The Universal Access Device and the deployment of Self-sovereign Identity

In previous posts the Universal Access Device has been described as a critical component for Distributed Finance applications. As its name implies, the UAD can find applications in many different fields, including Identity Management.

The advent of Self-sovereign identity

In April 2016, Christopher Allen introduced Self-sovereign Identity (SSI) as the fourth step of an evolutionary process in Identity Management.

Phase One: Centralized Identity (administrative control by multiple hierarchies) In 1995, first Certificate Authorities (CA) started their business, mainly to support the first Internet commerce sites. Most Identity Management is still multiple-hierarchy: individual digital identities are owned by CAs, domain registrars, and application sites.

Phase Two: Federated Identity (administrative control by multiple, federated authorities) During 2000, two Federated Identity initiatives appeared (Microsoft Passport and Liberty Alliance) to support federation between different hierarchies. Main goal was to let users go from site to site without having to log on every time. 

Phase Three: User-Centric Identity (individual access across multiple sites without requiring a federation). Much in use today, leverages your Facebook (or Google, or LinkedIn) identity to log on to another site. While this reduces the number of credentials to manage, it leads to an impaired User Experience.

Phase Four: Self-Sovereign Identity (individual control across any number of authorities), based on the famous 10 basic principles stated by Allen himself.

The ten basic principles of Self-sovereign Identity

Existence: Users must have an independent existence. A SSI must be a reference to an existing person.

Control: Users must have full control of their identities. They should always be able to refer to it, update it, or even hide it. Any user may make claims about another user, but they can not touch the identity itself.

Access: Users must have at least read access to their own data, Users must always be able to easily read all the claims and other data within their identities. Some of these data will not be modifiable to them and most of them will not be accessible by other users.

Transparency: Systems and algorithms must be transparent. The algorithms should be free, open-source, well-known, and as independent as possible of any particular architecture; anyone should be able to examine how they work.

Persistence: Identities must be long-lived. Though private keys might need to be rotated and data might need to be changed, the identity should remain under control of the user. Clearly, under the “right to be forgotten”, a user should be able to dispose of an identity if he wishes and claims should be modified or removed as appropriate over time.

Portability: Information and services about identity must be transportable. Identities must not be held by a singular third-party entity, even if it's a trusted entity that is expected to work in the best interest of the user. Basic assumption is that entities can disappear — and on the Internet, most eventually do. Online verification is problematic, as regimes may change or users may move to different jurisdictions.

Interoperability: Identities should be as widely usable as possible. The goal of the system is to create global identities, crossing international boundaries without users losing their control.

Consent: Users must agree to the use of their identity. Sharing of data is encouraged, but it must only occur with the consent of the user. This consent might not be interactive, but it must still be deliberate and well-understood.

Protection: The rights of the user must be protected in any case. When the operational needs of the system and the rights of individual users appear to be in conflict, the freedoms and rights of the individuals must prevail over the operational needs. As a special case, identity authentication must occur through independent algorithms that are censorship-resistant and force-resilient and that are run in a decentralized manner.

Minimalization: Disclosure of claims must be minimized, in order to involve the minimum amount of data necessary to accomplish the present task. For example, if only a minimum age is called for, then the exact age should not be disclosed, and if only an age is requested, then there is no motive for disclosing the exact date of birth. As "zero-knowledge" cryptography is still in the making, the support of user privacy is a moving target, and should follow technical improvements.

Clearly the ten principles are referring to an ideal environment. No wonder present implementations fall somewhat short of them. Still, SSI is regarded as the most promising and flexible identity scheme.

Basic SSI players: Holder, Issuer and Verifier

Basic operation of SSI is easy to understand with a paper-based analogy. The first role is that of the holder: after receiving some certificate by a relevant authority (the issuer), they can present that every time they need to access some service. For instance, when we are renting a car, could prove our identity by presenting a passport and our capability to drive by a driving licence. By examining those certificates, the rental agency clerk (the verifier) can check whether our claims are true. Basic principle is that holder can choose which documents to show to the verifier and the latter can decide whether they are good enough to substantiate the holder's claims.

Basic SSI objects: Verifiable identities, DID and DIDDocs

In the digital world, the same workflow is based on some unique and random identifiers, known as the Decentralized Identities (DIDs).

DIDs are based on public-key cryptography: a hardware device (a digital wallet, in the property of the identity owner) is used to generate a public key and a private one. The private key is stored in the wallet and is used for creating content. The public key can be known by everyone, and is used for authenticating content created by the private key.

DIDs are called verifiable credentials, as they are first used by a holder to get information from an issuer. The issuer will sign the returned information with his private key. After countersigning the same info with his own private key, the holder will store that info on his digital wallet.

On the other hand, DIDs operate (roughly) in the same way of an URL: they are used for the retrieval of documents called DIDDocs. Usually, a Blockchain (or some other Decentralized Ledger platform) is used to support this search process, but (as described before) the actual content of the DIDDocs is kept in the digital wallet.

Instead of personal information, the DIDDoc simply describes a series of facts that can be verified (verifiable claims) about its holder. For each verifiable claim, the DIDDoc holds an external code (called a verifiable presentation) that allows cryptographic verification of four key elements:

1. Who issued the credential (issuer)
2. Who the credential was issued to (holder)
3. Whether the claim was tampered with
4. Whether the credential has expired

Features of a Self-sovereign Identity system 

• Issuers are not required to be online during claims verification as that is performed against the decentralized ledger and the holder's digital wallet
• The content of the DIDDocs can be regarded as tamper-proof to the same level of trust we accord to the ledger management and digital wallet
• Data may be exchanged between the verifier and the holder's wallet in many different ways (near-field communication, bluetooth, wi-fi, etc.)
• The issuer and the holder must have reached trust between them by other means. Usually, a hierarchical scheme can be built, requiring the holder to do a personal proof of their own identity just on onboarding the system

The Universal Access Device

While SSI aims to implement a total answer to digital identity, the most probable outcome is that we will end up with three or four competing standards.

In practice, there are already companies (https://truststamp.ai) that can compute a DID by processing biometric data and other personal information. Clearly, disclosing all this info to a single company is not really compliant to the ten principles, but is still deemed a suitable solution in the corporate world.

Other implementations are offering indexing of DIDs on different blockchains, and even indexing and storage of DIDDocs on a centralized system.

This is a good reason for suggesting the development of a Universal Access Device. As already described, it is an open hardware platform offering affordable consumer-level encryption, supported by a blockchain-based trusted software distribution service. Developing a product-agnostic, high-reliability device is the way to provide a level field for competition, while maintaining control of a critical digital infrastructure.

The European Self-Sovereign Identity Framework

The European self-sovereign identity framework (ESSIF) is part of the European blockchain service infrastructure (EBSI). EBSI is a joint initiative from the European Commission and the European Blockchain Partnership (EBP) to deliver EU-wide cross-border public services using Distributed Ledger Technology.

ESSIF aims to implement a generic self-sovereign identity (SSI) capability, allowing users to create and control their own identity across borders without relying on centralized authorities. At functional level, ESSIF will allow EU entities to obtain verifiable credentials, to register verifiable mandates/consents, and to access verifiable claims, which then can be used to identify/authenticate relying parties and provide those with required claims/attestations.

The information written on blockchain can range from decentralized identifiers (DIDs) and will include public legal entities, the fact that something has been proved, revocation lists as well as general information like lists of trusted academic institutions.

Clearly, ESSIF is not a party in the business flow between the EU citizens/entities and relying parties. Also, the request for services and the obtainment of those services are out of the scope of ESSIF.

Conclusions

There is a growing feeling that some basic concepts underpinning banking and finance are too important to be left to bankers alone. The European Commission is working on basic issues like competition, digital identity and privacy that are capital to the development of decentralized finance. At the same moment, National Central Banks, the European Central Bank and the Eurosystem are busy experimenting new payment systems and improving the old ones. Coordination between these two efforts is already in place and will improve in the near future.

This article is one of a series outlining a detailed proposal for a pan-European Universal Access Device.

https://www.dhirubhai.net/pulse/iot-plus-uad-less-chaos-rosa-giovanna-barresi

https://www.dhirubhai.net/pulse/toward-pan-european-universal-access-device-rosa-giovanna-barresi