Trust and Internet Identity Meeting Europe
5-6 Feb 2018: Workshops and Tutorials
7-8 Feb 2018: Unconference

TIIME 2017: Session 11 Blockchain and Identity

(Steve Olshansky)

Is there enough foundation in the identity ecosystem? Blockstack/OneName (company) for instance already uses Block chains for this.

What do you thing about in the context of identity? Is there value there to investigate further?

Pro/Cons of people using this kind of technology?

Blockchains are self-retaining systems. What do you want to deploy in the blockchain?

Particularly the financial industry spends much money and resources on research-projects. They do not want to get left behind. Many people are actually researching block chain and finding useful use-cases.

There are some privacy-issues in digital block chain-currencies. Potential privacy-benefits in using them?

How do you see identity? For some things it might not be a privacy-issue because you want to reveal yourself.

Some services only need to know what kind of association you are in but not your name, but there is also the other "extreme".

There are 4 identities we are using in our daily lives:

  • legally valid(passport)
  • Legally validated identity (banks …), they validate your passport/.. and give it back after checking
  • self-asserted (Facebook, google)
  • hidden/anonymous

Block chain is good, because it has some form of transparency build in and it is also secure.

This technology would be best suited for dealing with identity. It gives user more control over their data.

People nowadays have in about 45 accounts in Austria/Switzerland/Germany. The identity has to come to the side of the user. It enables the user to fill up the blocks and he can fill it out with attributes (or third-parties). The core challenge is to build the circle of trust. Identity must be national organized so this circles must be built in the user's nation.

So the data is organized by you (add/modify/…) and the circle of trust.

The user should always have the last chance to submit the information or restrain from it. What are the new characteristics of IM in block chains compared to other measures? Data changes quickly, it should also be persistent.

What are the new things on block-chains? We already have distributed databases. In terms of identity in the block chain you can point to previous changes.

The identity provider is an old term. Today we have identity service providers (e.g. bank). In technical means the identity provider is a machine in where you have all the needed information for logins etc.

There should be different identity providers which you should be able to choose and they should fill up your information. Think about credentials as identify containers. There should be a set of pointers in the public space which have all the information to represent the user and protected by indicators which only the "owner" of the data (user) should know so that they can decide where this information goes.

When you register with your registration authority they create a credential which they give you (username, number …). Then you agree on how you prove it is yours later. E.g. username and passwords give you access to the information.

So there are several roles: registrator and verifier.

Example: You have a certificate from an authority (registrator) and are using it in software and the software checks (e.g. online) if these information are valid (verifier).

People are trying to figure out a way to make blockchain ice-less? If blockchain is simply a distributed database, that is not new. Blockchain has the idea of generating a not contestable list of records.

What attributes are worth to store in the blockchain? Usually you want that the information comes from an authority. From a privacy perspective we tend to see attributes as contextual.

People should have one blockchain per identities (see above)

Conclusion

No definitive answer, but interesting questions. Is it worse using blockchain on identity? It depends and it needs more investigation.