How can we leverage on distributed ledger technology and cryptography to provide identity as a global, cross-jurisdiction and accessible utility for the world?
6. identity is…
• 10 principles -
(e.g. existence, control, access, transparency…)
• Identity is a double-edge sword - it can be used for beneficial
and for malevolent purposes
• Identity only makes sense from a 3rd party perspective
7. experts’ views…
• W3C Verifiable Claims Working Group ~ April 2017
• charter:
“It is currently difficult to express banking account
information, education qualifications, healthcare data and
other sorts of machine-readable personal information that has
been verified by a 3rd party on the web. These sorts of data
are often referred to as verifiable claims. The mission of the
Verifiable Claims Working Group is to make expressing,
exchanging and verifying claims easier and more secure on
the web”
8. current system
• W3C Verifiable Claims Working Group ~ April 2017
• charter:
• It is currently difficult to express banking account information,
education qualifications, healthcare data and other sorts of
machine-readable personal information that has been verified
by a 3rd party on the web. These sorts of data are often
referred to as verifiable claims. The mission of the Verifiable
Claims Working Group is to make expressing, exchanging and
verifying claims easier and more secure on the web
9. current system
• We can use public key cryptography (PKI, public key
infrastructure) to solve this problem?
• However, PKI is costly and centralised
• If a CA makes a mistake on a digital certificate or service fails,
everything falls apart
11. SSI means…
• Self-sovereign identity
• “I own my identity”, not a 3rd party organization
• User-centric perspective to the concept of identity
• “truth”
12. SSI benefits
• Simplify KYC, AML regulations
• Simplify verification of credentials
(e.g. education, driving licenses, work visa…)
• Reduce dependence on organisations that monetise our data
13. SSI approach
• Blockchain technology (or DLTs) uses consensus algorithms
operating over many different machines and replicated by
many different entities in a decentralised network
• Hyperledger Indy/Sovrin - decentralised PKI (DPKI), every
public key has its own address (DID, decentralised identifier)
• DIDs enable true self-sovereign identity - lifetime portable
digital identity for any person, organization or thing that
cannot be taken away
14. SSI approach
• DID specification ensures that issuers and verifiers
everywhere can look up the necessary public keys on a public
blockchain regardless of whether they belong to the same
organization or identity federation
• Evolution from disconnected “islands of identity” each with its
own PKI to a global identity network based on DPKI
• Akin to “local area networks” to global internet
16. challenges
• No standard way to verify digital credentials
• Standardising how to verify the digital signatures of credential
issuers
• Data liability and over-reliance on centralised systems
(Equifax)
17. challenge:
• W3C is standardising digital credentials
“…no standard way to verify digital credentials…”
18. challenge:
• Usually done by PKI (centralised public key cryptography)
• DID - another standard coming from W3C:
• Allows every public key to have its own address
• An open standard
• Uses cryptography
• Enables true SSI
• Anyone can issue a digitally-signed claims; others can verify it
“…how to verify digital signatures of credential issuers?”
19. challenge:
“…privacy issues for data stored on blockchain (or centralised db)?”
• Blockchain, being decentralised, is ideal; to serve as a self-
service registry for public keys
20. SSI core requirements
1. Governance: trusted by all stakeholders
2. Performance: internet scale
3. Accessibility: identity is available to all
4. Privacy
22. hyperledger indy? sovrin?
• Hyperledger Indy - a distributed ledger framework for creating
and managing self-sovereign identities
• Sovrin - an instance of Hyperledger Indy
• Sovrin Foundation - an international non-profit, with a board of
trustees from diverse background and industries
• Public network, permissioned by stewards (a consortium of
diverse organisations)
41. cryptography
• AnonCred: anonymous credentials with type-3 revocation
(prove identity satisfy certain properties in uncorrelated way
without revealing other identity details)
42. nodes & ledger
• nodes:
consensus with plenum BFT (specifically Redundant BFT)
client-node and node-node network communication with
Curve ZMQ
• ledger is replicated across all nodes, backed by merkle tree
43. state & storage
• state:
Ethereum’s Patricia Trie
• storage:
leveldb as key-value storage for ledger and state
47. indy-plenum
nodes, ledger, state, storage
• nodes:
consensus with plenum BFT (specifically Redundant BFT)
client-node and node-node network communication with Curve ZMQ
• ledger:
replicated across all nodes, backed by merkle tree
• state:
Ethereum’s Patricia Trie
• storage:
leveldb as key-value storage for ledger and state
48. indy-crypto
crypto
• AnonCred: anonymous credentials with type-3 revocation
(prove identity satisfy certain properties in uncorrelated way
without revealing other identity details)
49. indy-sdk
client
• Client-side library (Rust) to interact with Hyperledger Indy
• Compiles to .so for client-to-indy communication
• Embed in your client application
54. digital identity
Philippines
• In 2017, only 44% of Filipinos used bank accounts, often
because of inefficient identity systems
• Bankers Association of Philippines, Hyperledger member
Amihan and banks including AUB, BPI and Citibank collaborate
• POC implements SSI with Hyperledger Indy
• Consumers provide information once in a privacy preserving
way and re-use that data to open new accounts. Banks can
trust the data
56. considerations
Solutions for Users
• Centralised Applications - why are they successful?
• Decentralised Applications - how can they be successful?
• Analogy:
Unix/BSD adoption vs macOS adoption? (usability + hardware)