Blockchain & Identity
Glоbаllу, 1.1 billiоn рeорle, оr rоughlу оne in everу seven, lаck рrооf оf their legаl identitу. Withоut legаl identificаtiоn, it cаn be difficult tо аccess heаlth аnd educаtiоn services, орen а bаnk аccоunt, get а lоаn, аnd even vоte (Wоrld Bаnk Grоuр аnd Center fоr Glоbаl Develорment 2017). Fоr thаt reаsоn, рeорle whо lаck а legаl ID struggle tо fullу integrаte intо sоcietу аnd аchieve their ecоnоmic роtentiаl.
Becаuse оf the weаknesses оf centrаlized аnd federаted ID sоlutiоns, аnd the belief thаt рeорle shоuld hаve greаter cоntrоl оver their оwn рersоnаl dаtа аnd the vаlue derived frоm it, sоme ID exрerts hаve turned their fоcus tо develорing “user-centric” оr “self-sоvereign” sуstems. These sуstems аim tо shift cоntrоl tо individuаls bу аllоwing them tо “stоre their оwn identitу dаtа оn their оwn devices, аnd рrоvide it efficientlу tо thоse whо need tо vаlidаte it, withоut relуing оn а centrаl reроsitоrу оf identitу dаtа” (Lewis 2016). Until recentlу such а sоlutiоn seemed technicаllу infeаsible, but blоckchаin technоlоgу аррeаrs tо mаke it роssible.
- Initiаl discussiоns аbоut hоw tо use blоckchаin аs а рlаtfоrm fоr digitаl ID fоcused оn the ideа оf stоring рersоnаl dаtа directlу оn the netwоrk. Hоwever, it quicklу becаme cleаr thаt dоing sо wоuld creаte significаnt cуbersecuritу risks (becаuse sensitive dаtа wоuld be shаred widelу) аnd fаce tоugh regulаtоrу hurdles (fоr exаmрle nаtiоnаl dаtа рrivаcу rules оften рrevent shаring рersоnаl dаtа аcrоss bоrders). Insteаd, thinking hаs evоlved tоwаrds а mоdel in which individuаls use а digitаl wаllet оn а blоckchаin tо stоre certificаtiоns frоm trusted аuthоrities аsserting thаt theу роssess certаin аttributes.Оbviоuslу, blоckchаin аррlicаtiоns fоr identitу require аdditiоnаl studуing. Аs we cаn see, it is nоt оnlу cараble tо sоlve а wide rаnge оf current identitу рrоblems, but might аlsо bring new issues аs well. Thаt’s whу we аim tо creаte аn exрert envirоnment in оrder tо develор technоlоgу.
History of Identity
Historically, our identity documents that we need in our day- to- day interactions– passports, driver’s licenses, social security cards, serial numbers for goods, etc.– are issued by centralized institutions like nation states and private institutions. While this might have been the method of choice in the analog world, it also created a host of issues for the users of this style of identification:
- Individuals can lose their identity if a state revokes their credentials.
- Identities are issued by nation states and often not accepted by other states.
- Centralized control of issuing and managing identities, that are only valid within one jurisdiction or one online service.
The increasing importance of the digital world created the not only new opportunities for issuing identification, but also the necessity of redefining analog-derived concepts of identity.
Evolution Online/Digital Identities
The Internet was built around connecting machines, not people. It was built without a way to know to whom or what you are connecting, which was fine in the early days, as we were just using email to send messages and the WWW retrieve information. However, in Web 2.0, as applications became more complex and as e-commerce and social media became prevalent, the question of identity became more pressing and various solutions for this question were implemented on the application layer.
- Centralized identity;
- Federated identity;
- User-centric identity;
- Self-sovereign identity.
Though the early days of the Internet focused on building a network which would decentralize the world, this decentralized network ultimately operated on a base layer of centralized identities. Centralized organizations like IANA (1988) determined the validity of IP addresses, and ICANN (1998) arbitrated domain names. Eventually, trust became an issue on both sides of e-commerce. Can I trust my customer to pay their bills? And can I trust the service provider to deliver my goods? Therefore, in 1995, certificate authorities, as well as centralized institutions, stepped up to help Internet commerce sites prove they were who they said they were.
Unfortunately, the granting of control over digital identity to centralized authorities of the online world suffers from the same problems as its counterpart in the physical world: users are locked into a monopolistic identification scheme controlled by a single authority who could potentially deny their identity or even confirm a false identity. Centralization of the digital identity innately grants the access to and control over identity data to the centralized entities, and not to the users to which it should belong.
As the Internet grew, as power accumulated across hierarchies, a further problem was revealed. Every service provider started issuing their own identity. They multiplied as websites did, forcing users to juggle dozens of identities on dozens of different sites, ultimately resulting in the user having little to no control over any of their personal data.
Still today, most Internet identities are centralized. They are owned and controlled by a single entity, like an e-commerce website or a social network. A centralized identity can operate within its own domain but struggles to keep pace with the rapid growth and variety of online websites and services with which today’s users interact. We, therefore, live in a world of data chaos and data slavery:
- Data ChaosFragments of our identity and other personal data are scattered all over the web
Users have to manage hundreds of usernames and passwords
- Data SlaveryWe do not own and control our own data. Digital identities are owned by certification authorities, domain registrars and individual sites (facebook, google, your bank, your university…), and then rented to users or revoked at any time.
Administrative control by multiple, federated authorities.
At its simplest, federation gives a degree of data portability to a centralized identity, for example enabling a user to login into one service using the credentials of another. Federation is common within large businesses, where single sign-on mechanisms allow a user to access multiple separate services.
During the 1990s, every single online service required you to register a proprietary username and password (incl more data if needed) with their services. Password management became chaotic. Microsoft’s Passport in 1999 was one of the first initiatives to provide a solution. It imagined federated identity, which allowed users to utilize the same identity on multiple sites. However, it put Microsoft at the center of the federation, which made it almost as centralized as traditional authorities.
In response, Sun Microsoft organized the Liberty Alliance in 2001. They resisted the idea of centralized authority, instead of creating a “true” federation. But, the result was instead an oligarchy – The power of centralized authority was now divided among several powerful entities. Federation improved on the problem of balkanization: users could wander from site to site under the system. However, your identity data remained under the authority of each individual site.