Agenda
- Basic Requirement of Identity
- Evolution of Internet Identity
- Entities Involved in Self Sovereign Identity
- Why blockchain?
- POC code on Github
- Improvement
- References
Basic Requirement of Identity
- Security - the identity information must be protected from unintentional disclosure.
- Control - the identity owner must be in control of who can see and access their data and for what purposes.
- Portability - the user must be able to use their identity data wherever they want and not be tied into a single provider.
Evolution of Internet Identity
Standalone Centralised– each website, institution asks the same (personal details like email, password, phone, address etc.) information to prove yourself that you own this information and each verifies the information by some way email activation link, OTP, physically etc. Information and process will be redundant and repetitive. We have to trust to website , institution to secure and protect our data.
Federated Centralised – on internet google, facebook etc. account can be used to authenticate and authorise yourself on other sites. Again these federated model are own by centralised entities and all data is stored with centralised system. We need to trust these centralised systems to secure and protect our data.
Self Sovereign – On self sovereign system, data can be controlled by owner of data, stored secured way, data will be verified digitally, can be shared (minimum required data) with relying parties for specific time period. This can be achieved using Blockchain (DLT).
Why Blockchain?
Distributed ledger technology (DLT) is the breakthrough that makes self sovereign identity possible. It enables multiple institutions, organisations and governments to work together for the first time by forming a decentralised network much like the Internet itself, where data is replicated in multiple locations to be resistant to faults and tampering
Open, decentralised systems enable individuals to fully own and manage their own identities, leading to the idea of “self- sovereign” identity systems. These systems use combinations of distributed ledger and encryption technology to create immutable identity records. The individual creates an identity “container” that allows them to accept attributes or credentials from any number of organisations.
Entities Involved in Self Sovereign Identity
- Identity Owner (Individual/Organisation) - owner of data.
- Identity Holder (Agent) - operate on behalf of data owner.
- Issuer - License, Passport, Any other data verifying authority government or private etc. who can certify and verify * owner's information.
- Relying or Third Party – Electricity, Telephone, Bank etc. who wants owner to prove his identity data to avail service provided by them.
POC code on github
https://github.com/purulalwani/self-sov-identity/
- Create Identity – Create identity using your Blockchain keys for Individual, Organisation, Issuer etc.
- Create Claim – create claim (I own this address, I own this name, I own this email etc.) and ask issuer to certify and verify * this.
- Approve Claim – Issuer approves the claim and sign the claim data so data can be provable.
- Share Claim – Claim data can be shared with relying party to prove yourself.
- Verify Claim – Relying party can verify claim data that data is certified and verified by trusted issuer.
Code is not for production use or with any warranty, it is just to prove concept with the minimum effort
Improvement (Not limited to)
- Data can be kept encrypted using Owner public key and shared encrypted data with other party's public key.
- Data can be kept off-chain to achieve performance and reduce cost (paying for gas in Ethereum). Only hash of data can be stored on blockchain.
- Read below references to make it more robust.