Posted on

In the Scramble to Fix Digital Identity, uPort Is a Project to Watch

Talk to any three blockchain entrepreneurs, and at least one of them will pitch a way for internet users to own their own data.

Recent privacy debacles at Yahoo, Equifax and Facebook have driven home the realization that anyone with a smartphone is walking, talking, searching, eating, posting, browsing fodder for advertisers, machine learning algorithms and thieves. And users neither control this data nor receive any compensation for giving it up.

Yet, blockchain fever – entering the mainstream at the same time as this data sobriety – appears to provide an antidote, and a rash of decentralized applications has appeared to help users monetize their data.

Using cryptographic technology such as public-private key pairs, such projects aim to let users of digital services control the data they produce, many times offering a marketplace where users can do things like selling their Yelp bookmarks to an advertiser for a few bucks’ worth of cryptocurrency.

But the team at uPort, an ethereum-based identity protocol, is going after a bigger prize.

Rather than ask, “How can I get paid for my data?” uPort aims to answer, “Who am I in the digital age?”

For Reuven Heck, co-founder and project lead at uPort, this isn’t the kind of problem that can be answered with just another app. Because the internet wasn’t built with an identity layer embedded, Heck said, tweaking the top of the internet – the application layer – just isn’t cutting it.

Rather, the internet needs to be rebuilt at a deeper level, and according to Heck, uPort aims to do just that:

“We believe we now have technology that allows us to build this as a horizontal layer across the internet … without being owned and controlled from an individual company.”

That ambition has led uPort – among the oldest projects under the umbrella of ethereum startup and incubator ConsenSys – to be regarded as one of the most exciting blockchain-based approaches to rationalizing users’ scattered, insecure digital identities.

The internet of identity

It’s notable that uPort has managed to attract a significant amount of interest despite not being focused on the end users.

According to Danny Zuckerman, uPort’s head of strategy and operations, the project emerged from persistent calls across the ethereum developer community for an identity system – preferably a decentralized one, given ethereum’s fundamental mission.

With that background, uPort decided the best approach was to give developers with a way to delegate the task of storing user-specific data on the blockchain by, Heck said, “integrating a few lines of code into your application.”

And yet, it’s not necessarily safe to assume that uPort will only be buried in decentralized applications’ innards, hidden from end users.

“There will be a lot of different ways that users interact,” said Zuckerman, because “it’s really this identity layer for the internet, and there’s not one way you interact with the internet.”

To explain what was meant by an identity layer for the internet, Zuckerman began with the “top-down mechanism” of the analog world, in which the government defines an individual’s identity in a limited number of ways: a passport number, a national identification number, a Social Security number, a driver’s license number. The specifics depend on the jurisdiction, but most people have one or two primary, officially sanctioned identifiers.

The web, by contrast, is a free-for-all.

“With the internet there started to be all kinds of other identity systems, typical username and password – basically anything where you identify who you are and create an account – and so there was this proliferation of many, many identities,” Zuckerman said. “And that started having user data captured in lots of different places, not under their control.”

And for many blockchain enthusiasts, that just doesn’t make sense. On the one hand, these multiple identities are challenging for everyone to juggle (without being subject to security slip-ups). On the other hand, allowing a single, centralized party take over digital identity is not ideal either.

Rather, uPort’s idea is to put users in charge of holding and, if they choose, sharing the data associated with their identity, using the same cryptographic protocols that allow them to control cryptocurrency without the need for a third party. And this goal is frequently called “self-sovereign identity.”

A crowded space

UPort is far from the only project working towards the goal of self-sovereign identity using blockchain technology.

The Sovrin Foundation is one of the most prominent examples of uPort’s competition.

The foundation is behind Project Indy, a set of identity tools launched last year by the Hyperledger consortium. In contrast to public, permissionless uPort, Indy is a hybrid: anyone can view the ledger, but writing to it requires permission. Also in contrast to uPort, Project Indy is planning an ICO.

Civic, which plans to fully roll out its identity platform later this year on RSK, a layer-two bitcoin smart contracts platform, recently raised $30 million in an ICO.

Microsoft and Accenture have unveiled an identity prototype that uses a private, permissioned version of ethereum.

Meanwhile, developers on the public ethereum network are working on a standard for tokenized identity. Called ERC-725, the standard is being spearheaded by Fabian Vogelsteller, the creator of the ERC-20 standard that powered a boom in the crowdsale of crypto tokens.

Finally, the team at Digital Bazaar – which has been working with the World Wide Web Consortium, a standards body – has launched an experimental “testnet” version of a blockchain-based identity solution called Veres One. Like uPort, it is public, permissionless and lacks a token of its own. Unlike ethereum-based uPort, however, it is a freestanding blockchain.

The risk of having all of these divergent, competing standards for blockchain-based identity is that they will recreate the current system: fragmented and siloed.

But most of these projects’ teams, including uPort’s, are aware of the risk and working with different standards bodies to try and build an interoperable system. UPort, for instance, joined the Decentralized Identity Foundation – which includes big names like Microsoft and Accenture, among others –  in order to develop a standard for everyone.

Heck underscored the importance of interoperability by citing the examples of WeChat, WhatsApp and Facebook Messenger. As impressive as these messaging apps’ userbases are, he said, “nothing really has replaced email.”

The reason, he continued, is that:

“Email’s the only universal thing which works across the world. You can send emails from anywhere to anyone. Everybody has something that’s compatible.”

Trying to go it alone is just bad business, he added, saying, “No solution which thinks they are winning now because they were earlier will win if they’re not on a joint standard.”

Momentum and roadblocks

And while all these solutions have made significant progress over the past year, uPort has a whole group of potential partners and clients in the various other “spokes” of ConsenSys. One of these spokes, Viant, is currently integrating uPort, while others – including OpenLaw, Meridio and Civil – are planning to do so.

Tyler Mulvihill, the co-founder of Viant, which plans to go live with its ethereum-based supply chain platform this year, told CoinDesk that using uPort as its identity solution was “a really easy decision,” not only because of the ConsenSys connection, but because “they’re leading the space in self-sovereign identity.”

Gnosis, a prediction market that was spun out of ConsenSys, used uPort to verify that each user was only submitting one entry to its Olympia tournament.

Outside of ConsenSys, Melonport, a decentralized asset manager based in Zug, Switzerland, is using uPort to perform know-your-customer and anti-money laundering (KYC/AML) checks.

But uPort’s most notable partnership is with the government of Zug itself, which is conducting a pilot program to register citizens’ IDs on ethereum. The first registry was completed in November, and the total is now over 200. The city government then announced a voting pilot using uPort last week.

Another pilot, in which uPort and Microsoft partnered with Brazil’s Ministry of Planning to verify notarized documents, began in June 2017. According to Heck, more such partnerships could follow.

“We are talking to other cities and governments at the moment – none of them we can talk about at this point,” he told CoinDesk.

In many respects, though, uPort has a long way to go.

The same questions that nag the ethereum ecosystem as a whole can make the way forward uncertain for uPort. How to scale the network to enable faster and cheaper transactions is a major hurdle.

Also important – arguably more so, given uPort’s focus on identity – is the question of how to protect users’ privacy when using a blockchain like ethereum, which is visible to anyone.

“Transparency in blockchain is obviously a feature,” said Zukerman, “but when it comes to personal data and identity data it’s a liability.”

Finally, there’s the question of what happens to a user who loses their private key, and with it, presumably, control over their digital lives. UPort has explored different solutions to this problem, starting with designating friends who can collectively vouch for a person and transfer the lost ID’s data over to a new public key. That was an ethereum-specific solution, though; the team is now working on a blockchain-agnostic one.

But still, even with these roadblocks, uPort has had no problem with its main goal, convincing developers to use its platform in their applications. Heck concluded:

“People come to us.”

Mirrors image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

There's a Facebook Alternative, It's Called Self-Sovereign Identity

Kaliya “Identity Woman” Young is a co-founder of the Internet Identity Workshop and of HumanFirst.Tech and an independent expert on blockchain and identity systems who consults with governments, companies and startups.  

This article was inspired by conversations with Tony Fish and Lubna Dajani.


Following the Cambridge Analytics election scandal, the meme #DeleteFacebook is widely circulating, leading to the next question, “what is the alternative?”

The answer isn’t a “new, better” platform – it’s an open standards-based infrastructure that centers on people and enables a whole new ecosystem to flourish.

Self-sovereign identity puts people in charge their own digital identities. It means that individuals have choice and sovereignty over their digital selves to the same degree we have control over our physical selves. This aligns with the fact that we all have inherent dignity that does not come from being born in a certain place or with certain attributes other than being human.

With self-sovereign identity, individuals don’t rely on another party, such as Facebook, to issue them an identifier for their use. They create the identifiers and own and control them along with what information is shared with whom under what conditions.

Under the status quo, where we don’t own and control our own identifiers, we are subject to the the terms of another party, whether this is a corporation (Google, Facebook, LinkedIn, Twitter etc) or a government.  These actors have a role to play in the identity ecosystem, but the new self-sovereign identity tools will shift the power balance.

The large organizations will be in service to, and in a relationship with, the individual rather than the individual being subject to them.

Figuring out how individuals can collect, store, manage and present their own identity information and personal data via their own devices, and with services they control, is a challenge I have been working on my entire professional career.  Below I explain the key technical breakthroughs that, when combined, make self-sovereign identity possible today in a way that was not possible five years ago.

Hierarchy namespace

Up until now, the only way to anchor identifiers for yourself on the internet was to do so within a hierarchical name space.

For example, in a private name space, you are under a company’s terms of service. It can terminate your digital identity at any time for any reason and you have virtually no legal recourse.  

Such is the case for Google email addresses, Twitter handles, Facebook accounts, LinkedIn profiles, Instagram accounts, and pretty much any site where you create a username and password that then lives under the other party’s name space and control.

Then there are globally hierarchical namespaces. There are many of these; two common ones are IP addresses managed by the Internet Assigned Numbers Authority (IANA) and the domain name system managed by the Internet Corporation for Assigned Names and Numbers (ICANN). These work together to give you the website addressing system.

You can buy a domain name from a company like GoDaddy and pay $10 to $15 a year to have a name in that namespace you “own” within the global DNS name system. In the global phone number system, you can get a number from your phone company.

In both cases, you rent your identifier. Don’t pay your bill for 30 days, or fail to renew your domain name next year, and the number will be given to, or the domain name can be bought by, someone else.

An alternative is to build a global name space just for people. This seemed like a reasonable path more than a decade ago but it never took off.

A company originally called OneName tried to do this. It changed its name Cordance and tried to launch iNames in partnership with Neustar in 2006. The company rebranded their product again as CloudNames in 2013. (For CoinDesk readers experiencing deja vu: the OneName handle had a second life as the original name for Blockstack.)

Today, however, have the possibility of real self-sovereign identity rooted in identifiers not under the control of another entity but truly controlled by the individual.

Decentralized identifiers

The first challenge is to make such identifiers globally unique, globally resolvable and recognizable.

The Decentralized Identifiers specification, developed under the auspices of the World Wide Web Consortium (W3C), is the basis of the solution. It outlines the format for the identifiers along with that of DID descriptor objects (DDOs), the documents containing all the metadata needed to prove control and ownership of an identifier.

This gets a bit nerdy, so bear with me. The DDO includes:

  1. DID (self-describing)
  2. List of public keys (for the owner)
  3. List of controlling DIDs (for key recovery)
  4. List of service endpoints (for interaction). This is the heart of how one builds new tools and services around the individual and puts personally identifiable information (PII) under their control.  
  5. Timestamps (for audit history)
  6. Digital signature with the private key (this ensures integrity)

There are several varieties of DID and different methods but they all follow this same basic outline.

Shared ledgers

So we now that have a way to create globally unique identifiers, where are they stored? And how do people access them?  

Shared ledgers (better known as distributed ledgers or blockchains) are the innovation that has made this possible.

These are networks of computers that keep in sync with each other, maintaining one global ledger or database that is mirrored and replicated across thousands of machines. Entries in the database are periodically (every one to ten minutes, depending on the particulars) cryptographically “sealed” so that they are practically impossible to change.  

So when you create a DID and store it in a shared ledger, it can’t, for all intents and purposes, be erased. It can only be updated by you or your agents.

Now we have a globally resolvable yet distributed namespace. Next we need to add security in the form of cryptographic keys.

Public and private keys

How do you prove that you own a particular DID? Good old public key infrastructure (PKI).

For the uninitiated: Public and private keys are mathematically related but different numbers. Public keys can be revealed to the world, while private keys should be kept secret so only the keyholder can see and use it.

Say I want to send you a message so only you can open it. I take your public key (which has a special mathematical relationship to your private key), my public key and my private key and I use those three numbers to scramble the message. Then I send the scrambled blob over to you.

You then take my public key, your public key and your private key and use all three of those numbers to unscramble the message. This is the basis of creating secure communication channels for everything.

The shared ledger infrastructure for DIDs and DDOs allows for finding public keys which need to be findable.

So now we’ve figured out how to have globally unique, user-owned digital identifiers at scale with the ability to control and secure them. But can we have unique identifiers for each of our relationships with different entities?

Directed identifiers

In today’s broken identity system, the use of the same number across many locations links all of your activities together.

These globally unique “use it everywhere identifiers” issued by governments – e.g. Social Security numbers in the U.S. or Aadhaar numbers in India – have created massive vulnerabilities and privacy issues.

Just knowing information about a person allows you to take action “as” that person. Gathering sufficient information to do this is almost trivial. Names and dates of birth are publicly available, while Social Security numbers are widely shared, both legitimately and on the black market, where hackers auction the spoils of data breaches.  

But now, using the DID infrastructure, individuals and institutions can create globally unique and single-use identifiers that, through PKI, allow for secure communication channels between the individual and the institution.

So if, say, your bank’s database is compromised and your private key there is exposed, then only that one account is affected. The private key is useless anywhere else – unlike a Social Security number today. The institution can also establish new public and private keys and a new secure connection with you.  

This technology does not stop data breaches but it does reduce the impact because each relationship has its own unique identifiers rather than one identifier used across multiple contexts.

Now we’ve got the underlying infrastructure which the user does not touch. Next, we need services.

Mobile apps and cloud services

In our new system, each individual has hundreds if not thousands of unique identifiers for many different relationships with people, applications and service providers. Sounds like a nightmare to keep track of, but fortunately software can work on the end-user’s behalf to manage all these keys.

There will be companies that provide the applications and cloud services for this. However, the power will be in the hands of the individual to change between various service providers.

Additionally, people can still delegate data management to trusted agents – it could be a teenager’s parents, an elderly person’s adult children, or someone’s attorney or accountant.

The ultimate control is with the individual (or the individual’s agent), who always has the ability to change providers of this service just like we always have the ability to withdraw our money from one bank and use a different bank to store our savings.

In this setup, we give people the power to manage lots of relationships in a very secure manner.

Verifiable claims

So with all these distributed and decentralized identifiers, how do we know about key information that is relevant to particular transactions and comes from other parties?  

Entities that have authoritative knowledge of a claim about you can issue a verifiable claim and record they have done so in a distributed ledger. One example of a verifiable claim is date of birth – that is a fact that your parents register with the government, perhaps before you even come home from the hospital. The county or state where you are born has a register of all births and issues birth certificates based on the claims in that registry or ledger.  

It is possible for the state to zap a digital claim (the equivalent of the information on a birth certificate) to someone’s mobile app. That person can then go on to use the claim in other contexts with entities that ask for a date of birth.  

Other verified claims could include a license to drive, an educational credential like a degree or something super-specific like passing one particular class, or proof you are an employee at a particular company. The standards for how to do this are moving through the W3C in the Verifiable Claims Working Group and the Credentials Community Group.

Now you can have both distributed decentralized identifiers and provability of key assertions, claims or attributes.

The ‘phone home’ problem

In the past, any solution to the verifiable claim problem involved the verifier checking in with the issuer about whether it actually issued said claim. This is known as the “phone home” problem.

To put this in concrete terms: you want to get a drink at a bar. In today’s world, the bartender looks at your driver’s license and generally believes the date of birth (unless it’s an obvious fake). But if it were a digital license, how can he “believe” it? He’d have to “phone home” to the state to check if the digital assertion that you are over 21 is true.

This is not something you want to have happen –  because then the state would know all the places you used your digital verified claim. In other words, Big Brother knows where you are drinking and when.

But suppose instead that proof of claim issuance by the issuer is stored in a distributed public ledger that is discoverable by the verifier. Thus the verifier can establish the veracity of the claim and that it came from the issuer, without actually interacting with said issuer.

Just when you think that must be it, there is more.  We now need to prove a claim without revealing a secret.

Zero-knowledge proofs

How do you prove a claim is true and not share all the information in it?

Returning to the bar example, how do you prove you are over the age of 21 and therefore allowed to buy alcohol but not give away your complete birthdate (or, for that matter, your name and address, which are also displayed on a physical photo ID)?

Fancy math makes cryptographic proofs really quite easy. When a zero-knowledge proof (ZKP) claim is issued to the individual claimant, he or she can re-present the claim to the verifier, who can believe it because of how it was cryptographically encoded.

You can use verified claims to share some, but not all, aspects of a claim from an issuer. This preserves privacy for the individual because not all information is shared with the verifier, who can still trust the claim’s veracity.

Not all proofs last forever, though. There are special cases and we need the power to revoke claims.

Claim revocation

Zero knowledge proofs have  been around for awhile and they work really well for the type of claim that can’t be revoked like one’s birth date (the state doesn’t come back and say “you were not born”).  

However, they don’t work well for claims that do have revocation involved. For example, you are currently an employee of a particular company, but you might not be this time next year.

This in the past has been impossible to tell from a ZKP – if one was issued there was no way to tell if it had been revoked without Phoning Home, which for whole classes of claims made it kind of useless. Because knowing if something is true now, not if it was true in the past, is a key part of the claim.

The CL Proof is an even fancier bit of math that complements the ZKP. CL gives issuers the power to revoke claims and for verifiers to see those revocations even if they are ZKPs. So now you can use ZKPs for a wider range of claims.

Summary

When brought together, all of these breakthroughs mean that a self-sovereign identity system is possible now.  

It is worth noting this term is relatively new; when I began on this path 15 years ago we used to call the goal we were working toward “user-centric identity.”  

This new, open-standards infrastructure lays a real foundation for a new layer of the internet that will replace Facebook. A new layer where people own and control their own identities and connect to any number of tools and services under their own terms. All of the folks thinking about backing or funding alternatives to Facebook need to build on the self-sovereign identity infrastructure.

It is gratifying to see the community of individuals who have been steadfastly gathering twice a year for over 13 years at the Internet Identity Workshop succeed in making this vision a reality.

Uninstall Facebook image via Shutterstock.

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

Don't Use a Blockchain Unless You Really Need One

Marc Hochstein is the managing editor of CoinDesk and a former editor-in-chief of American Banker. 

The following article originally appeared in CoinDesk Weekly, a custom-curated newsletter delivered every Sunday exclusively to our subscribers.


Last month I had the plum assignment of interviewing Naval Ravikant for CoinDesk’s Most Influential in Blockchain 2017 series. During our conversation, the AngelList co-founder shared an insight that I just couldn’t fit into the profile, but it was pretty mind-blowing, so I’m going to lay it on you here.

Stepping back, for the last few years I’ve watched the cryptocurrency community’s efforts to disrupt finance and, in parallel, the self-sovereign identity movement’s attempt to decentralize control of personal data.

By studying the former, I’ve learned the importance of censorship-resistance – the inability of a third party to veto a transaction between peers. From the latter I’ve become familiar with the concept of data portability: the notion that consumers should be able to easily and securely transfer their records from one service to another – be it a bank, a doctor’s office or a social media platform – the way they can port their mobile number when they get a new phone.

What Ravikant helped me to grok is that these two ideas are tightly related – and so the fact that both digital currency and digital identity projects are employing distributed ledgers is more than coincidence or fashion.

Because you don’t use a blockchain unless you really need it.

Despite some of the hype, blockchains are “incredibly inefficient,” Ravikant said. “It’s worth paying the cost when you need the decentralization, but it’s not when you don’t.”

Walled gardens

Most CoinDesk readers are probably familiar with the usefulness of decentralization in a monetary context (and if you’re not, take a look at recent articles about cryptocurrency adoption in Iran, Venezuela, Russia and, ahem, the alt-right). The neutrality, censorship-resistance and openness of a permissionless network mean it will attract the odious along with the oppressed, and the software doesn’t decide which is which.

But why is decentralization worthwhile in the data use case?

“Today, every piece of content and media you have is living somewhere owned by somebody,” Ravikant explained. “Your data is inside Facebook, your photos are inside a Google silo or an Apple silo.”

Then the conversation took a turn that I have to admit made me roll my eyes at first.

“If someone creates a new Pokemon card game or a Magic the Gathering card game” online, he continued (cue my eye-roll), the characters are “living and owned by a certain company in a certain format. You can’t just go and reuse those assets.”

This is why CryptoKitties, the app running atop ethereum that allows users to buy, collect, sell and “breed” unique digital pets, is more than just a goof. Although it’s not a fully decentralized app, Ravikant said, it offers a glimmer of hope for such an innovation.

“Those assets are on the blockchain and you own that kitty and anyone can show up and remix that asset,” Ravikant said. “They could put your CryptoKitty into a different kind of game,” say a fighting game.

Yeah, I still thought, so what? But then Ravikant zoomed out the lens and talked about the broad implications of this seemingly trivial example.

“Assets that normally would have been in a silo are, in a sense, censorship-resistant to developers,” Ravikant said. “New developers come along and as long as you, the user, agree to share your content, they can reuse your content to give you new applications.”

Hence the potential of a distributed database. “Imagine if every mobile app shared the same database underneath, or had access to the same data, what they could do,” Ravikant said.

And then he tied it all together.

“All your data today is censored in terms of what boundaries it can cross and what applications it can live in,” he said. “These silos are a form of censorship.”

Whoa.

Better off centralized?

To be sure, Ravikant has skin in the game here (or, if you prefer to think of it this way, he’s talking his book) – he was an early investor in Blockstack, a startup trying to build a new decentralized internet where users control their data. Blockstack also used CoinList, the platform Ravikant founded and spun out from AngelList, to conduct its token sale last year.

And unlike digital cash, identity is not yet a clear-cut, proven use case for blockchains. You can read some skeptical takes on the matter from some of the smartest members of the identerati herehere and here.

Some even question the need for decentralization in this context.

“Large services that control large portions of a market gain power over individuals, but large businesses tend to stay in business longer and have more resources in case users have problems,” noted a report last year from the blockchain and smart contracts discussion group of the Kantara Initiative, an identity trade group.

“Further, there is a long tradition of innovation in client-side applications and centralized services meant to be employed by individuals for the purpose of their own empowerment,” the report continued, citing PGP encryption and ad blockers as examples.

Then again, how many people do you know outside of tech circles who use PGP, or even know what it is? Heck, how many techies you know use it?

Perhaps this is revealed preference, and most people just don’t care about autonomy – but wouldn’t they, if they took a second to think it through?

Clearly, the cause of empowering individuals in a digital world has a long way to go, and now is hardly the time for complacency. Which is why Ravikant’s vision is so captivating.

“We’re going to see a giant remixing of the internet as all the data becomes unshackled from the silo that it’s in,” he told me. In the future, he concluded, “any data you own … will be under your control and you’ll be able to pass it into any app.”

I sure hope so.

Disclosure: CoinDesk is a subsidiary of Digital Currency Group, which has an ownership stake in Blockstack.

Right choice image via Shutterstock

The leader in blockchain news, CoinDesk strives to offer an open platform for dialogue and discussion on all things blockchain by encouraging contributed articles. As such, the opinions expressed in this article are the author’s own and do not necessarily reflect the view of CoinDesk.

For more details on how you can submit an opinion or analysis article, view our Editorial Collaboration Guide or email news@coindesk.com.