Hi Thomas,
I did not suggest any role for hashes of Alice's attributes on the blockchain and I pointed out that Alice's claims and credentials are not directly linked to identifiers on the distributed public ledger.
The hashes on the blockchain represent timestamps of transactions between Alice and Bob. These do not contribute to reputation because the identifiers and signatures of Alice and Bob are not accessible from the blockchain. One needs the actual contract or transaction as stored by both Alice and Bob (in their respective PDSs) along with the corresponding "proof" provided by the Chainpoint timestamp service (also stored in the respective PDSs) in order to verify the transaction.
Which leaves the reputation question you raise. With distributed identity (DID), Alice's identifier on a blockchain can be openly linked in a transaction with Bob's just like it would be in a PGP Web of Trust key signing party. This linkage in Rebooting the Web of Trust is not associated with any particular attribute of Alice any more than it was in the PGP Web of Trust but it serves as a key to reputation. The linkage can be easily revoked by Bob at any time by registering a corresponding transaction to the ledger ("spending" the coin that represented the original linkage.
Alice can certainly create as many DIDs as she wants (a good thing for privacy) but only some of them will have links to other DIDs over the years to matter. Some of these linked DIDs might be to official biometric agencies that try to track duplicate DIDs for the same genomic or iris-identified person. These registrars might have strong protections in place before they unlock a correlation between a DID and a person.
Adrian
Hi Adrian,
>>> It is a reputation mechanism of the first order.
This is the one I don't quite get.
Consider the following:
(a) If Alice keep all her data (claims, attributes, etc. etc) in her private storage, and
(b) Alice only places the hashes of these data-items on a blockchain,
then how can Bob learn about the reputation of Alice?
All that Bob can see is these transactions (on past blocks) containing random-looking hash values.
/thomas/
________________________________________
From: dg-bsc-bounces@kantarainitiative.org [dg-bsc-bounces@kantarainitiative.org] on behalf of Adrian Gropper [agropper@healthurl.com]
Sent: Tuesday, January 31, 2017 5:13 PM
To: Eve Maler; j stollman
Cc: dg-bsc@kantarainitiative.org
Subject: Re: [DG-BSC] blockchain for identity
http://coinjournal.net/microsoft-tierion-collaborate-new-blockchain-based-attestation-data-platform/
How can you consider a new animal like blockchain timestamps "just a system for verifying uniqueness of digital objects"? In the example above, note how blockchain timestamps encourage the participants in a transaction to maintain their own personal data store. This amplifies the incentive for individuals to own technology and redecentralize the internet. (My personal data store today and my personal authorization server tomorrow.)
A distributed public ledger is much more than a uniqueness verification mechanism. It is a reputation mechanism of the first order. Distributed identity is an emergent property as reputations are linked through blockchain transactions.
The linkage of attributes to distributed identity is not directly a blockchain benefit but the efficiency of managing attributes is improved by distributed identity as multiple verifiers can easily reference the same distributed public ledger for free. Blockchains, for example, can serve as a universal revocation mechanism.
Widespread adoption of blockchain math will clearly reduce the need for federations and will empower the individual that is willing to invest in technology that they own. The only question is how much and how fast.
Adrian
On Tue, Jan 31, 2017 at 4:36 PM Eve Maler <eve.maler@forgerock.com<mailto:eve.maler@forgerock.com>> wrote:
Thanks for the thoughts, Jeff (and thanks for the response, Thomas). By the way, if you read our draft report thus far, I believe you won't see any evidence of unvarnished excitement in it.
I had a conversation with a old friend last week while in SF for Data Privacy Day. He was beyond frustrated over the overblown claims made for blockchain technology, even though he's a fan. In his formulation, which I thought was excellent, all it is is a system for verifying uniqueness of digital objects.
Thus the affinity for "cash-simulating" use cases (no double-spending), provenance-tracking use cases (if binding to physical objects is secure), etc. Pretty much all the parts that identity professionals think of as "identity and access management" (credential issuance, authentication, authorization, etc.) and "federated identity" (the ability to have one entity do an authentication or attribute issuance job and have an entity in a different domain trust the result) pretty much still need to be done in an analogous way.
A question we've discussed in this group many a time is whether decentralization vs. (centralized servers in an architecture) materially empowers individuals by its very existence. (You see this argument made all over<https://blog.openbazaar.org/what-is-openbazaar/>.) When I gave my example on one telecon of using an ATM in Barcelona with no network markings and trusting to the magnetic-stripe gods to get cash with CC liability protections, I think I showed that this isn't necessarily so...
Eve Maler
ForgeRock Office of the CTO | VP Innovation & Emerging Technology
Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
On Tue, Jan 31, 2017 at 10:00 AM, Thomas Hardjono <hardjono@mit.edu<mailto:hardjono@mit.edu>> wrote:
Hi Jeff,
You are not missing anything here :-)
I think there are a lot of confusion about the meaning of (a) "identity" (as in unique human person) versus (b) "identifier" (as in email-address, public-key, SSN, etc).
>>> The notion of a user-controlled, distributed identity
>>> mechanism strikes me as the holy grail in identity.
Identity allocation is a social process based on a "social contract". A baby born in a village has his/her name allocated by his/her parents, and the parents declare it to the rest of the village. The rest of the village (as relying parties) accepts the baby's name henceforth.
The relying party (counterparty) in a 2-party transaction must asses both (b) and (a). The pivot in the decision will be (a) and the source/provenance of the data/metadata supporting (a).
So an individual may control the online-usage of his/her digital-identifier (as in (b)) but that individual has no control over the authoritative mapping between (b) and (a) above.
>>> If I have a bad credit rating using one self-managed identity,
>>> why don't I just create a new identity and seek credit for it?
>>> As a newbie, I might not have a high rating, but it would likely
>>> be better than a bad rating.
This won't work because although you can self-manage your digital identifier (a), you have no control over the mapping between a new identifier and your person identity (a).
Organizations such as Banks and Governments have tremendous leeway in the authoritative mapping between (b) and (a) above. This is because they are a source of business-trust and legal-trust.
/thomas/
________________________________________
From: dg-bsc-bounces@kantarainitiative.org<mailto:dg-bsc-bounces@kantarainitiative.org> [dg-bsc-bounces@kantarainitiative.org<mailto:dg-bsc-bounces@kantarainitiative.org>] on behalf of j stollman [stollman.j@gmail.com<mailto:stollman.j@gmail.com>]
Sent: Tuesday, January 31, 2017 12:36 PM
To: dg-bsc@kantarainitiative.org<mailto:dg-bsc@kantarainitiative.org>
Subject: [DG-BSC] blockchain for identity
I am seeking some insight from this group on the viability of blockchain for identity.
The notion of a user-controlled, distributed identity mechanism strikes me as the holy grail in identity. But, like the holy grail, I am finding it difficult to believe that it is real.
In particular, I don't see what the blockchain can add to identity.
Yes, I recognize that blockchain does offer distributed consensus. And I while I am not persuaded that proof-of-work and/or proof-of-stake are as bulletproof as most people accept, I am not focused on these concerns.
My concerns stem from what value add the blockchain provides to the inscrutable problem of identity. We can use blockchain to confirm that a particular transaction too place at a particular point in time. For example, we can use it to confirm that Alice paid Bob the $1000 he owed her within the terms of their agreement. This verification may be valuable in a subsequent credit transaction. And we can use blockchain to confirm that someone claiming to be Alice passed a background check by Bob at a fixed point in time where the background check attests to aspects of her health, home address, financial stability, national loyalty, trustworthiness with confidential data, or some combination of these. But even this information is only useful to someone who believes that Bob is trustworthy and thorough in his checking. And since Bob can never be absolutely certain that the Alice who sat in front of his desk is the Alice she claims to be, Bob's assessment -- no matter how trustworthy and thorough he is -- is always subject to some doubt. And how are we certain that it was really Bob who is asserting the claim on behalf of Alice and not an impostor Bob? Do we believe that merely possessing his private key is sufficient proof to an organized attempt to create a false Alice? I don't see anything about the blockchain that addresses these concerns which are - and always have been - at the root of identity and trust.
So many people seem excited because blockchain offers a distributed governance model that uses economic incentives to encourage good behavior of vetting parties (e.g., miners). But tracking a single crypto-currency is a much more simple task that vetting identifies and the vast array of attributes of interest to relying parties - depending on their business. And unlike measuring crypto currency transactions which either do or do not take place, identify attributes are not 0/1 transactions. They are a collection of probabilities. And using blockchain does not change this.
If I have a bad credit rating using one self-managed identity, why don't I just create a new identity and seek credit for it? As a newbie, I might not have a high rating, but it would likely be better than a bad rating.
What am I missing here?
Thank you.
Jeff
---------------------------------
Jeff Stollman
stollman.j@gmail.com<mailto:stollman.j@gmail.com><mailto:stollman.j@gmail.com<mailto:stollman.j@gmail.com>>
+1 202.683.8699<tel:%2B1%20202.683.8699>
<mailto:stollman.j@gmail.com<mailto:stollman.j@gmail.com>>
Truth never triumphs — its opponents just die out.
Science advances one funeral at a time.
Max Planck
_______________________________________________
DG-BSC mailing list
DG-BSC@kantarainitiative.org<mailto:DG-BSC@kantarainitiative.org>
http://kantarainitiative.org/mailman/listinfo/dg-bsc
_______________________________________________
DG-BSC mailing list
DG-BSC@kantarainitiative.org<mailto:DG-BSC@kantarainitiative.org>
http://kantarainitiative.org/mailman/listinfo/dg-bsc
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/
--