- Transparency is the new currency – people estimate transparency. Its about enabling people to reach their goals independent of the provider and about being informed in good and in bad times.
- Openness is the new norm – we are living in a network economy. Openness is the key to unleash the combined potential of all services in the network. Closed and monolithic systems are relicts of the past.
- Holistic services – users want to have an end to end service and an broad overview. There is just the choice of providing it or let somebody else do it.
- Simplicity – the different pricing schemes used by the various service providers are hard to understand for the consumer. But all this complexity can be hidden using smart technology – either by offering a flat rate scheme which enables general usage or by simply billing the actual consumption with the optimal price for the consumer.
- Empowerment – the people who are in contact with the users must be empowered to solve problems in creative ways. They see the problem and they can directly engage and solve them with their creativity. The SBB has allocated a budget at discretion for the ‘railway companions’ – this are the people in the train who make sure that the travelers have a smooth journey. This empowerment of employees at the point where the company engages with the clients is just cool.
- Team – the rail clean organization is now a part of SBB again and wears he SBB logo. In more an more automated railway stations they are often the only people. Now the wear an SBB logo again and can help support travelers in case of problems. This is a win-win situation as the job has become more interesting and as clients have a further human touchpoint with the brannd.
- Development – all roles are changing due to the evolution of the environment and the technology. It is of strategic importance to think about the roles and their evolution paths. SBB grows and moves together with its employees into the future of mobility.
- Data – SBB as a provider collects a lot of data about its users. Monika stressed that the data belongs to the client and not SBB. So the client decides when and how this information is used.
The National Institute of Standards and Technology (NIST) hast published a draft report on blockchain. This report is an excellent summary and overview of the technology, its key characteristics and use cases.
“Blockchains are immutable digital ledger systems implemented in a distributed fashion (i.e., without a central repository) and usually without a central authority. At their most basic level, they enable a community of users to record transactions in a ledger that is public to that community, such that no transaction can be changed once published.”
This has the following implications on organizations:
“However, on a blockchain, it is much more difficult to change data or update the ‘database’ software. Organizations need to understand the extreme difficulty in changing anything that is already on the blockchain, and that changes to the blockchain software may cause forking of the blockchain. Another critical aspect of blockchain technology is how the participants agree that a transaction is valid. This is called “reaching consensus”, and there are many models for doing so, each with positives and negatives for a specific business case.”<
Indeed – this highlights a few foundational aspects – blockchain realizes high data integrity and immutability based on a certain level of transparency required to reach a consensus on the validity of transactions. The report outlines the most important consensus algorithms – each with its drawbacks and advantages.
- “In the proof of work model, a user gets the right to publish the next block by solving a computationally intensive puzzle.”
- “The proof of stake model is based on the idea that the more stake a user has in the system, the more likely it will want the system to succeed, and the less likely it will want to subvert it.”
- “In some blockchain systems there does exist some level of trust between mining nodes. In this case, there is no need for a complicated consensus mechanisms to determine which participant adds the next block to the chain.”
The report also explores the most important types of blockchains :
- If anyone can read and write to a blockchain, it is permissionless.
- If only particular users can read and write to it, it is permissioned.
The permissioned blockchains are similar to an intranet only visible to the nodes on this network while a permissionless blockchain mimics the characteristics of the Internet.
“The use of blockchain technology is not a silver bullet, and there are issues that must be considered such as how to deal with malicious users, how controls are applied, and the limitations of any blockchain implementation. That said, blockchain technology is an important concept that will be a basis for many new solutions.”
The technology is indeed no silver bullet but is has huge potential for all applications which require a shared agreement and a high level of security.
“Blockchain technologies have the power to disrupt many industries. To avoid missed opportunities and undesirable surprises, organizations should start investigating whether or not a blockchain can help them.”
NIST asks for comments and feedback until February 23, 2018.
We think that Self Sovereign Digital Identity is one of the key elements in the shift towards a distributed decentralized financial system (see also FINthinker’s Predictions for 2018). Below are examples of organizations which engage on this topic each with a different approach:
- Synacts – an identity layer for the Internet, protocol, ETH spin-off
- Selfkey – blockchain, non-proft foundation, Asia focus (whitepaper)
- Val:ID – blockchain, smart contracts, wallet, non-profit foundation (whitepaper)
- uPort – Ethereum and smart contracts based (whitepaper)
There are more … comments with links welcome.
Before we explain what is self sovereign digital identity, let us first define identity, then elaborate on digital identity which inherently leads to the final form of digital identity management where each user controls their own digital identity.
- Identity is a uniquely human concept. It is that ineffable “I” of self-consciousness.
- We all have a Social identity – the qualities, beliefs, personality, looks and/or expressions that make us a person
But how do we proof our identity when interacting with others? Lets look at an example:
You interact with a person who claims to be John Smith and wants to do some transactions with you. John gives you his passport (or a in some countries his driver’s license) as a proof of his identity claim. You attest John’s claim by looking at the passport, determining whether that it is authentic and then comparing attributes captured in the passport with the person in front of you.
This process includes the following concepts:
- claim – a claim that an actor would like to consider true
- proof(s)- evidence that something is true, often based on a trusted certificate
- attestation – verification by an independent party that a claim is true
You may now create a record in your system with a customer identifier, a copy of the passport and additional attributes such as address, date of birth by further verification either through utility bills or other formalized evidences. This record is a digital identity and represents relevant aspects of the social identity and is now the basis for your business interactions with John.
This may all sound simple and rather straight forward, but
- Attestation is typically a manual process where unstructured data is captured and verified against the available proofs which must be collected and stored
- Only a subset of the captured information is constant. The captured attributes may get out of sync with reality
- The presented proofs may be faked, and the quality of the attestation depends on your skills to identify such issues
- Wherever John wants to have additional interactions, a similar process is required leading to the creation and attestation of another digital identity
- Whenever information changes, John must provide updates to all relevant parties
- John has no control what happens with his data and who is accessing it
Juridical persons and things can also have a digital identity – however in this post, we will continue to only focus on natural persons and look at ways such digital identities can be managed.
Digital Identity Management started with centrally managed approaches. The authority, of such approach, that manages the digital identity data becomes the guardian and qualifies the digital identities. As networks evolved, federated approaches were adopted where multiple authorities jointly manage digital identities. User-centric identity is expanding where a user has more control over his digital identity and decides whether to share an identity from one service to another. Such sharing capability is based on standards like OpenID (2005), OpenID 2.0 (2006), OpenID Connect (2014), OAuth (2010), and FIDO (2013). It’s important to note that all these approaches are centralised but the user has more influence as to how the information is shared.
The concept behind self-sovereign digital identity is to give the user full control over his/her digital identity. It is a distributed identity management approach where a person creates a unique identifier for their digital identity, places claims and asks others in the network to perform attestation. Claims and attestations can be secured using cryptography with the public and private keys of the involved parties.
- An actor can encrypt a claim with his private key
- The actor can use the public key of the attestation authority to keep attestation private
- The attestation authority can decrypt the message with its private and the users public key
- The attestation authority can verify the presented proof and sign if using its own private key
- The attestation is then sent securely back to the user
The user now has an attribute with a digitally secured attestation and with proof of a verified authority claim(s). Over time network of users builds up, where identities are maintained and trusted through attestation of proofs given by others in the network. Attestation authorities can be official authorities, organizations and other users. The quality of an identity in such a system depends on the quality of the involved authorities. Ideally this approach will introduce a single user-managed digital identity which can be used in the network when required and becomes the core of the genuine digital self (please see Be your digital self)
Christopher Allen has defined ten principles to ensure the user control that’s at the heart of self-sovereign identity
- Existence – users must have an independent existence
- Control – users must control their identities
- Access – Users must have access to their own data
- Transparency – Systems and algorithms must be transparent
- Persistence – Identities must be long-lived, ideally last forever
- Portability- Information and services about identity must be transportable
- Interoperability – Identities should be as widely usable as possible
- Consent – Users must agree to the use of their identity
- Minimalization- Disclosure of claims must be minimized
- Protection – the rights of users must be protected
It is important that the private keys need to be well protected as they grant full control of the digital identity.
So far, this post discusses the creation of a digital identity. In a future post we will look at how do we bridge between the real and the digital world. How can a system verify the user is who they claim to be?
As the world becomes hyperconnected (please see “No ‘OFF’ Switch“), digital identity and security will continuously gain importance. As there will be, in the foreseeable future, no worldwide authority to manage digital identities, the world will converge towards a self-sovereign identity system where users own their data and various actors perform attestation in a mutual way. The system, in its nature, follows paradigms of earlier times where trust was the result of a social network. The introduction of Digital changes the proximity requirements allowing applicability of such system on a global scale.