Blockchain technology has use cases in all sorts of industries. At the heart of most services that involve people, is a concept known as self-sovereign identity. Representing identities on the blockchain allows healthcare data applications, online voting, password-free authentication and many other applications.
Blockchain-based self-sovereign identities not only present a business opportunity for companies, such as uPort, they are also starting to generate interest for government blockchain adoption, as shown by a trial in the Swiss town of Zug at the local government level and the recent European Union Blockchain Observatory and Forum’s Workshop on Government Services and Digital Identity.
Physical World Identities
In the physical world, governments issue identities. An identity may be represented by an ID card or passport. Different providers attach claims to this identity, for example, the driving license provider certifies that you are allowed to drive. This license, or claim verification, might be revoked in some situations. You do not lose your identity in this case, you simply lose the driving claim verification.
In the online world, you have many identities. They often consist of a username and password. Two-factor identification, biometrics, physical access cards or other means may back up these credentials. In any case, keeping track of multiple identities is inconvenient and insecure.
A slight improvement is using an identity issued by one provider for other services. Authentication using your Google account across services is an example of this. However, you still have to remember passwords or pins and rely on a central identity provider.
In the decentralized self-sovereign identity paradigm, the user is in charge of their identity. The idea is to let users create a cryptographically secure identity by creating a public and private key pair. The public key (or a number derived from it) becomes your identity and is stored on the Blockchain. You can now prove with digital signatures from your private key that you are the person the identity refers to.
You can also attach claims to this on-chain identity, such as “over 18”, “allowed to drive” and “authorized to access website”. Claims can be verified by being digitally signed by other identities. For example, the driving license issuing authority in your country may sign verify the “allowed to drive claim”. An employer might issue and revoke a site access claim.
Essentially, you hold a blockchain-based digital wallet consisting of keys and claims. Software solutions can make this transparent for users, the same way cryptocurrency wallets let users forget about creating and signing monetary transactions.
The Importance of Standards
Currently, there are a number of protocols and technologies that enable identity management on the blockchain. uPort is an example of a practical company driven approach using Ethereum. There is also a competing standard proposal for Ethereum, called ERC- 725. Whichever form the self-sovereign identity will take on eventually, it is important to come up with interoperable solutions.