We have the right to control our identity online. We are being exploited by the big players on the internet. In feodal times, the lords were at least providing security. Blockchain technology enables us to establish and own identities.
Self sovereing means that it’s under your individual control. It’s also inalienable, meaning it can’t be separated from your. No one can steal it, and since it’s not assigned by a central authority, no authority can take it away.
Identifiers are what we use to participate in large centralized systems (e.g. social security numbers, employee ID, username and password).
Our identities are the whole of us – they are something we show others progressively. Identify is not simply endowed at birth, it is endowed by birth.
Five problems with identifiers :
- The need for an overarching identifier (e.g. a birth certificate) : the world bank estimates that 1.5 billion people lack proof of their own existance. It can cause real human suffering in the world
- Government identifiers are system centric, system-controlled and vulnerable to cancellation, forgery or theft
- All the personal data we create with each identifier is stored in someone’s else database
- This identidfier centric system is extremely user un-friendly
- Whenever a central database is hacked, we clean up the mess
Athem (largest insurance) database was breached, then it was hacked again. This is not identity management.
Identity on a blockchain
We should be controlling our own identity. Bootstrapping ourselves into economic enfranchisement
Controlling who has access to our data, or making money out of it.
An identity commons :
- Must be free of any corporate or government or any third party
- Must outlive us users, so we can transfer our assets to our heirs
- Must enforce the right to be forgotten
- Must be inclusive
Verifying the truth without knowing the truth or the person behind, we talked about it in the zero proof concept
2 examples :
- You could prove to a bartender that you can drink without disclosing who you are
- You could bound the ticket to a concert to your digital identity, and if you lose it nobody would be able to use it
Blockchain identity applications
uPort uses a hexadecimal string to assign a smart contract. A proxy contract lets us sign and verify a transaction, an action or a clain. they can interact with other smart contracts on the blockchain or link to our off chain data, granting access for read or write for example for a fee.
Controller contract : separates the cryptographic keys from the proxy contract, it contains a logic for identity recovery. If the device is stolen, you can replace your private key.
Shyft : Blockchain network for AML and KYC. Regulatory compliance. Increases security and lower costs.
Dencentrlized Identity Foundation : consortium of :
- hyperledger
- R3
- Sovrin
- Accenture
- Microsoft
- IBM
This consortium dedicated to create identity commons.
- Identifiers and discovery
- Storage and computation of data
- Attestation and reputation
-> develop standards for identification
ERC725 : Ethereum request for comment, standard specifies an interface for self sovereign identity.
Christopher Allen :
Self-sovereign identity is the next step beyond user-centric identity, and that means it begins at the same place – The user must be central to the administration of identity. That requires not just the interoperability of a user’s identity across multiple locations, with the user’s consent, but also true user control of that digital identity, creating user autonomy.
10 Principles of Self-Sovereign Identity
- Existence : Users must have an independent existence
- Control : Users must control their identities.
- Access : Users must have access to their own data.
- Transparency : Systems and algorithms must be transparent
- Persistence : Identities must be long-lived. Preferably, identities should last forever, or at least for as long as the user wishes.
- Portability Information and services about identity must be transportable.
- Interoperability identities should be as widely usable as possible
- Consent Users must agree to the use of their identity
- Minimalization Disclosure of claims must be minimized
- Protection The rights of users must be protected
IBM article :
Symmetrical encryption blends a secret key and the plain text of a message in an algorithmic specific manner to hide a message. If the sender and the recipient of the message have shared the secret key, then they can encrypt and decrypt messages. A drawback to this approach is the requirement of exchanging the secret encryption key between all recipients involved before they can decrypt it.
Asymmetrical encryption, or public key cryptography, is a scheme based on two keys. It addresses the shortcomings of symmetrical encryption by using one key to encrypt and another to decrypt a message. Since malicious persons know that anyone with a secret key can decrypt a message encrypted with the same key, they are motivated to obtain access to the secret key
Public key infrastructure vs Decentralized PKI :
Managing health data on a blockchain
YouBase is a blockchain startup trying to increase the amount of data that researchers can use without disclosing personal information.
Patients could agree on sharing their data at the bytes level and be in control of what they share. Licence and donate your medical data. Patient can decide how their data can be used in the medical field.
giving patients ownership over teir data could transform how we think of disease, and how we pay for treatment.
Conclusion
The same code that identifies each bitcoin as unique and secures the vast Bitcoin network (worth more than $85 billion) against hacking, could do the same for every person. It starts with a digital ID unique to each person, secured cryptographically with a private key pair, and comprised of multiple factors or data points. The more factors, the harder the identity is to fake or hack. Such an ID enables individuals to create and manage their own “digital black box” of private data.
