Identity applications or Self-Sovereign Identities are poised to make one the biggest impacts on our daily lives of all Blockchain applications. Anyone can use it without an Ethereum wallet or any Ethereum knowledge. Both uPort and Civic have apps for phones that can be downloaded and stored and used in their present basic forms. They will remove the need for many separate passwords and allow you to limit the information you give websites while retaining ease of use. Things like e-resumes and credit scores will become much improved without the need of a third party. If you lose your phone, with your keys you can recover your identity by following a defined set of rules. Faking an identity will become much harder but that will make identity theft much more profitable. Big thanks to Paul Kohlhass, Business Developer of uPort for his assistance in answering my questions.
Problem Being Solved
At the moment we rarely own or control our digital identities and our paper accreditations (resume, diploma, accreditations) are disconnected from our digital identities. When you sign on to a websitehttps://www.civic.com/ you give your password to the server of the website. When you create data on the site, they own the data. We either send our payment data to each website individually or trust a third party such as PayPal and pay their fees.
For paper accreditations such as degrees, diplomas the system is even more primitive. We receive a paper degree from the school. The paper may have a number on it. This allows for verification if someone takes the time to contact the school themselves. Resumes are lists of accreditations with no backup. The reader must manually verify each statement on the resume.
These problems can be solved and the solution is a Self-Sovereign Identity (SSI)
A Self-Sovereign Identity is one where the user or Owner owns and controls the contents of his identity. Only the Owner can give others permission to see his personal data and the Owner can revoke this permission. In addition the Owner holds his password keys and no third party application ever sees the Owners password, only the data the Owner authorizes. This ownership has limits. While an Owner can update the contents of his identity he cannot edit entries that were already made. So you could not change your high school average mark from a C to an A. This gives the third parties confidence in the contents. Otherwise, the Owner is king of his identity; Self-Sovereign.
As of September 2017, there are several identity applications under active development including uPort, Civic and Oracleize. They are at Alpha test levels, meaning they are not very useful yet, but are progressing. Both uPort and Civic have apps for phones that can be downloaded and stored and used in their present basic form. According to Paul at uPort, the Ethereum network requires more bandwidth to accommodate the quantity of transactions these identity applications will require.
How it Works
The SSI resides as an app on your phone. You will open using the security elements of your phone, code, pattern, fingerprint, face. Probably you will be able to make copies of your ID on several devices but it will either be centered on one with the data in a public drive such as Dropbox, Swarm or IPFS. Your SSI consists of your security keys and the data around it. It is important to note that you don’t need an Ethereum address or any knowledge of crypto currency in order to use an SSI. While it resides on the blockchain, this is invisible to the user. It’s just an app on your phone. As such it is available to anyone. This is one of its biggest advantages. Before we consider using your SSI, let’s explore the data it would hold.
First the easy stuff; name, address, emails, phone numbers, shipping address. Next billing info. You would enter your credit cards, PayPal account, your crypto currency public key, your preferred billing process. It is likely that you may hold some passwords out for security. That way if someone gets control of your identity they can’t start spending your money (more on identity theft later). Next your SSI will hold your login credentials for all your websites. It may hold a bit of your profile information but not all of it. Finally it will hold your accreditations. Accreditations are stamped records of accomplishments.
- School diplomas
- Credit scores from banks, credit cards or other financial institutions
- Work experience
What won’t be in your SSI
- Your Ethereum wallet private keys. At least for uPort, the organization is very careful with their role. They do not want to become an exchange with the regulatory requirements. Rather they want to facilitate the identity requirements of other exchanges.
How to Use It
Logging on to a new e-commerce site would be simpler. The site would “see” your SSI keys. No need to create or remember a user name or password. The site would ask for access to your personal data, as appropriate (name, email, address). For your address you might give permission to forward your address to shippers but not actually give the site your address. This way if the site is hacked, your address was never on it and cannot be taken.
When you find something to buy on the site, your SSI acts as an intermediary. It passes your payment info to the financial institution who gives the money to the e-commerce site. Your SSI passes your shipping address direct to the shipper.
The e-commerce site still makes the sale with the same ease. It still holds your shopping preferences in its database, but if it’s hacked, it holds far less of your personal info. You get the items with the greater ease and with added security.
Now consider the big Ashley Madison hack of July 2015 in a post SSI world. The site would not have the personal information of its customers. When two of its clients want to communicate, the site just passes the SSI’s. Each would have to consent to the contact. The site can still facilitate the allegedly illicit activities of its clients and charge them for facilitating their liaisons, but all parties are secure. Even an insider within the Ashley Madison organization cannot dump all the clients’ data because they don’t hold it, just limited permission to access their clients SSI.
Accreditations of an SSI will revolutionize both resumes and credit scores (at a minimum). It will require these institutions to get their own Corporate/Institution Self Sovereign Identity (which is basically the same as a personal identity except for an entity rather than a person. They would use their SSI to stamp something that matters to you.
How would this work
There are many potential uses for an accreditation but for this document will just focus on two examples; resumes and credit references.
For resumes, as you grow you have milestones that you can record such as diplomas, degrees, courses, and professional positions. For the institution, first they get their own SSI. This would probably be via the web, rather than a phone. Next you would send them your request for an accreditation with your SSI public ID. They would then send the accreditation along with a stamp of their institution. They would probably do this via a web page. You would receive a database entry saying you completed the course and your mark or a scan of the actual diploma. With each course you would add to your resume. As you start work, your company could offer the same type of stamps. Perhaps one new stamp for each new title on a business card. From this you would build your resume. You would still need sharp formatting and excellent text around your positions but the SSI would add easily verifiable credibility to your entries. The reader would know you went to Harvard and graduated in 2019. There would be no doubt. The immutability of the blockchain guarantees it. Providing there is a useful standard in education and work experience entries, the SSI could automatically fill in an online application with the requisite stamps from the providers included. The SSI adds significant integrity to your resume.
For credit references the changes are even more major. It would be possible to receive an updated credit reference from a bank or credit card company (any financial entity, including crypto currency exchanges) with a simple web request. This assumes you have already given them your SSI, which would be used both for logging in and giving your credit reference when you first started with them. Rather than letting an outside entity create a credit reference without you consent or control, you could create your own, by collating all the financial entries in your SSI. Now even though the SSI is Self-Sovereign there would be limits. Deleting one particular bank because you haven’t been paying them lately is not something other financial entities would like. You may be able to control each entity that is included, but if you skip one that is known to your SSI, it may show up as a clear blank and the receiving bank would see this as a red flag. With one button, your SSI could query every financial entity you have logged into and collate the results and send an up to the minute report to the requesting entity. You would be able to review the report before sending, but of course if you edit it, you lose the stamp of approval from that financial entity and the trust of the integrity of the report would plummet.
There would be common programs to read and rate a credit reference report. These programs would validate the stamps for fakes, check for red flags and other warning signs and give a general score. Different lenders would look for different scores. A used car lot would need a different score than a local bank.
Of course this ability would make third party credit score companies completely redundant.
Zug Switzerland using uPort
According to Paul Kohlhass of uPort the big near term demand for uPort identities is Ethereum applications and municipalities. The best example is Zug Switzerland. They have implemented since November 2017 an electronic identity for the city. It can be used for e-voting (this is Switzerland after all). First the citizen gets a uPort identity. Then it is validated by the city (this may need a visit) that you are a citizen. Then the identity can be used for things like e-voting, paying parking tickets or signature. Municipalities are good first adopters. They have a strong need but are often small enough to manage a test of new technology.
We all know that all entries on the Ethereum blockchain are public and can be viewed by all. With SSI someone who has never heard of Ethereum just opened a wallet with entries pointing to all their personal data. How is security maintained? With uPort at a minimum, none of your personal data is actually stored on the blockchain, only electronic links (called hashes) to your identity file. As your SSI matures, each entry is added to your personal data file. The date and the link to the changes are immutably stored on the blockchain. The hashes contain two parts of information, the location of the data and the security key. If the content of the data changes the security key won’t match. A valid blockchain entry will point to the data and check that is unmodified.
As indicated above, your personal data will be stored on an encrypted data file. This file will be accessed by you, when you modify your SSI and by third parties that you allow to modify (as in a stamp) or by third parties that you give access to read segments of your SSI. At the moment, for uPort, this data is stored on your phone with the app. This won’t work well when you want to use your laptop, desktop, tablet and both your phones to access your SSI. This will require your remote data to be stored on a server on the web.
How much data to keep
For some purists, your SSI will contain every piece of personal data; every tweet, email post, etc. While technically possible this may be difficult to implement and many users may not adopt this. For one thing your remote data will be huge. The user will have to pay to store the data. It will be slow for other applications to see your data making social media slow and may not work as well as social media works now. It will be interesting to see how much data people allow services to hold, when they have the choice.
This website is all about Ethereum Use Cases. And for identity applications such as uPort it plans to use the Ethereum blockchain. But other Self Sovereign Identity providers such as Civic have indicated they see a dedicated SSI blockchain is the better way to implement. Ethereum is a public permissionless blockchain, meaning anyone can use it at anytime. This means it can become slow when a lot of people demand its resources at the same time. Throughout 2017, big ICO’s would occasionally slow the network considerably. In addition, each transaction needs gas, paid by the user or someone else. On the plus side, the Ethereum network exists and is ready for transactions now (with limitations) and has a steady development plan that is self-funded. The security of Ethereum is guaranteed by its users and developers and they constantly audit and react to threats.
A private permissioned blockchain would have more controlled and reliable response and would not require gas. The problem is that it must be created. It is reasonable to expect a school board or bank network to add one PC in each branch or school. These PC’s become the network. But a school board won’t do this until they believe the SSI will be used and accepted widely. Until then, why should they invest the time and resources to create a blockchain network. In addition security for a private blockchain is an important priority. Its PC’s and information are valuable targets. Ethereum updates itself for its own reasons. A private blockchain must have a team that keeps up with the latest updates and installs them on all the PC’s. There is also a risk that an insider could corrupt the code. This is almost impossible with Ethereum. New code is constantly audited by many players.
For these reasons, Ethereum will most likely remain the network for SSI providers until the technology is mature and accepted. At that point, other private networks may materialize.
Faking an Identity
Let’s consider, in an SSI accepted world, the issues around faking an identity. The obvious first solution is to create the identity off the network with whatever excuse is required. Then you can use the old ways (whatever they are, I never faked an identity 😉 ). Failing that, no doubt there would be providers of fake accreditations and credit references that look just like the originals. If someone checks, it would become clear that the accreditations are fake, but perhaps a superficial check will not raise concerns. However the big red flag will be dates. Creating a fake identity is not something you do slowly over years. Someone buys an identity and someone else creates it in a day.
Under the Hood
There are a few fundamental things the identity coders, such as the uPort development team want of their applications and this drives their software architecture.
- The user is completely abstracted from their Ethereum address. They don’t even know they are on the blockchain
- They can lose their phone (their private keys) and recover it without losing the details of their SSI.
- The developer can update their SSI blockchain application and the phone app without the user (thus adding features) without losing any details in their SSI.
For uPort at least, as documented in their whitepaper, this drove a three level Ethereum architecture; a controller smart contract talking to a proxy contract, talking to the application smart contract. The application contract deals exclusively with your SSI via a unique identifier that never changes. The proxy contract stands behind the controller contract and the application. The controller contract talks to your phone. In addition, it has a recovery protocol in case you lose your phone or your keys. If you lose your keys and follow your recovery protocol, your SSI content does not change and the unique identifier used by the controller to manage your SSI does not change. More details are enclosed in the whitepaper.
Recovering your lost phone identity will be a regular challenge for an SSI world. When you lose your SSI keys, it will matter. While you may not need your resume or credit score every day, if your SSI has the login to your favorite social media, losing your SSI for a few days will bite. Based on the uPort whitepaper, there will be a procedure when you lose your keys (as in losing your phone). In their example you choose three individuals. As long as two (of the three) vouch that your new phone (and its keys) are actually yours than the reconnection is established. Another aspect is that when you declare your keys as stolen (before they are recovered) your SSI is locked, no new stamps or accreditations can be added for a set period of time. This set of rules is an example. In the real world the rules may be more complex. The good news is that the rules are as flexible as software. Over time people will coalesce on sets of rules that work, most of the time.
Because it is difficult to create a fake identity in an SSI world, there will be a strong incentive for bad actors to steal identities – they will be valuable. If someone can steal an identity and are able to gain control of the SSI it is theirs. No one can take it back. The blockchain is immutable, once you meet its rules, it gives you control.
This is why the rules described above for recovery will be important. If you lose you SSI and don’t act properly you can lose your SSI permanently. Credit cards can be changed, but your credit score and other identity reputation is lost and must be slowly regained. In fact, you could be competing with the person who stole your identity to prove you are you.
What about the police? Let’s say you go to the police and convince them that your identity has been stolen. In a purely Self Sovereign Identity the police cannot change an identity (to indicate its stolen) without the consent of its holder. If they can, then the identity is not Self Sovereign; a third party can invalidate the SSI without its consent. These are the type of social questions a blockchain world will drive. Blockchain software cannot be corrupted and reduces wasteful third parties but it is not humanely considerate. It executes its software with merciless precision.
Who pays the gas?
The users of an SSI never know (necessarily) that they are using the Ethereum blockchain. The process, through phone apps and web pages is abstracted from the blockchain. This makes it easy to use and adoption easier but it begs an Ethereum question. Who pays the gas? Every transaction on the Ethereum blockchain requires a small bit of Eth (the currency of Ethereum) to pay for the computer resources required from the network. In the case of uPort (right now) they are paying the gas of their users’ transactions. Obviously this cannot last. At some point as SSI adoption grows, someone must pay. uPort stated that they do not want the users paying. This leaves the companies and institutions to pay. They may buy software development kits or pay for each stamp. It is too early to say exactly how a self-sustaining SSI network would support itself but the total costs should not be high compared to its value.
Ideal Use Case for Blockchain?
According to Vitalik’s 5 Points how well does this use case suit a blockchain application? Score 19/25, 76%. Great!