At lifeID, we are building an open-source, blockchain-based digitalidentityservice that enables users to create and manage their own identities without relying on a central organization or authority. This identityservice will not be centrally controlled by any one organization, but instead managed completely by the community of identity holders. We believe that a decentralizeddigitalidentity is the way of the future, and will affect significant change to our world, shifting power away from large corporations and governments back to identity holders.
Let me start by briefly explaining how a user-created (commonly known as self-sovereign) identity works and how a blockchain is the final puzzle piece unlocking the ability to build one. This paper is not intended to be a deep-dive on the technology, I will cover just enough to understand the cryptography basics and the necessary components of the platform.
A self-sovereign identity and how it works
A self-sovereign digitalidentity is an identity that the user can create and manage. It contains all of the credentials necessary to interact in the digitalworld, without relying on a centralized organization or authority. Self-sovereign identities make extensive use of public key cryptography, so understanding how self-sovereign identities work requires a basic understanding of how this cryptography is used. Public key cryptography describes a process in which cryptographic keys are generated in pairs, a public and a private key. The public key can be viewed by anyone, while the private key remains a secret kept only by the owner of the key. Users can prove ownership of the public key using the private key without ever divulging the actual private key. This proof of ownership of the public key provides a way for owners to prove that a self-sovereign identity is theirs.
To create a self-sovereign digitalidentity, a user creates a unique digital identifier along with a cryptographic public/private key pair. This identifier is just a large random number, so large that it is effectively impossible to create a number that might be used by another user. Using a global public registry, the userassociates the public half of the key pair with the unique digital identifier.
The private key is also an extremely large number that is not easy to memorize or enter via a keyboard. Instead, it is usually stored somewhere secure such as the secure enclave of an iPhone. If the user loses access to the private key associated with their digital identifier, they create a new key pair and update the global public registry. How that global registry allows the identity owner (and only the identity owner) to update the global registry when they have lost their private key is a topic better answered in detail in a futurepost. The short answer is that it involves using a blockchainsmart contract and a recovery method chosen by the user when creating the initial unique identifier.
The unique identifier represents the user in any digital interactions that he or she might have. For example, when a user creates an account on a new website. To authenticate with the website, the user proves ownership of this identifier using the private key associated with the identifier. When the websitewants to authenticate a user, it looks up the user’s identifier in the global public registry, determines the associated public key, and confirms that the user has the private key. It’s worth noting that updating the keys associated with the unique digital identifier does not require that the user contact the website where the identifier was used.
Making all of this work requires a secure global registry where users can update the digital identifiers that they control. One where the data, once written, cannot be changed or removed from the registry except by the user with the private key. Until the advent of blockchain technology, these requirements were impossible to meet. How do you create an open public central registry that is not itself centrally controlled? This is where the magic of the blockchain comes in. It serves as the centralsource of truth for mapping a user’s unique digitalidentity to their corresponding public keys. Because it uses a blockchain-based consensus mechanism to maintain the accurate and up-to-datestate of the registry, it requires no central authority to control or operate it. In fact, an open, self-sovereign digitalidentity is one of the best use cases for a permissionless, decentralizedblockchain.
The requirements of a self-sovereign identityplatform
To fully realize the promises of a self-sovereign identity, the blockchainplatform that serves as the central registry must be built with three important pillars:
1. Driven by economic incentive
2. Open and Permissionless
3. Self Governance
Driven by economic incentive
To ensure that an open, decentralized peer-to-peer network continues to function in perpetuity, there must be an economic incentive for the nodes to participate. Otherwise, the people that run these nodes will choose to use their computer hardware and electricity for some other purpose. Miners — the transaction processors for these networks — generate the cryptographic verification that ensures the transactions in each block are trustworthy. Their reward for performing this verification is to receive tokens on the network. In turn, they can sell these tokens to others that want to transact on the network or to speculators that want to hold the tokens in the expectation that their value will continue to increase. Giving miners an economic incentive to process and validate transactions is the process that breathes life into and sustains public blockchains like Bitcoin and Ethereum.
Similarly, any self-sovereign identityplatform must have a built-in incentive mechanism to ensure that it too will function in perpetuity. For an identity to be one that can be used for the entire life of a person, the softwareplatform on which the identity is secured must also continue to function forever. There is a reason we are asked to “Login with Facebook” rather than “Login with MySpace”. Ultimately companies come and go, and even behemoths like Facebook may one day lose the favor of their users. Our digital identities are simply too important to attach to the business interests of any one company. We need an identityplatform that exists solely to serve all identity holders. A blockchain with a built in economic incentive — perhaps one of the greatest human innovations of our lifetime — provides this.
Open and Permissionless
It is absolutely essential that anyone, anywhere in the world is able to use the identityservice restriction free. The most important reason for this open access is to prevent an identity holder from ever being denied use of their digitalidentity for any reason. To ensure this, it is also critical that the miners securing this identityblockchain are also not restricted from performing the mining functions. A blockchain that allows for anyone to join and “mine” transactions such as Bitcoin or Ethereum is called a permissionless blockchain. A permissionless blockchain is a base requirement for building a self-sovereign identityservice.
Using a permissionless decentralizedblockchain to coordinate access to user’s identifiers and public keys makes it nearly impossible to censor or restrict users from using their identity. Contrast this with using a Google, Facebook or Twitteraccount to log in to a website. If any one of these services believes that you have violated their terms of service, you would be locked out of any website you use.
Open also implies that the software used to run the platform is open-sourced and the protocols used to interact between the nodes are open for all to read. People are free to develop their own version of the software that interacts with the identityservice, for example, to build a version that operates more efficiently than the open source versions. But, the foundation that supports core service must ensure that this software remains open source. It is also important that end-usersoftware used to manage self-sovereign identities and related identitydata uses open and standardized protocols so that users are not locked into one vendor’s solution. In most cases, this end-usersoftware will be a mobile app, or perhaps a browser plugin. If users cannot migrate their identitydata from one vendor’s app to another, it locks the use of the identity to this vendor, completely undermining the promises of a self-sovereign identity.
Blockchain governance is all the processes that are followed to make changes to a public blockchain. Blockchain governance can be formally or informally defined, or it can even be ad hoc. Some blockchains, such as decred, employ on-chain governance mechanism to vote for and perform automated software updates, which we will examine below. Blockchain governance is the least mature of the three pillars. It is a messy, evolving process that the community is still debating. Our aim here is to describe the attributes of a well-formed governance necessary to build a decentralizedidentityservice.
A properly constructed governance mechanism ensures that a public decentralizedblockchain-based identityplatform will continue to meet the needs of the identity holders as well as the other stakeholders necessary to operate the network. This governance mechanism must addressissues such as setting the appropriate inflation or burn rate, deciding when and what protocolchanges need to be made and can extend into issues such as directing projectfunds for platform enhancements and other R&D. Restoring lost or stolenfunds, or theft of keys used for identity may also be something tackled by the blockchain governance.
It is important for the governance mechanism to be both transparent and clearly communicated. A transparent and well-understood governance mechanism builds a strong community of supporters for the blockchain by demonstrating fairness. Governance mechanisms cannot truly be fair unless they are specific and described plainly to the community of stakeholders. On-chain voting mechanisms, such as those employed by decred, also help to reassure the community the method of governing changes to the blockchain are transparent and represent the true desire of the stakeholders. For example, with decred, updates to the platform that create a hard-fork scenario, are implemented and deployed but not activated. Once enough nodes are running the deployed changes, on-chain voting occurs by the stakeholders. If 75% of the votes in a voting interval are “Yes,” then the softwarefeature is automatically turned on at a specific futureblock.
With decred, those with more tokens can have more influence on the votes. But, not all voting schemes need to be constructed this way. For a blockchain-based identityplatform, stakeholders consist of token holders, blockchaintransaction verifiers (miners), as well as the users and organizations that use the platform to manage their digitalidentity. These identityusers may not possess many tokens, but they still must be represented fairly in any voting scheme. The governance for a blockchain-based identityservice must ensure that the platform continues to meet the current and future needs of the identity holders.
The core tenet of a self-sovereign digitalidentity is that the user remains in control of the existence and use of the digitalidentity. A decentralizedblockchainplatform solves the problem of building a centralized registry that coordinates the use of these identities in the digitalworld. For the blockchain to accomplish this, it must be permissionless, economically self-sustaining and the governance that shepherds its future must be transparent, fair and ultimately serve the identity holders.
We at lifeID are building this system: a truly decentralizedidentityservice atop these three pillars. We believe that such an identityservice will dramatically change the way peopleexchangeidentityinformation with the world around them. It will give power over personal data back to the people it actually belongs to, the individuals themselves.
If you believe as we do, that we all deserve to control our own digital identities and that no one should create, remove, view or alter them without our express consent, join our cause. We are always looking for talented blockchaindevelopers who share our vision to help build this technology. This invitation to join us is also open to other companies, even those that see us as competitors. Because the blockchainplatform will ultimately be controlled by the identity holders, all companies that work together to build an interoperable identityservice will benefit. We are moving quickly toward a future with more transparent, more universal and more just methods of proving identity.
Follow us on twitter: @lifeid_io