterative changes. In the early days, centralized authorities became the issuers and authenticators of digital identities. As the internet scaled, users increasingly began juggling credentials as they engaged in multiple platforms with multiple logins. Increasingly, users began losing track of their data. This led to the next iteration of identity with federated identity managers. This stage included the advent of Microsoft Passport allowing users to utilize the same identity on many platforms. But, solutions of this breed remained centralized with identity ownership now sitting in the hands of the solutions provider. Today, we have a user centric approach to identity with new tools like Facebook Connect, OpenID, OAuth & FIDO. These solutions provide new levels of user consent and interoperability. However, they do not provide user control over their own identity. None of our current solutions provide a viable self-sovereign identity framework.
There are two major reasons for this. The first is an incentivization problem. The reality is it’s extremely valuable for an entity to own their users identities. In today’s digital world data is king. Facebook is a great example of the power of owning user identity and its associated data. The company has leveraged that data to monetize itself into an advertisement goliath. For the centralized entities that control today’s digital identity systems there isn’t a strong incentive to develop a different approach (yet). The second obstacle is technical in nature: how do you digitally prove you are who you are, at scale, without an authority involved? This is collectively known as the ‘root-of-trust’ problem.
These two core issues are the big obstacles placed in front of a true self-sovereign identity solution. The first issue we see being solved over time as privacy of data and ownership of data shines brighter and brighter on the public stage. The trend and future of users valuing their private information will become more evident as time progresses and central authorities continue to prove themselves untrustworthy in the handling of this important information. The second issue is where Blockchain gets involved. In this use case, blockchain adds to the already existing Public Key Infrastructure (PKI) methodology. PKI is the process of using key pairs to verify identity. Currently, PKI is utilized to lock-in that green padlock you see at the top of the browser screen when visiting a HTTPS domain. The way it currently functions is through a series of Certificate Authorities (CA) acting as ‘roots of trust’ in verifying domain public keys. Like any centralized process it is limited by cost and single party ownership. Blockchain feasibly brings to light the concept of a decentralized PKI and in doing so unlocks the potential for a true Self Sovereign Identity solution.
Blockchain solves the centralized ‘root of trust’ issue by enabling a decentralized trust system that no one owns but everyone can use. The system itself becomes the authority serving as a self-service registry of public keys. With each of these public keys, a Decentralized Identity (DID) can be allocated. This DID is a provable individual identifier owned solely by the identified party and fully verified by the consensus protocol of the blockchain. This allows users to verify their identity through digital signature just like any transaction on the blockchain. With this methodology, there is a solution for verifying claims just as you would in a physical interaction but instead of using your government issued ID you use your digital signature against your blockchain verified DID. Congratulations, you’ve now become the actual owner of your digital identity.
There’s some important benefits associated with this solution that revolve around privacy that will become more and more relevant as users start to demand ownership and protection of their data. The first unlocked concept is pseudonymous identifiers. This simply means you can create DIDs for specific purposes as a user. For example, lets say you’re opening an account with an online merchant, instead of providing your name, birthday, and credit card etc you provide them with your DID instead. This DID is created just for them and allows the merchant to contact you about orders or charges as needed. The massive impact here is that if this merchant’s data was stolen in a breach and your DID was compromised all you’d need to do is cancel it and create a new one. Since the compromised DID was only an identifier used for this one merchant and no sensitive data was stored on the merchants servers there would be no harm in its loss. The implication here is that these DIDs wouldn’t even be worth stealing. Compare that with the world of daily data breaches and stolen identities we live in today. Additionally, with this concept, there is no compromising data living permanently on the ledger. The ledger only houses your ID or more accurately your multiple DIDs for various purposes. Lastly, this methodology opens up the concept of zero knowledge proofs against your identity. Meaning you can prove who you are without revealing your actual identifiable information. For example, instead of sending your birthday to an entity looking to verify you’re over 21 you can send a proof that you’re above the threshold and reveal nothing about your actual age or date of birth. These are all powerful privacy tools unlocked by the Decentralized PKI solution blockchain empowers.
Protocols like Sovrin and its associated public off-shoot Hyperledger Indy along with Ethereum repositories like Uport are already engaged in building these solutions on blockchain. As the solutions mature, it’ll be a focus on user adoption and once the value of these types of solutions align with the the trends we’re seeing in user data privacy today we’ll inevitably see a growth in adoption. That adoption has the real potential to change the very face of how we interact online.
AlliedBlock is a global blockchain research and development firm that is focused on delivering tailored blockchain development solutions. Contact us to learn more about how we can help you tailor a blockchain solution for your business (www.alliedblock.com).
Sources:
https://sovrin.org/
https://www.uport.me/