Skip to main content

Why bother with the blockchain for identity?

As my former colleague Salome Parulava rather succinctly described last year, we must distinguish between two different areas of overlap between 

First, “Identity for Blockchain”, assumes that if blockchain platforms… gain adoption that is at least 10% as widespread as the industry’s attention to them today, there will be a need for a robust and reliable identity layer to manage KYC, AML, authentication and authorisation processes for shared ledger applications.

From “Identity for Blockchain” vs “Blockchain for identity”. What’s in it for Airbnb? | Consult Hyperion

xxx

xxx

Second approach could be called “Blockchain for Identity” and it formulates a separate self-sustained class of use cases. It assumes that blockchain technology can enable solutions to known identity problems

From “Identity for Blockchain” vs “Blockchain for identity”. What’s in it for Airbnb? | Consult Hyperion

It’s this latter category that interests me at the moment. As Sally pointed out last year, there are some specific problems to do with interoperability and discoverability that might be approached in a different way. Let’s to pause to clarify a couple of definitions. First, I want to distinguish between attributes (such as IS_OVER_18) and credentials (such as dave.birch!Barclays#IS_OVER_18).

Oh wait. As you can see here, I’ve invented a new shorthand. So the attributes are facts about me (the first party) that you (the second party) want to know. Credentials are attributes about me that are not useful to you unless they are attested to by a third party and they can be presented by the first party for verification by the second party. So you, the pub, want to see an IS_OVER_18 credential and I present you with an identity dave.birch!Barclays (that’s a public key of mine signed by Barclays private key) and you can check that identity, see that it includes the IS_OVER_18 attribute and then (assuming that the identity hasn’t expired ) you can serve me a drink. In the case of some other credentials (IS_A_UK_RESIDENT) you might want to ping Barclays to make sure that the identity has been cancelled (because I’ve moved out of the UK). So you get the general idea.

Note one particularly interesting aspect of this architecture. In the example I used, my identity was dave.birch!Barclays but it could just as easily have been mr.x!Barclays and that wouldn’t make any different whether you serve me a drink or not. As I have written here approximately monthly for a decade or so, we need to make our transactional space one where attributes, not identities, are transaction enablers.

My good friends at Meeco along with a group of people I take very seriously in this space have just published their report “The Rise of the Attribute Economy 2.0” that explores and examines this kind of thinking.

Now, suppose all of the banks issue these credentials to their customers. This would be immensely useful for several reasons. 

 

I could store the CRUD on my phone or on my laptop. But then I might lose it. So instead, let’s assume that the banks get together a create a shared ledger to hold all of their CRUD in one place. Now, when I want to open a new bank account or start internet dating or put a monkey on Man City half way through a game courtesy of noted actor Ray Winstone, all I have to do is point to a relevant piece of CRUD. Now the pointers to the CRUD will easily fit on my phone so no problem - I can download them from my bank whenever I get a new phone, it’s no big deal -

Let’s try a worked example. I want to start internet dating. I go to Ashley Match and click to open an account. Ashley Match Asks for a virtual identity. I choose Mr X at Barclays, an identity that contains only two facts about me: that I’m over 18 and I am resident in the UK. The fact that the credentials are attested to by Barclays also tells Ashley match that Barclays know who I am, which as I have mentioned before, means that I cannot misbehave behind my pseudonym. Ashley match now go to the chain and look for this identity. They find the Mr X creation records and look along the ledger to see if that identity has been updated or deleted (they don’t care if it’s been read by someone else). It hasn’t. But now they need to know that I am the actual owner of Mr X so to speak

Comments

Post a Comment

Popular posts from this blog

There is no excuse for not taking cards

So we went to the pub. For lunch. Seven of us. Say £20 per head. £100+ quid. Say £50 quid gross for the pub. Colleague goes to order food and drinks and pay at the bar. Apologetic barmaid comes over to explain that their “card machine” is down, so she can only accept cash. Under normal circumstances I would have simply walked out, feeling it wholly inappropriate to reward such a poorly managed establishment and, as a functioning actor in a capitalist economy, done my duty to depress their lunchtime takings. Here’s what we wanted to say: This is absurd. This is 2016 not 1916. Your card machine is down? Well, so what! Are you seriously telling me that mein host has no mobile phone number capable of registering for PingIt or PayM? That none of the staff or the pub itself have a PayPal account that I can send the money to? That neither the owners nor managers not contingency planners thought to tuck an iZettle behind the bar to use when the clunky and expensive GPRS terminal fails for o...
Post a Comment
Read more