Skip to main content

Virtual shared ledger made real

A few years ago, along with colleagues at Consult Hyperion, I was looking at the potential for the blockchain in the identity space.

(Put to one side what is meant by blockchain and what is meant by identity.)

One of the ideas that came out at that time was to record the create, read, update and delete (CRUD) operations on the virtual identities (personas, if you like, each containing an identifier and credentials) in a virtual shared ledger (VSL, aka the “CRUDchain") and then anchor the VSL in one or more actual shared ledgers, including one or more public blockchains.

As it turned out, no-one was much interested in this idea. Three years ago I took it to the Dutch Blockchain Innovation Conference in Amsterdam. Here are a couple of diagrams from that presentation. First here’s the CRUDchain...

And here is the idea of gathering the CRUDchain transactions and putting them on the blockchain. 

Of course, what I envisaged those CRUD transactions operating on were public key certificates rather than W3C decentralised identifiers (DIDs) but you get the general point.When you want to prove to  a web site that you are over 18, you point them to an entry the CRUDchain contains the relevant credential. This entry (whether a PKC or DID) contains a public key. The web site generates a challenge using this key: only you can answer the challenge because you are the only person with the corresponding private key. Therefore the web site can be sure that you are the holder of the credential. It all works.

Hence I was interested to note Microsoft’s Consensus 2019 announcement that they intend to implement something along these lines, as adumbrated in their October 2018 white paper on Decentralized Identity. They are creating an Identity Overlay Network (ION) using the Sidekeep protocol. This project uses IFPS to manage the CRUD entries at scale and Microsoft intend, in the short term at least, to anchor these transactions in the Bitcoin blockchain which is, as the respected cryptographer Ari Juels (a professor at Cornell and former chief scientist at RSA) said in Wired magazine, “surprising”. If the approach gains transaction, however, I’m sure they will use other shared ledgers.

As Microsoft put it in their blog post on the topic, "All nodes of the network are able to arrive at the same Decentralized Public Key Infrastructure (DPKI) state for an identifier based solely on applying deterministic protocol rules to chronologically ordered batches of operations anchored on the blockchain, which ION nodes replicate and store via IPFS”. In this architecture, you don’t use “the blockchain” to store personal information, you use it to prove the ordering of identity transactions elsewhere. If I’ve understood things correctly, they key point is this: the public blockchain is used as a verification platform, not as a transaction platform. And I think that makes sense.

What’s probably most important about the Microsoft approach is the integration with Active Directory. If anything is a step towards corporates accepting some new identity service (whether decentralised, self-sovereign or anything else) it is this integration. It’s first step, but an important step.

Comments

Post a Comment

Popular posts from this blog

There is no excuse for not taking cards

So we went to the pub. For lunch. Seven of us. Say £20 per head. £100+ quid. Say £50 quid gross for the pub. Colleague goes to order food and drinks and pay at the bar. Apologetic barmaid comes over to explain that their “card machine” is down, so she can only accept cash. Under normal circumstances I would have simply walked out, feeling it wholly inappropriate to reward such a poorly managed establishment and, as a functioning actor in a capitalist economy, done my duty to depress their lunchtime takings. Here’s what we wanted to say: This is absurd. This is 2016 not 1916. Your card machine is down? Well, so what! Are you seriously telling me that mein host has no mobile phone number capable of registering for PingIt or PayM? That none of the staff or the pub itself have a PayPal account that I can send the money to? That neither the owners nor managers not contingency planners thought to tuck an iZettle behind the bar to use when the clunky and expensive GPRS terminal fails for o...
Post a Comment
Read more

Financial Cryptography: Corda Day - a new force

Forum friend Ian Grigg, who I always take very seriously indeed on any such topic, wrote about Corda on his blog and concluded with a powerful statement. Bitcoin told the users it wanted an unstoppable currency - sure, works for a small group but not for the mass market. Ethereum told their users they need an unstoppable machine - which worked how spectacularly with the DAO? Not. What. We. Wanted. Corda is the only game in town because it's the only one that asked the users. It's that simple. From Financial Cryptography: Corda Day - a new force xxx It seems to me, however, what Ian is pointing to as the greatest strength of their approach is also the greatest weakness. A staple feature of unimaginative management consultants presentations about innovation is some variation on the statement by Henry Ford that if you had asked users what they wanted, they would have asked for faster horses coupled with some variation on the statement by Steve jobs that it was pointless ask...
Post a Comment
Read more

We could fix mobile security, you know. We don't, but we could

Earlier in the week I blogged about mobile banking security , and I said that in design terms it is best to assume that the internet is in the hands of your enemies. In case you think I was exaggerating… The thieves also provided “free” wireless connections in public places to secretly mine users’ personal information. From Gone in minutes: Chinese cybertheft gangs mine smartphones for bank card data | South China Morning Post Personally, I always use an SSL VPN when connected by wifi (even at home!) but I doubt that most people would ever go to this trouble or take the time to configure a VPN and such like. Anyway, the point is that the internet isn’t secure. And actually SMS isn’t much better, which is why it shouldn’t really be used for securing anything as important as home banking. The report also described how gangs stole mobile security codes – which banks automatically send to card holders’ registered mobile phones to verify online transactions – by using either a Trojan...
Post a Comment
Read more