[DG-BSC] blockchain for identity

Thomas Hardjono hardjono at mit.edu
Tue Jan 31 12:00:16 CST 2017


Hi Jeff,

You are not missing anything here :-)

I think there are a lot of confusion about the meaning of (a) "identity" (as in unique human person) versus  (b) "identifier" (as in email-address, public-key, SSN, etc).

>>> The notion of a user-controlled, distributed identity 
>>> mechanism strikes me as the holy grail in identity. 

Identity allocation is a social process based on a "social contract". A baby born in a village has his/her name allocated by his/her parents, and the parents declare it to the rest of the village.  The rest of the village (as relying parties) accepts the baby's name henceforth.

The relying party (counterparty) in a 2-party transaction must asses both (b) and (a).  The pivot in the decision will be (a) and the source/provenance of the data/metadata supporting (a).

So an individual may control the online-usage of his/her digital-identifier (as in (b)) but that individual has no control over the authoritative mapping between (b) and (a) above. 

>>> If I have a bad credit rating using one self-managed identity, 
>>> why don't I just create a new identity and seek credit for it?  
>>> As a newbie, I might not have a high rating, but it would likely
>>> be better than a bad rating.

This won't work because although you can self-manage your digital identifier (a), you have no control over the mapping between a new identifier and your person identity (a).

Organizations such as Banks and Governments have tremendous leeway in the authoritative mapping between (b) and (a) above. This is because they are a source of business-trust and legal-trust.

/thomas/


________________________________________
From: dg-bsc-bounces at kantarainitiative.org [dg-bsc-bounces at kantarainitiative.org] on behalf of j stollman [stollman.j at gmail.com]
Sent: Tuesday, January 31, 2017 12:36 PM
To: dg-bsc at kantarainitiative.org
Subject: [DG-BSC] blockchain for identity

I am seeking some insight from this group on the viability of blockchain for identity.

The notion of a user-controlled, distributed identity mechanism strikes me as the holy grail in identity.  But, like the holy grail, I am finding it difficult to believe that it is real.

In particular, I don't see what the blockchain can add to identity.

Yes, I recognize that blockchain does offer distributed consensus.  And I while I am not persuaded that proof-of-work and/or proof-of-stake are as bulletproof as most people accept, I am not focused on these concerns.

My concerns stem from what value add the blockchain provides to the inscrutable problem of identity.  We can use blockchain to confirm that a particular transaction too place at a particular point in time.  For example, we can use it to confirm that Alice paid Bob the $1000 he owed her within the terms of their agreement.  This verification may be valuable in a subsequent credit transaction.  And we can use blockchain to confirm that someone claiming to be Alice passed a background check by Bob at a fixed point in time where the background check attests to aspects of her health, home address, financial stability, national loyalty, trustworthiness with confidential data, or some combination of these.  But even this information is only useful to someone who believes that Bob is trustworthy and thorough in his checking.  And since Bob can never be absolutely certain that the Alice who sat in front of his desk is the Alice she claims to be, Bob's assessment -- no matter how trustworthy and thorough he is -- is always subject to some doubt.  And how are we certain that it was really Bob who is asserting the claim on behalf of Alice and not an impostor Bob?  Do we believe that merely possessing his private key is sufficient proof to an organized attempt to create a false Alice?  I don't see anything about the blockchain that addresses these concerns which are - and always have been - at the root of identity and trust.

So many people seem excited because blockchain offers a distributed governance model that uses economic incentives to encourage good behavior of vetting parties (e.g., miners).  But tracking a single crypto-currency is a much more simple task that vetting identifies and the vast array of attributes of interest to relying parties - depending on their business.  And unlike measuring crypto currency transactions which either do or do not take place, identify attributes are not 0/1 transactions.  They are a collection of probabilities.  And using blockchain does not change this.

If I have a bad credit rating using one self-managed identity, why don't I just create a new identity and seek credit for it?  As a newbie, I might not have a high rating, but it would likely be better than a bad rating.

What am I missing here?

Thank you.

Jeff




---------------------------------
Jeff Stollman
stollman.j at gmail.com<mailto:stollman.j at gmail.com>
+1 202.683.8699
<mailto:stollman.j at gmail.com>

Truth never triumphs — its opponents just die out.
Science advances one funeral at a time.
                                    Max Planck


More information about the DG-BSC mailing list