As we move towards greater use of online services, and these services increase in value, we find ourselves interacting online in ways that involve sharing sensitive data or making transactions that have the potential for significant consequences. These kinds of interactions, that previously required in-person engagement and the presentation of government-approved photo identification, need equivalent methods of engagement that provide the same level of assurance online. When we can’t present our real-world identity to the service provider, we must present our digital twin, along with proof we are, in fact, the same person.
There are a few different ways of looking at digital identity. In a government-provided, national way, our digital identity is an equivalent representation of our real-world identity, often, both being linked to a single national unique identifier. Another way of talking about our digital identity is a more holistic view, drawing together a myriad of attributes and online activity, that combined, make up our online selves.
The latter way of looking at things is often closely connected to our social media presence, and doesn’t necessarily represent a real-world identity. Subsequently, it’s not very useful offline, when it comes to genuinely valuable or sensitive services. This series will look at the digital identity that is linked to real-world attributes such as taxes, income, insurance, and banking, and see what role blockchain can play, and the problems it might solve.
What Is Blockchain?Blockchain is an incredibly interesting technology with some unique properties that lead it to being excellent in some areas, but surprisingly limited in others. There has been significant hype around the technology with tens, if not hundreds of different use cases having been presented. In some ways, the technology has become controversial due to the rush to make money from it in any and all ways possible, throwing to the side existing technologies that are more appropriate for some particular applications.
Blockchain is a type of database. Its strengths lie in it being excellent at preventing records in the database being deleted or modified by storing the data in “blocks” that build on each other. This means, if a single character is changed in a previous block, it will be extremely clear due to its impact on all subsequent blocks, which can be stored across a range of nodes. This range of nodes must provide a certain majority of agreement, so one individual making a change will lead to their blockchain being different to everyone else’s, and without majority, their change will be ignored. In this requirement for agreement across the nodes, transactions take longer, and herein lies a potential weakness in some use cases.
Digital Identity Without BlockchainIn order to uncover how blockchain can play a part in digital identity, we need to identify where databases are used. For that, we need to dig a little deeper into the supporting actors of a national digital identity service. As with in-person identities, we often rely on government-provided identity documents like passports, driver’s licenses, and national ID cards. These are supplied by trusted entities who verify we are who we say we are when we apply. These entities ensure there are characteristics of these documents that are extremely difficult to forge, so that when we show these documents to others, they can trust that document has not been altered.
There is an equivalent process with digital identity that can involve some of the same players. Just like with real-world identities, we must first confirm who we are and have our identity verified. Currently, the most common way to do this is in person, often with an office that carries out real-world identity verification, like the police or other government agencies.
The next step is where things differ. The registration authority, rather than acting on behalf of the police or passport office, acts on behalf of the Certificate Authority (CA), which is the anchor of trust, certifying that the digital identity being created is linked to the real-world identity that applied for it. The CA also links a public key which is associated with the private key, with that identity, the private key being the credential entities will use for proving their identity.
The CA has a responsibility going forward to provide whoever is looking for a public key with a status of the certificates it issues via a Certificate Revocation List (CRL) or the Online Certificate Status Protocol (OCSP). These tools, databases, are a way for people to verify whether they can still trust the digital identity they’re engaging with. This works by verifying if the certificate linking the real-world identity to its digital equivalent is still valid, or if it has been revoked.
Where Blockchain Might FitUsing a CA and registration authority this way forms a part of what is known as PKI or Public Key Infrastructure. This is one of the areas blockchain and distributed ledgers (the wider field into which blockchain falls) are being considered – in other words DPKI or Decentralised Public Key Infrastructure. The idea is that rather than relying solely on CAs, a blockchain is used to store the public keys, certificates, and their status.
Apart from being a more difficult target for attackers, there is also potential to offer such a blockchain solution globally. This is an alternative to relying on a few thousand CAs that often cover specific regions or countries. There are drawbacks to this kind of solution, one of which is related to the size of the bandwidth required to sync with the consensus/nodes. This is a common issue with blockchain, which can lead to extremely slow transactions. It is also an issue the community is very aware of as a priority to solve, with “lite” solutions beginning to gain traction.
There are several other vital components needed for DPKI, especially around processes and governing authorities. One of the core technologies being pushed is blockchain, and there appears to be a strong backing to this idea. PKI and CAs have been around for decades with the underlying principles effectively the same. DPKI doesn’t appear to want to drastically change these principles, but build on them.
This is just one area blockchain is getting consideration with regards to digital identity. In this short series, we’ll dig a bit deeper and look at where else blockchain might be able to play a part. Some examples include attribute sharing and transaction data storage, as proposed in SSI, and so we’ll try to understand whether we’re looking at a cube being smashed through a round hole, or if more traditional ways of working should start packing their bags.
Written by Maximiliaan van de Poll
Digital Identity Product Manager