Blockchain & Decentralised Identity (trust framework) David Pollington, Head of Service Access Technology
Blockchain a recap A distributed and decentralised ledger (a linked transaction database) Blockchain The transaction blocks are cryptographically protected for immutability Block 306 A protocol for the distributed ledger management ensuring only valid transactions are added and are immutable Block 307 Block 308 2
Types of Blockchain drawing parallels with network types Permissionless Permissioned Public Internet Extranet Private Trend Home network Intranet 3
Example use case: application of Blockchain to Mobile Connect SP Onboarding Service Provider Onboard App Developer Portal Generate App Credentials Promote Encrypted (Credentials, SP Metadata) Permissioned Private Mobile Connect SP Onboarding Blockchain MNO ID GW Get, Decrypt (Credentials, Metadata) Get, Decrypt (Credentials, Metadata) MNO ID GW 4
Application of Blockchain to Identity? Key challenges that digital identity faces: 1. Establishing trust in a trustless digital world 2. Decentralisation: control and ownership of the identity attributes (self-sovereign identity) 3. Immutability of the operations related to the digital identity => Blockchain/Distributed Ledger Technologies well placed to address these requirements Source: Peter Steiner's cartoon, as published in The New Yorker Note though that personal information is NOT stored on the Blockchain (not even in hashed form) => the value that Blockchain provides is in ensuring authenticity and privacy: Data integrity proofs Provenance Blinding Zero-knowledge proofs Resiliency 5
Why do it? => establishment of trust frameworks unlocks the digital economy 6
Why do it? => trust eroding in existing online identity players 7
Why do it? => move to a decentralised approach (SSI) GDPR and public sentiment over the increasing number of data breaches driving popularity in the concept of Self-Sovereign Identity (SSI) => user takes responsibility and ownership of their identity and uses a range of 3rd party issuers to vouch for the user's claims 8
Uses a distributed ledger for managing decentralised identifiers (DIDs) and ensuring authenticity of the parties interacting via the framework and the information (claims) that are exchanged Introducing Sovrin (DLT-based trust framework) verification verification verification 9
Introducing Sovrin (DLT-based trust framework) Open standards approach (W3C, DIF) and gaining significant momentum through support from the likes of IBM and DT but many issues still remain around usability, commercialisation and faith in the technology 10
Unlikely that there ll be just one global trust framework for identity National Global Sector 11
Key role for Mobile Connect: Humanising Blockchain Uses MSISDN Uses Keys, Digital Signature Blockchain helps to create a connected secure identity Authenticate Consent Blockchain Mobile Connect helps to connect the user to the Blockchain in a secure and convenient way Private Key Public Key and MNOs acting as issuer/verifiers of claims (attributes) 12