Identity - Past Solutions & Current Blockchain Landscape. Intro and profile of ENS (Ethereum Naming Service) & uPort identity solution. Silicon Valley Ethereum meetup @ Goodwin Law, May 7, 2017.
Why Teams call analytics are critical to your entire business
Identity - Past Solutions & Current Blockchain Landscape
1. Identity: Past Solutions &
Current Blockchain Landscape
SiliconValley Ethereum Meetup: May 7, 2017
Andy Atkin (andrew.atkin@gmail.com)
2. What is Identity? (Dictionary)
1. The fact of being who or what a person or thing is.
2. A close similarity or affinity
• People
• Organizations (e.g. companies)
• Things (e.g. IoT devices, servers)
3. Identity: Control & Ownership
(B. Golden, email conversation 3/2017)
•Who “owns” it?
•Who controls it?
•Who has the ability to change it?
4. Personal Identity
(wikipedia)
• Composed of multiple overlapping attributes many of
which change over time:
• Age
• Race
• Clan/Family
• Ethnicity
• Nationality
• Gender
• Profession etc.
• A philosophical and social construct.
5. Digital Identity – Related Concepts
(wikipedia)
•Subject & Entity
•Attributes, Preferences &Traits
•Trust, Authentication & Authorization
•IdentityTaxonomies
•Identity Networks
6. Digital Identity – Some Legal Intersections
Compliance Census/National ID Digital
Notaries
Travel Crime
KYC/AML – US
Financial
Sector
India - Aadhaar Notarize.com Passports –
TSA ”Pre”
Identity
Theft
HIPAA – US
Healthcare
Citizenship Services -
Estonia
DocuSign Immigration &
Visas
Fraud
Right to be
Forgotten - EU
Access to Medical
Care
Blockchain
Solutions – e.g.
Blocknotary
Refugees and
plight of the
undocumented
Illicit
Purchase
7. Current Electronic Identifier Examples
(all have limits, often combined in 2FA & MFA)
1. Username/Password
2.Biometrics
3. “Hard” tokens
4. PKI – Client Certificates
5.PGPWeb of Trust / Keybase
6.EmailAddress
10. ”Traditional” Blockchain Identity
(Excerpt from Sabadello on github)
• Wallet Address is an abstract term for the entirety of addresses owner by a
single user (stackexchange)
• Namecoin is a blockchain that has been conceived from the start to be used
for registering domain names. It is the first fork of the Bitcoin software
• Contract Address (ethereum), the original Eris project was an early attempt
a DAO contract registry written in LLL (DOUG).
• Simple Registries (e.g. namereg on ethereum), e.g. wallet address -> 20 byte
name or email lookup
12. Self-Sovereign Identity (Allan)
1. Existence: Users must have an independent existence.
2. Control: Users must control their identities.
3. Access: Users must have access to their own data.
4. Transparency: Systems and algorithms must be transparent.
5. Persistence: Identities must be long-lived.
6. Portability: The user remains in control of his identity no matter what.
7. Interoperability: IDs are of little value if they work only in little niches.
8. Consent: Users must agree to the use of their identity.
9. Minimization: Disclosure of claims must be minimized.
10.Protection: Freedoms and rights of the individuals over the needs of the
network.
13. uPort - Overview
(uPort.me)
• Uses mobile devices, the ethereum blockchain and off-chain BLOB store
(e.g. IPFS, AWS, Dropbox)
• Built on self-sovereign identity principles
• Key recovery/revocation possible using a quorum of delegates
• Allows for creation of attestations, credentials and reputation on an
immutable identity
15. uPort – Current Status
(from uPort.me)
• Incubated by ConsenSys
• Currently in Alpha
• iOS & Android* client currently available (keys stored in secure
enclaves)
• Partnered with Gnosis, others to follow
• Future Enhancements (whitepaper):
1. Multiple identities
2. Swappable enhanced controller with spending limits and other features
3. Recovery delegate list to be hidden from public view
4. End-to-End encryption for messaging server (Chasqui)
5. Better user subsidy logic for onboarding users (Sensui)
• * Just updated slide
16. What Makes a Good Name Service?
(Johnson)
1. Separation of concerns
• Don’t conflate registration & resolution a la GoDaddy etc.
2. Distributed authority & implementation
• Keep in decentralized to avoid single points of failure
3. Forward-compatibility
• There will be unforeseen applications of a naming service
as there were with DNS
4. Efficient on-chain resolution (must be fast!)
17. Ethereum Naming Service –Version 0.1
(ENS Documentation, EIP 137, 162)
• Performs a similar functional as DNS but implementation
details differ significantly
• Resolve human readable names for ethereum addresses,
Swarm & IPFS content hashes as well as metadata (e.g.
whois, contract ABIs)
• Composed of:
1. Registry
2. Resolvers
3. Registrars
18. Components of ENS
(Johnson)
Registrar/Owners of a Domain Registry Resolver
• Set the resolver andTTL for
domain
• Records owner of the domain • Translates names into addresses
• Transfer ownership of domain to
another address
• Records resolver of the domain • Supports an optional number of
different record types
• Change ownership of subdomains • RecordsTTL for all records under
domain
19. Registering a Name
(ENS Documentation, EIP 162)
1. .eth Registrar is FIFS (first in first served)
2. Interim “McDonalds” solution until permanent
registry is finalized
3. Restricted to .ethTLD with subdomains being a
minimum of 7 characters in length
4. Uses aVickrey auction: Sealed bid, 2nd price
5. Initial deeds last for 1 year
20. ENS – Current Status
1. Supported by
• Metamask supports sending funds to ENS names.
• Mist is working on ENS support
• LEth is working on ENS support
• Status is working on ENS support
2. No firm date for permanent registry (?)
3. Not directly affiliated with ConsenSys
21. Questions/Comments?
• Feel free to get in touch with me:
andrew.atkin@gmail.com
• SpecialThanks to:
Grant Fondo (speaker and host @ Goodwin Law)
Bernard Golden (speaker & topic idea)
Christian Peel (SV Meetup organzizer)
Daniel Buchner (speaker)
SteveWaldman (moderator)
22. References
1. Antonopoulos, A. (2014). Mastering Bitcoin Unlocking Digital Cryptocurrencies. Chapter 4. San Francisco, CA:
O’Reilly Media.
2. Allan, C. (2015, April 25). The Path to Self-Sovereign Identity [Web log post]. Retrieved May 7, 2017, from
http://www.lifewithalacrity.com/2016/04/the-path-to-self-soverereign-identity.html.
3. D’Ambrosi, C. (2017, January). The Identity Industry Landscape: 225+ Companies . Retrieved May 7, 2017 from from
https://oneworldidentity.com/identity-industry-landscape/.
4. Digital Identity. (2017, May). Retrieved May 7, 2017 from https://en.wikipedia.org/wiki/Digital_identity.
5. Johnson, Nick. (Presented at DEVCON2, September 19-21, 2016). ENS: Ethereum Naming Service. Retrieved May
7, 2017, from https://arachnid.github.io/devcon2/#/title
6. Lundkvist, Heck,Torstensson et al. (DraftVersion February 21, 2017). uPort: A Platform for Self-Sovereign Identity.
Retrieved May 7, 2017, from https://whitepaper.uport.me/uPort_whitepaper_DRAFT20170221.pdf.
7. Personal Identity. (2017, May). Retrieved May 7, 2017 from https://en.wikipedia.org/wiki/Personal_identity
8. Sabadello, M. (2017, April). Blockchain and Identity. Retrieved May 7, 2017, from
https://github.com/peacekeeper/blockchain-identity.
9. The Identity Startup Landscape: 187 Companies. (2017, February). Retrieved from
https://oneworldidentity.com/identity-startup-landscape.
10. Welcome to ENS’s documentation!. (2017, May). Retrieved May 7, 2017 from http://docs.ens.domains/en/latest/
11. uPort. (2017, May). Retrieved May 7, 2017 from https://www.uport.me/.
Notes de l'éditeur
Identity is core concept on which so many others are anchored. Buchner: “Anchor identity on the blockchain”.
Fragmented & siloed. Many of these are great technical solutions but UX and portability hinders wide adoption. Low adoption in turn lowers the value of a given solution due to network effects.
Existence: Users must have an independent existence. Any self-sovereign identity is ultimately based on the ineffable "I" that’s at the heart of identity. It can never exist wholly in digital form. This must be the kernel of self that is upheld and supported
Control: Users must control their identities. Subject to well-understood and secure algorithms that ensure the continued validity of an identity and its claims, the user is the ultimate authority on their identity.
Access: Users must have access to their own data. A user must always be able to easily retrieve all the claims and other data within his identity. There must be no hidden data and no gatekeepers.
Transparency: Systems and algorithms must be transparent. The systems used to administer and operate a network of identities must be open, both in how they function and in how they are managed and updated.
Persistence: Identities must be long-lived. Preferably, identities should last forever, or at least for as long as the user wishes.
Portability: Transportable identities ensure that the user remains in control of his identity no matter what, and can also improve an identity’s persistence over time.
Interoperability: Identities should be as widely usable as possible. Identities are of little value if they only work in limited niches. The goal of a 21st-century digital identity system is to make identity information widely available, crossing international boundaries to create global identities, without losing user control. Thanks to persistence and autonomy these widely available identities can then become continually available.Consent: Users must agree to the use of their identity.
Minimization: Disclosure of claims must be minimized. When data is disclosed, that disclosure should involve the minimum amount of data necessary to accomplish the task at hand.
Protection: When there is a conflict between the needs of the identity network and the rights of individual users, then the network should err on the side of preserving the freedoms and rights of the individuals over the needs of the network.
Controller controls access to the proxy contract and contains recovery contract – you can lose your phone and still recover your immutable ID (great!)
Proxy holds the immutable ID and is used to pass ID to the App/Dapp contract(s)
Controller controls access to the proxy contract and contains recovery contract
Proxy holds the immutable ID and is used to pass ID to the App/Dapp contract(s)
Controller controls access to the proxy contract and contains recovery contract
Proxy holds the immutable ID and is used to pass ID to the App/Dapp contract(s)
Controller controls access to the proxy contract and contains recovery contract
Proxy holds the immutable ID and is used to pass ID to the App/Dapp contract(s)
Controller controls access to the proxy contract and contains recovery contract
Proxy holds the immutable ID and is used to pass ID to the App/Dapp contract(s)
Controller controls access to the proxy contract and contains recovery contract
Proxy holds the immutable ID and is used to pass ID to the App/Dapp contract(s)
Controller controls access to the proxy contract and contains recovery contract
Proxy holds the immutable ID and is used to pass ID to the App/Dapp contract(s)
Use the right arrow to click through/animate Nick Johnson’s slides (not obvious).