Voice of the Industry

Blockchain – the next stop for storing the digital identity?

Tuesday 24 July 2018 13:34 CET | Voice of the industry

The way consumers control their own identity is top-of-mind for everyone in the field, and blockchain might become an enabling technology in the rapidly changing world of digital identity

Whether you want to benefit from health services, apply for a mortgage, or just access your Facebook account, identity is central to nearly every interaction. An individual’s identity is a collection of attributes including, but not limited to, name, age, financial history, work history, address history and social history. A digital identity is “the digital representation of attributes that are used to identify a natural (individual) or legal (company) person.”

The evolution of digital identity

Over the last three decades the concept of digital identity has evolved immensely, and self-sovereign identities are seen as the next step in the evolution of identity. Let’s see some of the most important milestones it has passed:

Centralised – owned and controlled by a single entity/website;

Federated - related to federated identity are the Single sign-on (SSO) systems that allow a single user authentication process across multiple IT systems or even organizations;

User-Centric – a system which puts the user in control of their own data, the accumulation of that data, and its release to third parties;

Self-Sovereign - an identity which the identity owner (an individual or organisation) owns and controls.

Peer Mountain’s CEO, Jed Grant agrees that self-sovereign identity goes beyond simply providing users with ownership and control over their cryptographically secure identities, but it offers an end-to-end application ecosystem designed to facilitate the commerce and exchange of digital and physical services. It facilitates trust and the secure sharing of information with multiple independent parties across broad networks while preserving traceability and compliance at every end of the transference of data.

Among the principles that apply to self-sovereign identity, Christopher Allen, co-author of Life With Alacrity, a blog on social software, collaboration, trust, security, privacy, and internet tools mentions: existence - users must have an independent existence; control - users must control their identities; access - users must have access to their own data; persistence - identities should last forever, or at least for as long as the user wishes; portability - identities must not be held by a singular third-party entity, even if it’s a trusted entity that is expected to work in the best interest of the user; interoperability - identities should be as widely usable as possible as they are of little value if they only work in limited niches; minimalization - disclosure of claims must be minimized. When data is disclosed, that disclosure should involve the minimum amount of data necessary to accomplish the task at hand. Other dominating principals should be consent, transparency, and protection.

Give users control and ownership of their identity attributes with blockchain

Some experts in digital identity and safeguarding personal information such as Chris Skinner, Phil Windley believe blockchain could be a solution to storing and sharing personally identifiable information (PII) without exposing consumers to data breaches, identity theft, etc.

According to Chris Skinner, the key features of blockchain that make it applicable to storing digital identities are: immutability (once you record one’s identity on the blockchain, it can never be changed, boosting trust among its users), decentralization (as a result, it’s much harder to hack an identity on this type of system), and the possibility of creating a self-sovereign identity ecosystem (when you present your identity, you actually share an encrypted version that only communicates the part of your identity that needs to be accessed at that time).

Another advantage blockchain brings is the fact that it is unalterable. By design, a blockchain is inherently resistant to modification of the data. It is typically managed by a peer-to-peer network collectively adhering to a protocol for inter-node communication and validating new blocks. Once recorded, the data in any given block cannot be altered retroactively without the alteration of all subsequent blocks, which requires collusion of the network majority.

Some digital identity initiatives based on blockchain tech (and not only)

Currently, the blockchain and distributed ledger technologies, are being tested in several use cases. Let’s explore some of these initiatives related to identity management.

The ID2020 initiative is a global public-private partnership dedicated to solving the challenges of identity faced by more than 1.1 billion people around the world. In June 2017, Accenture and Microsoft unveiled a blockchain-based digital identity prototype, which combined not only blockchain, but also biometric data to create permanent identity records, that would enable refuges or migrant workers access a wide range of services, including education, healthcare, voting, banking, mobile communications, housing, and family and childcare benefits.

In March 2017, IBM and SecureKey started working together on creating a new digital identity and attribute sharing network based on IBM Blockchain for Canadian residents. The network was designed to make it easier for consumers to verify they are who they say they are, in a privacy-enhanced, security-rich and efficient way.

Another initiative in this space is the birth registration pilot conducted by the Illinois Blockchain Initiative and self-sovereign identity startup Evernym, using the Sovrin Foundation’s distributed identity ledger. In the proposed framework, government agencies would verify birth registration information and then cryptographically sign identity attributes such as legal name, date of birth, sex or blood type, by creating what are called “verifiable claims” or attributes.

In November 2017, the team behind Uport, a self-sovereign identity and user-centric data platform based on Ethereum, launched a mobile app, to enable Zug citizens register their IDs on the blockchain to access government eServices like online voting and proof of residency.

All these digital identity initiatives based on blockchain tech are really promising, however, storing your ID on the blockchain, or shifting the concept of digital identity to self-sovereign identity, is more difficult than it shows, as Chris Skinner noted on his blog: “Digital identity is a complex area. First, it is focused upon shared ledgers and blockchain, not just blockchain; second, it needs to have some permission basis; third, we need to have a structure agreed for who is providing permissions; and fourth, it is a structural challenge for industry and government, rather than a technology challenge”.

About Mirela Ciobanu

Mirela Ciobanu is Senior Editor at The Paypers and has been actively involved in covering digital payments - related topics, especially in the cryptocurrency, online security and fraud prevention space. She is passionate about finding the latest news on data breaches, machine learning, digital identity, and blockchain and she is an active advocate of the need to keep our online data/presence protected. Mirela has a bachelor’s degree in English language and holds a Master’s degree in Marketing.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: blockchain, digital identity, federated identity, self sovereign identity, consent, data protection, ID2020, SecureKey, IBM, Chris Skinner
Countries: World