Everywhere you turn it seems there are research projects, new product proposals and services claiming a new dawn of blockchain driven technologies that fix a multitude of problems. Identity is a space where many of these claims are being made so it is useful if we explain our thinking and the approach we are advising when it comes to digital identity.
The focus on shiny new technology, rather than the right technology to meet user needs, may limit the uptake of blockchain based solutions in areas such as digital identity. Views are polarised but a growing number of experts, myself included, are urging caution at this stage. Recent discussions at international events concerned with identity such as the Cloud Identity Summit 2016 and the European Identity & Cloud Conference 2016 have highlighted issues with identity and blockchain that remain open.
There’s no doubt that blockchain technologies are interesting and innovative. There’s also potential for some useful applications such as creating evidence chains for identity verification, the creation of smart contracts, or for certain types of distributed ledger. But we should remember that blockchain is essentially just another database technology.
There are places where blockchain may have an impact. Indeed, the financial sector is keen to explore uses, such as distributed immutable ledgers and crypto-currency, but these are sector-specific problems which are largely unrelated to identity.
Blockchain risks
You can argue that when relational databases first appeared the argument that other technologies existed could have been levelled, but in the case of blockchain the hype has been significantly higher. This is bad not only from an architectural point of view but potentially for blockchain technology itself as expectations are high with little evidence to suggest success to date. Given the hype, if blockchain fails to deliver production systems with clear advantage over current architectural approaches, trust in these technologies could be damaged for some time.
Regardless of the properties blockchain technologies may offer (largely based on decentralisation, public views of the data, and immutability), there are some red flags for architects and service designers:
- The technology is immature
- There are security issues (for example, lack of Key Management)
- Blockchain has shown poor performance at scale
- There’s a lack of established standards
Does blockchain revolutionise digital identity?
The consensus of identity experts seems to be a resounding no. You can build distributed ledgers without resorting to the blockchain, and you can preserve privacy in many other ways. Identity can be improved but it simply isn’t broken, so it’s hard to see where blockchain technologies are really required.
There are potential uses for blockchain type technologies in the creation of immutable evidence chains for individuals wishing to prove their identity. For example, where the individual is starting with no or minimal evidence and needs to build a chain of evidence over time, as is the case for refugees. There may also be applications for personal data stores and attribute services associated with, or unlocked by, verified identity that can enhance the ecosystem.
There are some basic maturity issues with these technologies including the lack of standards, common terminology, or demonstrable examples of ‘real’ implementations. Some of this is to be expected at this stage but, where there are known scalability and security issues left unanswered, the risk of implementation may outweigh any benefit. Blockchain is unproven.
Alternatives to blockchain
The other problem with blockchain technologies is that the clock is ticking. We are yet to see tangible results that make blockchain a mainstream product. Already, alternative technologies are emerging. Swirlds, for example, utilises a hashgraph data structure and the Swirlds consensus algorithm to create a platform for distributed consensus much the same as that claimed by blockchain.
There are multiple blockchain variants offering different approaches and functionality but this all serves to confuse, rather than reassure those seeking to evaluate these technologies if they don’t have a high level of subject matter expertise. Key to all of this is a lack of basic understanding such as knowing that blockchain is really as simple as a chain of blocks containing transaction data linked to the previous block by including a hash of that previous block i.e. a chain of linked blocks.
If it isn’t broken, blockchain won’t fix it
The problem here is that identity isn’t broken. Advocates of blockchain would argue that both trust and privacy would be enhanced by applying it. This may be possible in some cases but it could actually damage these concepts in the long term.
There are no alternatives so far, that can replace or improve on protocols we have in place (such as SAML and OpenID Connect), or the way we communicate trust (for example, PKI, strong cryptography).
The reality remains that until the security, scalability, and operational issues already noted by respected experts are resolved there is no need to rush into the implementation of identity services services based on blockchain.
We must also step back from the hype. We should start with the user and their needs, not with the technology. Until there is a clear user need that is satisfied best by blockchain technology, or a clear and demonstrated advantage for implementation at scale, there is unlikely to be much interest from those developing identity solutions. This may change as blockchain technology matures and answers some of the open questions raised by identity experts but, for now, it remains one to watch and experiment with, rather than one to implement wholesale.
Adam Cooper is GOV.UK Verify’s Technical Architect. You can follow him on Twitter.
21 comments
Comment by David Eastman posted on
"The other problem with blockchain technologies is that the clock is ticking. ", er.. what?
Comment by Adam Cooper posted on
With regard to "the clock ticking": it's more that blockchain technologies have made many claims but are yet to deliver on the hype. The longer this goes on the more likely it is that questions will be asked regarding its relevance and potential. Hence the ticking clock.
Comment by David Eastman posted on
That's everything to do with media attention and hype cycle, and nothing to do with the technology.
Comment by Adam Cooper posted on
The technology still has to deliver and so far we don’t have enough evidence to say that blockchain technologies will deliver on the hype. The focus as always should be on fulfilling user needs not implementing technologies simply because they are clever or interesting.
Comment by Darren Kis posted on
the 'Hype' is coming from people who don't understand the Bitcoin protocol and want to leverage 'blockchain' technology to make bank...
Comment by Adam Cooper posted on
I quite agree. Blockchain and Bitcoin are often used to sell a solution or product rather than being the real answer to a user need. Understanding is growing so the myths will start to fall away and perhaps we can start focusing on the real applications for these technologies.
Comment by Darren Kis posted on
"The technology still has to deliver"
depends on your criteria for 'deliver' ... thus far it's working out quite well for an immature technology, the Bitcoin network has had 7 years without any major downtime, better than any bank you might care to mention.
Comment by Adam Cooper posted on
But Bitcoin is a crypto currency not an identity service so it has a very different set of requirements. There is also the question of scalability with Bitcoin in its current state i.e. it cannot remotely compete with the banks or credit card companies for payment processing volume. This suggests that after 7 years there is still much to do for Bitcoin.
Comment by Darren Kis posted on
exactly.
Comment by Adam Lake posted on
"Identity can be improved but it simply isn’t broken, so it’s hard to see where blockchain technologies are really required."
I agree that Blockchain may not be required but I disagree that Identity is not broken. Web identity should be something that individuals control. We need civil rights in the digital world just like we require for the physical world.
Check out Chrstopher Allen's post on Self Sovereign Identity
http://www.lifewithalacrity.com/2016/04/the-path-to-self-soverereign-identity.html
Comment by Adam Cooper posted on
We should always strive to do more for the individual and that is exactly why we work closely with our Privacy and Consumer Advisory Group (https://www.gov.uk/government/groups/privacy-and-consumer-advisory-group) to make sure that we respect the needs of the user to control their digital identity and respect their privacy online. That, as you say, has nothing to do with blockchain technologies.
I personally think that self sovereign identity is of great importance and blockchain may well play a part in making this a reality but we are currently at the beginning of that journey.
Comment by zach piester posted on
Identity systems are fundamentally flawed, especially for those un-included (only @3b people). Having a robust Identity suite on the blockchain enables levels of attestation without being physically present coupled with provenance of data is allowing new identity models to emerge. Forward thinking govt's around the world are embracing this.
Comment by Adam Cooper posted on
Digital inclusion and opening the possibility of digital identity for as may people as possible is most definitely one of our aims. Blockchain is not the only answer: for example, you don’t need blockchain to enable attestation without being physically present. I would also say that adopting unproven technologies with known security flaws for something as critical as identity is not what I would term as forward thinking.
Comment by zach piester posted on
Adam,
I agree that more governance and testing is always prudent for nascent technologies. I think we all could also agree on that current security measures in centralized systems are less then desirable, just ask Target, JP Morgan, NSA etc. etc..
Blockchain isn't the only answer, in fact the coupling of decentralized tech with other tech can create new opportunities to address inclusion and enhance levels trust that isn't present today.
The blockchain enables trust where it doesn't exist. Most people don't trust that their data is safe and secure, moreover are exceptionally less trusting of their governments with their information. Appreciate the response and dialogue.
Comment by Adam Cooper posted on
Centralised systems do have issues but that is another discussion altogether. We have long known that centralising identity data is a poor design pattern which is why we expressly don’t do that with GOV.UK Verify.
I would dispute that “blockchain” is the only answer. It might be part of a future answer but until the maturity, security and scalability issues with blockchain technologies are solved we should remain cautious.
One of the dangers in the hype is misleading the public by saying that their data is safer outside of government. The truth is that poor implementation and poor security can happen anywhere as the recent breach at Sage (http://www.bbc.co.uk/news/business-37076704) and the huge loss of control and value in the blockchain based DAO (http://www.coindesk.com/understanding-dao-hack-journalists/) have proved.
Comment by Rob Leslie posted on
Hi Adam,
I have some difficulty with some of your assertions as I don't think they are factually correct. For example, you state "There are no alternatives so far, that can replace or improve on protocols we have in place (such as SAML and OpenID Connect), or the way we communicate trust (for example, PKI, strong cryptography)."
Zero knowledge proofs have been around for years and allow for the communication of trust without the need to transfer any of the underlying data or tokens. They inherently preserve privacy. Have any of these been explored and/or considered?
Next, there isn't a single a single form of "the blockchain"; there are many. The technology has been around for many years but was only popularised by the Bitcoin blockchain - which is a just a single implementation of a form of blockchain. Choosing the blockchain type. e.g. public /private, applying different methods of proof e.g. proof of work / proof of stake, cryptographic proof, all change the attributes of the blockchain which will impact on things like scalability. The use case will ultimately determine the best way to implement the technology.
Comment by Adam Cooper posted on
Perhaps I should clarify my position on protocols such as SAML and OpenID Connect. These protocols and the features we apply to ensure trust (e.g. PKI) allow us to create appropriate identity federations but they are essentially the plumbing. The data they convey should be treated as a separate concern and how we handle that data observes the principles described by our Privacy and Consumer Advisory Group (https://www.gov.uk/government/groups/privacy-and-consumer-advisory-group).
We have considered zero knowledge proofs but for working with government services, in most cases, we need some level of verified identity data in order to complete transactions, particularly when a user is accessing a service for the first time. Discussions about new technologies and approaches continue, an overview of which you can find in one of my previous blog posts: https://identityassurance.blog.gov.uk/2016/03/24/how-we-work-with-experts-to-make-gov-uk-verify-better/.
You are absolutely correct about there not being a single form of "blockchain" and this is actually part of the problem as too many things are described as "blockchain" solutions when actually they vary wildly in implementation and functionality. It's a bit like someone saying: "and this relational database solution we've built can solve that problem". Maybe so but does the technology matter more than satisfying the user need?
As you say the use case will determine what we need to implement or more importantly the user need will. So in other words: we should focus on the user need and the type of technology or solution required will follow.
Comment by Leon posted on
Dear Adam
"Identity isn't broken". No, it's completely inexistent. For a digital identity concept to be genuine, the personal data it consists of must be fully owned and controlled by the user, that is the hosting of personal attributes and the access to it. Further, it must also eliminate the necessity of provider-side authentication and prevent the lock-in of user data to closed, proprietary service platforms which occurs each time Internet users create a new account for some web service. Although highly popular, SAML and OpenID cannot be seen as identity standards as they are just solutions for identity federation and single sign-on.
A standard-worthy solution for digital identities will not only decentralize data control on the web and give it back to the owning user, it will also have to contain concepts such as
- anonymous credentials (prove authorization without disclosing your identity),
- principle of least privilege (minimal disclosure of personal data),
- confidential data exchange without middle-men (as opposed to the current dominant design of web platforms),
- verifiable personal attributes through certification,
- role- and attribute-based access control to personal data,
- no weak human credentials such as passwords,
- machine-readable semantics to enable clients (apps on devices) to act on behalf of their users.
Thank you for elaborating your skepticism regarding the technological fit of SLT for digital identities. I think you make some good points here.
Comment by Mirian Shade posted on
Blockchain still needs more testing according to me.
It hasn't got 'vote of trust' from industries for now.
Comment by Ken Mafli posted on
Great post. You referenced security issues like key management. I agree. The ENISA recently put out a white paper on Blockchain Security in which they said, in Section 4.1.1:
"Unlike with traditional systems, where before a server administrator was capable of tracking attempts to break into a customer or user account, the malicious users can keep trying limitlessly to decrypt or try to reproduce a private key out of encrypted data from a given ledger. With Blockchain, there is no way of knowing this is happening until after the hacker has succeeded."
https://www.enisa.europa.eu/publications/blockchain-security
This is of grave concern as tradition systems with centralized key managers would have security logs that a SIEM would be able to use to identify unusual behavior. This lack of being able to "peer" into the system needs to be addressed before any level of confidence can be given in blockchain.
In order to conform to NIST standards of proper key management, user access must be defined and monitored:
-Document which users/roles will be authorized to access the KMS
-Define what functions will the user/role be able to execute on
-Define what means of authentication will be used
-Ensure that these definitions are enforced
http://info.townsendsecurity.com/definitive-guide-to-encryption-key-management-fundamentals
Again, I am glad you are talking about this.
Comment by Drew Johnson posted on
Adam,
Just found your post. Great article.
I am baffled by the banks' interest in blockchain.
They appear to have swallowed the hype - as they did briefly with Quantum Crypto - another solution in search of a commercial problem.
Much of bank claims of what will be achieved with blockchain, e.g. trade-finance documentation chains, can be equally well achieved with good quality PKI. Banks invested in solving operational and legal/contractual problems with PKI, e.g. by investing in Identrus, establishing clear liability and mandating key management, hardware key protection and revocation management through OCSP. Yet they appear to have left much of this investment on the shelf and now waste shareholder money on this shiny new technology to solve problems they've already solved and forgotten about.
OCSP (Online Certificate Status Protocol) was an interesting lesson from PKI that has parallels to the fraud correction example you provide for block-chain. To make practical something that is essentially a decentralised / offline service you ended up needing an online/centralised service to check the data hadn't been corrected/revoked since it was agreed.
If you want a revocation mechanism for distributed ledger you need central real-time infrastructure to operate it, rendering a distributed ledger pointless.
Without a revocation mechanism you have a 'bearer instrument' which is then problematic for money laundering.