Who's Waldo: Establishing self-sovereign identities on the internet using Blockchain
"Who are you?"
Most people get a perplexed look on their face while they come up with a one-word answer to that question. While there is obviously no one answer to the question, there are limitations set by external entities on what an individual can claim as their identity. For instance, Canada will finally include a third gender option in the 2021 census. On the internet, the story is even more bewildering: a person's username/password combination and IP address essentially determine who they are. This is the case even though their username/password combination and IP address might change when their self-definition does not.
This post aims to declare a decentralized and self-sovereign system as the optimal solution to declaring one's identity online. This is achieved by employing an identity-focused blockchain that stores non-correlated information pairs. The idea behind this is that when people online are asked "Who are you?", they can provide the right answer or credential, without any doubts or concerns.
The following is a hypothetical scenario from the healthcare industry that showcases the inconveniences of using a disconnected identity from a patient's perspective.
Waldo, a hypothetical male in his late 20's living in Chicago, wakes up one day with chest pain. This has never happened before, and this symptom does not disappear after a few days. Concerned, Waldo sets up an appointment with his family doctor to discuss this. At the clinic, the nurse collects his vitals and asks the same questions about his smoking, drinking, and general health habits that he has answered previously. During the appointment, the doctor recommends a few tests based on her initial diagnostics.
Waldo goes to the closest laboratory and asks for these tests. The lab administrator calls the physician's office to verify the request validity, and then administers the tests. Waldo is told that he will have the results in about a week, so he schedules a follow-up with his family doctor for the next week. However, when Waldo shows up for his appointment, he finds out that the results have not yet been shared with the doctor. It turns out that the lab has not yet uploaded the test results. Waldo reschedules the follow-up for the next week, at which time the test results are finally available on both the physician and the lab systems.
After Waldo's family doctor looks at the results, she recommends that he see a pulmonologist at the earliest opportunity. When Waldo schedules his visit with the pulmonologist, his data is visible right away because the doctors work at the same clinic. The pulmonologist writes Waldo a prescription, which he then takes to the nearest pharmacy. The pharmacy opens his account and gets in touch with the clinic to verify the prescription. This process takes anywhere from 5 to 60 minutes, depending on the clinic's availability. Every time the prescription runs out, the pharmacy must call the doctor's office to renew it. Waldo may be notified a few days before the prescription is scheduled to be refilled that the doctor has requested a follow-up appointment before renewing the prescription. If there is any miscommunication or if the doctor is not available, Waldo will not get the medicine on time.
Although this is a contrived example, the problems highlighted in it are faced by all patients. Moreover, these problems are the status quo in healthcare. As medical practices, information, and the industry at large inches closer to a digital future, the lack of a trustworthy medical identity and data ownership solution remains a major bottleneck to providing a seamless experience to its constituents. In the case of managing sensitive patient data, a centralized solution is vulnerable to trust and security issues. One possible solution to this is a decentralized identity solution such as a permissioned blockchain (on which information storage is dispersed and easily auditable). It provides an opportunity to share personal data while a) providing options to limit sharing only what is necessary, b) helping optimize healthcare processes by allowing healthcare teams to collaborate across organizational boundaries, c) promoting self-sovereignty by providing the owner control over who to share data with, and d) maintaining the inability of any one entity to modify all the information. Although we are using the healthcare industry as an example, the identity management blockchain solution is just as applicable to other industries such as (but not limited to) education, recruitment, government services, and peer-to-peer marketplaces.
In this post, we will:
- Summarize the shortcomings of existing identity management solutions,
- Go over the characteristics of the ideal solution and some of the extrinsic factors holding back mass adoption,
- Study how a blockchain solution to identity management could function (along with the benefits to using that technology to manage identities),
- Review additional use cases of decentralized identity management which will help establish blockchain technology as the path forward for digital identity management,
- Describe existing projects and pilots.
Shortcomings of existing identity management solutions
On July 5, 1993, Peter Steiner published a cartoon in the New Yorker that would characterize anonymity on the internet. The picture showed a dog sitting on a chair in front of a computer, telling another dog who was sitting on the floor that "On the Internet, nobody knows you're a dog." Twenty-five years later, in an age when tracking cookies remind you to buy the new headphones and the corn peeler in your cart, this is still somewhat relevant.
The Chair of Sovrin Foundation described the five problems with today's internet identity in a post on the company's blog as follows:
- Proximity: Username-password identity management systems are an inadequate proxy for getting to know people physically. In the scenario of a classified advertisements transaction (or even peer-to-peer marketplace), we are essentially placing our trust in the username-password combo of the person selling their gaming console instead of knowing the person.
- Scale: Foregoing trying to remember 6.5 passwords shared among 3.9 sites on average, we have picked hubs of ID information such as Google or Facebook which use OAuth to provide identity management solutions. Despite these authentication methods increasing in popularity, many businesses remain wary of giving up customer information control to another business that may decide to modify the service based on their stake in your data.
- Flexibility: Existing identity solutions are built to solve specific problems, which results in them having a fixed schema. Therefore, they are inextensible to a universal set of applications. The proof Waldo uses to assert his identity as an American citizen does not suffice to access his bank account or email.
- Privacy: Current solutions rely on private entities collecting personal data and using universal identifiers (e.g. Social Insurance Number) to correlate the data, without the subject's knowledge. By extension, these universal identifiers are stored in a central location, and the data is replicated across different systems. As this article points out, so long as individual organizations collect tons of personal data (e.g. Equifax collecting SSN, birthday information, contact information, etc.), hackers will target these honeypots of data because of the potential reward of the effort.
- Consent: As centralized ID solutions want a return on their investment of setting up the sign-in systems, they anonymize personally identifiable data and monetize it by reselling to advertisement networks. This is not inherently negative, but a future where the cost of having an identity is involuntary inclusion in being served advertisements is understandably unacceptable.
In addition to the above, one of the hallmark questions that comes up with managing identity information today is:
- Politics: One of the most crucial holdbacks to creating international ID repositories is that regulators want personal data being stored within geographical boundaries of their jurisdictions. Leading from that are further questions on which country should warehouse the data and who can access it.
Characteristics of the ideal identity management solution
It is unwise to expect any solution to the digital identity problem to come without tradeoffs. However, due the dynamic nature of blockchain technology and the pace of technological change, the list below will evolve as some of the limitations are mitigated and give rise to new ones.
- Decentralized Identifiers: Most importantly, an identity solution needs to go beyond username-password authentication. Although we have seen advances in multi-factor authentication, a distributed ledger where decentralized identifiers, proofs, and verifiable claims are anchored make it convenient for a person to prove things about themselves beyond their password.
- Public-Private Coordination: Solutions offered by private companies are great, but they serve a bottom line. The ideal offering would be from a nonprofit partnership that gets the best of both public and private sectors. The benefits of being rooted in the public sector are that the identity solution is provided primarily for the sake of the public's security and convenience, that the solution will be impartial to a certain vendor, and the scale at which this can be deployed. On the other hand, the benefits of having some influence from the private sector are the diligence and quality of the solution, as well as expertise and experience from the involved companies.
- Universally extensible: A good identity solution needs to be able to connect to a variety of endpoints for authentication. In an ideal world, all the services we use (government, banking, social media, healthcare, music streaming, etc.) plug into a single source of identity truth in a "plug-and-play" manner.
- Self-sovereignty at the center: The solution needs to promote self-sovereignty – this means that it lets the entity assert its own identity. This puts the person in control of the "who", "what", and "how much" of data sharing. Since different sources know and need different pieces of our identity, users can choose to share specific proofs – for example, the government does not need to know an individual's email address to disburse health insurance funds, meanwhile Facebook does not need to know a person's Social Security Number to let them on the platform.
- Simple identity recovery: No system is impervious, but a good source of identity needs to make it easy to recover one's identity if it gets lost. There are a number of ways to go about this – for instance, Facebook has a 'Trusted Friends' method to confirm the identity of the person who is recovering their account. Google has an 'Authenticator' app which maintains codes for the user to login with, even if the device with Authenticator is disconnected from the internet. The solution must provide multiple options of identity recovery.
- Cost-effective: The solution needs to be affordable for a mass population to adopt. Even though it does not need to be free (no existing system is), it needs to be a service every individual can access without having a massive financial impact.
Even if all these criteria are met, they are held back by the limitations of the device we access this solution on. In today's world, our cellphones are the device we access majority of our services on. As ubiquitous and capable as these devices are, users are limited by the battery life of these devices. For example, if a person decides to travel internationally with only a digital proof of identity, they will have to trade off between listening to downloaded music through the trip and using it as proof of citizenship to preserve battery life. Additionally, this will also raise the stakes of losing a device.
Another – probably more critical – limitation is the nascent stage of the blockchain platform today. Even though the use cases for the technology that have been described and proposed are both ambitious and plenty in number, the technology remains in its early stages and financially infeasible for large scale projects to be undertaken with.
Process and Benefits of a blockchain-enabled identity solution
Despite the challenges noted above, the concept of decentralizing digital identity management using blockchain has several major benefits, some of which have been mentioned above. However, before going into the benefits of such a solution, let's go through how such a solution would work.
Figure 1 - How an entity can claim a fact about their identity
For this solution to work, the following pieces need to be present:
- An entity claiming an identity, such as Waldo claiming to be a non-smoker,
- An entity with the power to verify that claim, for example, a hospital conducting tests or recording Waldo's answer to the above question,
- A way for Waldo to own the identity of a non-smoker, for example, a claim on the Sovrin identity-focused blockchain,
- A way for entities to request that information from Waldo, and
- A way for Waldo to provide this information to the entity requesting the information.
Once a claim has been attested, it can be used on the appropriate forum to prove one's identity. Once a physician has attested that Waldo is a non-smoker, Waldo is able to prove this claim on his identity-focused wallet with any party that has a stake in knowing this information.
The benefits of an identity solution based on the above process are:
- Self-sovereign: This thought process puts the user at the center of the administration of the identity. Not only does it allow interoperability across multiple locations but allows for true user control of that digital identity, creating user autonomy.
- Privacy-protected: Being self-sovereign also increases the privacy of personal data. This is the difference between showing a driver's license (which has the birthday, eye color, and address among other information) when entering a bar and sharing the attestation of being above 19 years of age. This is called a 'Zero-Knowledge Proof', whereby a person to prove things based on verifiable claims instead of revealing the claim.
- Portability: Since identity information is not stored or managed by one vendor, there is no notion of being "locked into" a vendor providing an identity, unlike the single login systems available today. By extension, users can carry over their personalization information across vendors, having a similar identity verification and general experiences across them.
- Smoother processes: In the blockchain-based identity verification process flow described, identity claims being attested by authorities and stored on the blockchain is the step that takes the longest time. Once that step is completed, identity verification takes a few minutes and a permission-sharing user scenario. This is straightforward compared to the alternative scenario which may include multiple documents being physically verified before appropriate access is granted; moreover, the non-blockchain solution leaves room for interpretation and human error.
- Reduced Identity Fraud: In a world where identity claims are verified by authorities, data points are stored in non-correlated pairs. This renders data theft pointless; for example, the LCBO database for verified customers may not store anything besides a person's name and a claim to verify that they are eligible to buy liquor.
Additional use cases for decentralized digital identity management
In the end, this solution benefits customers of companies a) with stringent KYC requirements or governance, b) in e-commerce or retail industries, and c) that offer content personalization.
At a presentation in which he detailed a digital citizenship pilot being conducted with the city of Zug in Switzerland, Paul Kohlhaas suggested a number of applications of decentralized identity management. These are listed below with examples based on the use case:
- P2P Marketplaces: Reputation network – Interoperable user reputation data between services for more secure, trustworthy interactions - perfect for the on-demand economy.
Reputation from one service carries onto the next. For example, the user shares the same score across all apps in the same sector (4.78/5 on both Lyft and Uber). Moreover, this reputation can be carried across sectors and reflect an individual's score on various characteristics, e.g. responsibility, punctuality, truthfulness.
- Consumer Finance: Shared data and KYC – Improve customer insights and KYC processes.
Basic identity information does not have to be collected about every customer, as a single source can be plugged into for ID verification and service personalization.
- eCommerce and Retail: Boost Conversion – Significantly reduce customer drop-off, cart abandonment, and fraud with verified, secure single sign-on and formless checkout. UX research shows that the second most common reason for abandoning an item in the cart during checkout is 'Too long / complicated checkout process' (right after 'The site wanted me to create an account'). Both issues can be tackled with a central solution for checking out at all vendors. This solution does not require a blockchain to be implemented, but the highly transparent and secure nature of a blockchain enables a higher level of trust between the customer, retailer, and the blockchain solution.
- Social Media: User Lifecycle Management – Improve onboarding and user lifecycle management without having to store personally identifiable information.
Every social network application has its own use case; however, to sign up for multiple networks, users must enter the same information multiple times. If the social network chooses to use a third-party login system (OAuth using Facebook or Google) they are relying on the service provider to not change their minds about the way they offer these services. If all social networks plug into the same identity system, the onboarding experience will be significantly improved for customers, and the social media company can use the effort/time saved to improve their onboarding and user retention/loyalty. Users do not have to provide any information that is not required to be used. E.g. age can be shared for using Facebook, but email address may be unnecessary (unless the user wants to receive email notifications).
- Digital Media: Portable Preferences – Users bring preferences with them for increased content personalization, smart recommendations, and simplified onboarding and UX.
In today's world, a Spotify playlist cannot be exported to Youtube Music or Apple Music without employing hacks, which come with their own security risks (e.g. user must enter both their Spotify and Google login information and hope the service works and is not a malicious party pretending to be a solution provider). Even in the case the service works, it is half-baked, where it loads just songs/playlists and not music quality preferences or equalizer presets. If the user's settings are offloaded to a blockchain, they can be enabled for any services the user wishes to use them on.
- Regulated Finance: Secure Credentials and KYC – Reduce fraud, improve KYC process, and benefit from shared credential marketplace with other trusted providers.
A verified identity and an immutable record of previously-completed transactions being available to share with financial institutions and regulators will allow entities to trust all parties based on their history.
Existing projects and success stories
To close out the discussion of a decentralized identity management scenario using blockchain, we would like to provide examples of successful pilot projects across the globe.
Digital iD – Australia Post is using digital identification to complete KYC processes for Bitcoin Exchange users. This system will also allow users to claim their age when entering 18+ venues in certain states.
Zug ID – The city of Zug, Switzerland has worked with uPort, a Consensys affiliate project, to offer their citizens with a digital identity to provide government services such as conducting public surveys and tax form submission in a reliable and self-sufficient way.
Brazilian Ministry of Planning, Budget, and Management – This branch of the Brazilian government is working with uPort and Microsoft to develop a Proof-of-Concept for employing blockchain technology for the authentication of notarized documents.
e-Estonia – Estonia is the first country to use the blockchain technology to enhance its citizens' lives. It uses a proprietary blockchain (KSI Blockchain) and is currently testing the technology to maintain medical records and other government data (e-Police, e-Law, e-Land Registry, and e-Prescription, among others).
To conclude, let's reimagine the scenario we started this post with. Imagine instead:
Waldo has a blockchain-enabled Medical Records wallet. Since he has already been to a doctor in the past, it contains the basic information about him (non-smoker, has an occasional alcoholic drink, etc.). He can modify that information at his discretion (for example, if he starts smoking or stops drinking). When he starts feeling pain in his chest one morning, he sends an alert to his family doctor, enables her to see his medical history, and sets up an appointment. When they meet, the visit is very focused on his chest pain as the nurse does not have to spend time collecting basic information all over again. The doctor recommends some tests which are recorded on the permissioned blockchain. Waldo shares this with the lab he will go to. When he completes the tests and the lab uploads the results, his doctor is notified via a smart contract and reviews the results. A follow-up visit is not needed, as the doctor is able to securely communicate a recommendation to see a pulmonologist. Waldo goes to a pulmonologist who is on the permissioned blockchain and has already reviewed the test results before Waldo goes to see him. During the visit, only incremental information is discussed, so the specialist is making an informed decision because he knows all the facts from the MR as well as fills in the gaps with information that was not in MR previously. The prescription is put on the blockchain-enabled MR, so that it can be shared with the pharmacy securely by Waldo. Waldo can also see how many refills are left on the prescription. When the refills are almost up, a smart contract can be triggered to allow the specialist to either refill Waldo's prescription or request a follow-up visit. In this case, the relevant parties can access the basic information that is required to complete the process, without hindering any of the parties from providing the care that is needed.
Refresher of terms used in blockchain-based identity management systems