Blockchain and Identity

· 5 min read
Blockchain and Identity

Theatre 4 was the place to be at Identity Week Europe in Amsterdam earlier this month, when a series of presentations and panel discussions on decentralized identity and blockchain proved one of the exhibition hall's top draws.

The session, on the afternoon of Day 2, began with a panel discussion, "Blockchain and ID" moderated by Alex Tourski, with Steffen Schwalm, Co-ordinator, TRACE4EU, Maarten Boender, INATBA Identity Workgroup, and William Wang, Founder, Palau Digital Residency Program (RNS.ID).

Alex Tourski: "Why does blockchain need identity?"

Steffen Schwalm: "If you only want to prove identities, you can use a PKI. But if you want to combine identity and transactions in one system — for example, if you want to trace the parts and materials in your Tesla’s battery — you need a distributed ledger." 

Maarten Boender: "I agree. How can you be held accountable for what’s written to the blockchain, unless the transaction is signed by your identifier? If you need to make the audit trail of your product evident, that’s much easier to do with DLT (Distributed Ledger Technology). The DID document can’t be changed and will be around for as long as the blockchain it resides on, which is available always and everywhere. There’s no single point of failure.

"There are not so many other systems with the properties of a DLT". 

Alex Tourski: "Can DIDs be considered a universal identifier scheme, when there are around 200 DID methods?" 

Steffen Schwalm: "We have multiple credential data models, signature formats and protocols. What matters is achieving interoperability. I don’t have a problem with 500 DID methods, as long as we have a universal resolver that works."

Maarten Boender: "There are many types of database. As long as everyone talks SQL, its’ fine. Consumers won’t need to think about 200 DID methods. You’ll only have one choice, whether to login with your EU digital identity wallet." 

Alex Tourski: "How do we know blockchain-based identifiers will persist?" 

William Wang: "Why do IP addresses exist? Because there's an underlying need to transfer information. If there's a better way of doing this in ten years’ time, IPs may vanish. Blockchain exists because there’s a need for instant transfer of value. Maybe another way will arise and blockchain will disappear. We can’t say anything will exist for sure, even in 5 years time." 

Maarten Boender: "DIDs and DLTs will be essential tools for businesses that need to provide audit trails. Qualified electronic ledgers are part of eIDAS 2.0. They are managed by organizations that are certified and fully liable to maintain the ledger."

Steffen Schwalm: "I’m pretty sure nothing of current IT systems will still be here in 50 years' time. It’s the data that needs to persist." 

Sovrin: an example of a blockchain-based identity system 

Stephen Curran, who chairs the Sovrin Foundation's board of trustees, and is a long-term contributor to Hyperledger Indy, Aries and AnonCreds, took to the stage to give an update on the Sovrin Network.

“Picking up from the previous talk, Sovrin is a distributed ledger that's used for identity. It’s global, for public-private use and enables different ecosystems of users.

“We provide a platform for issuers to publish information, that enables verifiers to independently verify this information. Sovrin is a valid place for any ecosystem where DIDs are used. It’s not tied to the Hyperledger stack,” he added. 

Stephen described the Lawyer Verifiable Credential, which is used to ensure certain systems can only be accessed by qualified lawyers. "The Law society of British Columbia issues a VC confirming the holder is certified to practice law. The data is held in a wallet, enabling the holder to present it directly to verifiers, such as these restricted systems, without the issuer knowing this has happened. 

"The Verifier reaches down into where the DIDs are to verify it's exactly what the issuer said, using issuer’s public keys.

“The Government of British Columbia is also very concerned about the surveillance economy. The goal of AnonCreds is to share the minimum possible data that’s needed for each use case. We’re trying to remove correlateability, traceability and surveillance”. 

Stephen also reminisced about "Sovrin’s infamous token days. We got through that. We had strong technology and governance, and that’s what we took forward.

"The technology is very solid and robust — we’ve had 100% uptime for the past 5 years”. 

Enabling the Economy of Trust

Next on stage was Catherine Fankhauser, Head of Identity at SICPA, who provided an overview of how authentication, data authenticity and communication have evolved since the inception of the web, and the impact this has had on digital trust.

Turning to the new generation of decentralized technologies, she shared that adoption will be driven by credentials with daily utility. In the context of the EU Digital Identity Wallet, this means lower-assurance credentials that improve the user experience, for example via passwordless access to online services.

Catherine concluded her presentation by highlighting the Unlimitrust Campus, the world's first site dedicated to the Economy of Trust.

Are unique identifiers a good idea?

In the final session, Alex Tourski returned to moderate a panel discussion focused on unique identifiers, with Executive Directors Judith Fleenor of Trust over IP Foundation and Mary Camacho of Holochain, plus Maarten Boender, Stephen Curran and myself.

Alex Tourski kicked off the discussion by highlighting how the lack of persistent unique identifiers for digital assets means content created in the early days of the internet is often irretrievable today, with broken weblinks all that remains.

He asked the panel to consider the proposition that "transparency means safety", citing his home country of Ukraine, where false rumours contributed to the war.

"When an Uber driver likes or dislikes me, should their feedback not be connected to an identifier, to ensure accountability?," he added.

The panel's response was unanimous: assigning persistent unique identifiers to natural persons is a bad idea — though persistent identifiers may make sense for organisations, and certain types of physical and digital objects. Moreover, there are many benefits from using a standardized identifier framework, such as the Decentralized Identifier (DID) specification.

Judith Fleenor pointed out that the Internet Protocol (IP) succeeded because it does the minimum required to establish a universal data transfer mechanism. Similarly, while content provenance is needed to address the explosion of fake content, creators must be able to use multiple identifiers, to minimize privacy risks.

Mary Camacho agreed, adding: "Not all societies are as well-governed and free as the Netherlands. In some places, knowing who took a photo could mean death for that person."

Alex Tourski asked the panel whether Privacy Enhancing Technologies can protect us from the dangers of unique identifiers.

In response, Stephen Curran stated that cryptographic techniques and identifiers are separate topics, and that clever cryptography doesn't mitigate the privacy risks of assigning unique identifiers to natural persons.

Maarten Boender agreed: "We're trying to make it impossible to correlate a holder's use of their credentials, which is the opposite of creating a single identifier."