Can a Bitcoin Blockchain–Inspired Ledger Give Individuals Control Over Their Online Identities?

Hyperledger Indy will incubate Sovrin, a permissioned open ledger built for identity management
Illustration: IEEE Spectrum

The Sovrin Foundation, a non-profit organization building online identity management tools with blockchain-inspired technologies, announced today that it will be taken on for incubation by Hyperledger Indy, a project run by the the Linux Foundation.

The problem of identity has attracted a whole flock of developers in the blockchain and distributed ledger space who see these technologies as a way to scoop up all the scraps of an individual’s online identity, consolidate them and put them under the individual’s control.

Today, for the most part, we lack that control. We have surrendered ourselves to the likes of Facebook, Google, Twitter and Amazon, whose profiles on their customers are so extensive that they are now, themsleves, used as standard identity verifiers across most Internet domains. Want to leave a comment? Just sign in with Facebook. Trying to get into your Medium account? Just login with Twitter. 

And if those companies suddenly disappear, so too does your online identity.

Meanwhile, asserting more important things about yourself online is just as difficult as ever. You can efile your taxes, but first you’ll need that PIN from the IRS that you set up a bajillion years ago that somehow proves you are who you say you are. 

It’s a terrible mess. And according to Phil Windley, the chair of the Sovrin Foundation, the best way to fix it is to use distributed ledger technology to make something that looks more like what we have offline. 

“In the physical world I go to my pharmacy and they ask for my driver’s license to prove I’m over 18 and I supply it to them. They don’t have to have a direct connection to the Department of Motor Vehicles. They don’t have to have any kind of API integration to make that work. Because I am the conveyer of this verifiable claim called a driver’s license. That hasn’t been possible on the Internet and Sovrin makes that possible,” says Windley.

In this alternate view, it is the individual who possesses all the pieces of their identity, which ranges from mundane testimonials about what your favorite movie is, to critical information like age and date of birth. 

In Sovrin, these facts about you (or pointers for where to find these facts) would all reside on a distributed public ledger which you alone had the authority to access and share. Other entities, however, could modify your claim by signing off on them with a cryptographic key, thereby adding weight and credibility to the pieces of your identity. For example, you may have an identity on the Sovrin network which specifies your driver’s license number and that information might be signed by your state’s DMV. 

The technology has a slight whiff of blockchain, but doesn’t really have a blockchain. Rather, it is a ledger that is replicated over mulitple nodes that all coordinate to make updates and police the system and which together make up the Sovrin network. The nodes are invite-only, meaning that the ledger is public, but permissioned. As a result, Sovrin functions without the participation of miners, which makes it less expensive and less energy hungry than your typical open blockchain.

Windley says that he envisions the first applications coming from the financial sector. Banks could participate as node operators to maintain the ledger and provide it as the repository for their customers’ identities. If given permission by the customer, multiple banks could access this information in a single place in order to comply with Know-Your-Customer (KYC) regulations. 

In joining Hyperledger Indy, Sovrin is donating all of its code and getting back developer power in return.

There are currently many other groups working in the blockchain and distributed ledger space to build self-sovereign identity systems. Bitnation began using the blockchain to issue its own nation state-independent version of a passport in 2014. That project now resides on the Ethereum network which also supports another identity management tool called uPort. And Civic is building out a similar project on Bitcoin.

Windley doesn’t necessarily see them as competition. “I believe that there won’t be a single identity solution; there’s going to be multiples,” he says. “We’re going to live in a world with multiple identity systems because they have different properties and [meet] different needs.”

Advertisement

Tech Talk

IEEE Spectrum’s general technology blog, featuring news, analysis, and opinions about engineering, consumer electronics, and technology and society, from the editorial staff and freelance contributors.

Newsletter Sign Up

Sign up for the Tech Alert newsletter and receive ground-breaking technology and science news from IEEE Spectrum every Thursday.

Advertisement