I’m continuing my week of thinking out loud about identity on the blockchain. In Part 1, we came up with a real problem that needs fixing and explored the idea of a financial services passport. In Part 2, we’re going to put forward an identity model that could form part of solution to that real problem. The starting point for the thinking here is that as part of some recent work for a client, at Consult Hyperion needed to create a simple digital identity model to facilitate discussion around the provision of digital identity services to support financial services. In order to do this we revisited three basic concepts of identity infrastructure. These are the mundane identity (the “real world” physical entity that the digital identity is connected to), the digital identity itself and the virtual identities that are used to interact online (all transactions, in this model are between virtual identities).
The reason for this three part model for identity is that it is a fundamental rule of systems analysis, going back to the earliest days of data modelling, that you cannot have many-to-many entity relationships. Since there may be multiple physical entities relating to multiple virtual identities (an obvious example is a company, where a number of people have executive control over a number of virtual identities that are used to transact with other companies, government, regulators and so forth), we introduce digital identity as the linking entity to enable a workable identity management infrastructure.
This part of the model should be familiar. You probably read about it a few years ago in “A Model for Digital Identity” by Neil McEvoy and me in that indispensable tome “Digital Identity Management: Technological, Business and Social Implications“, edited by yours truly. (It’s on pages 95-104, for ready reference.) In that chapter, Neil and I put forward this idea of digital identity as the bridge between mundane and virtual identities for a variety of reasons anchored in the entity-linking structure, one of them being that the use of multiple pseudonymous virtual identities is a great way to move forward past some of the apparent paradoxes of identity and a great way to think about identity in an online world.
Anyway, I wanted to use this model to explore the issue of biometric authentication. This was because Isabelle Moeller from the Biometrics Institute (below centre) had kindly invited me to give at talk on the topic of biometrics and digital identity at their 2016 Asia-Pacific Conference in Sydney and then take part in a panel discussion with Victoria Richardson from APCA (who was unfortunately caught up in other things on the day but the excellent Nick Cliff stood in for her) and Mandy Smith from ANZ (below left). Since the audience would be mainly people with experience and interest in biometrics, I thought (correctly, as it turned out) that a simple of model of digital identity would be needed to anchor my talk and give context to the central part of the presentation, which was about biometrics as a convenience technology when combined with mobile as an authentication platform.
To make that simple model, I chose to map the three identity entities to three different domains where a binding is required (hence three domain digital identity, or “3D-ID”). You can see the three domains and the three bindings in the picture below. In the identification domain we do the complex and expensive binding of the person or organisation or thing to the digital identity. In the authentication domain we bind the digital identity to a person or organisation of thing that is entitled to use it. In the authorisation domain we bind the digital identity to the virtual identities that interact online to execute transactions. For the purposes of simplicity, think about the digital identity as a private-public key pair and think about the virtual identities as public key certificates that take the public key from the digital identity and link it to attributes to form credentials.
So who might be a provider of digital identity, given that the binding of digital identities to mundane identities is complex and expensive? Well, here’s what Neil and I wrote in the book nearly a decade ago:
One could certainly imagine niche identity issuers springing up across both horizontal and vertical sectors (the government, from this perspective, becomes a special case of a niche identity issuer) where economics or other pressures dictate.
An obvious case would be that of banks. Since they are already covered by “know your customer” (KYC) and other legislation, they are perfectly capable of issuing digital IDs that might be widely accepted. These and other digital IDs would then be used to create one or more virtual identities (eg, an employer creating an employee identity), most likely through brand-based businesses using white-label services.
To illustrate what we meant by this, think of the example of a dating site. The dating site needs to know that I am a real person, but it doesn’t need to know who I am. If it knows who I am, then it has a responsibility to look after my identity, which I’m sure it doesn’t want. I don’t want it either, because when the dating site is inevitably hacked I don’t want my identity smeared all over the web. So when I go to create my account at the dating site (in others words, when I go to create my dating virtual identity) I can present my bank virtual identity. The dating site forces an authentication (using, for example, FIDO) and once it gets the positive response it can then take the public key from the bank virtual identity, add attributes that it can attest to (e.g., date joined, name chosen, etc) and sign that with its own private key. This creates a new dating virtual identity at minimal cost. (We’’ return to the point abut correlating public keys across virtual identities when we come back to think more about implementations.) Take it from me, it all works, provided you have somewhere to store the private key. Sound familiar? Well, we’ll talk about digital identity and the blockchain in another post soon.
The focus of my talk was that the arrival of biometrics as a convenience technology in the authentication domain transforms the usefulness of this model in the mass market. There’s a world of difference between creating a new account at the dating site and then being asked to look at your phone (face biometrics are especially popular amongst older people, for example) and being asked to get out a dongle, insert your EMV card, enter your PIN, read a code and then type it into a web page. And, as an aside, one of the most interesting presentations I saw at the event was about he use of the phone and the touch screen to perform continuous background authentication so that when a service provider forces an authentication on the device, the customer may well have to do absolutely nothing at all!
One more thing about the model. On re-reading that chapter (which was first drafted a decade ago), I couldn’t help but notice that Neil and I had already had an inkling that the paths of the Internet of Things and digital identity would cross. We wrote:
People will account for only a fraction of the digital IDs associated with stuff, and a lot of stuff will be interacting with virtual identities: after all, a vending machine dispensing chocolate may not need to know anything about a person, but one dispensing cigarettes certainly does. Since it would be ludicrous (and an open invitation to identity theft) to insist that people present their real identity to a vending machine, it is the attribute (eg, “is_over_18” or something similar) bound into the virtual identity that is the critical element in enabling the transaction.
Rather forward thinking, if you ask me, especially since on my last trip to Frankfurt I discovered that there are cigarette vending machines in the street that require customers to present their actual identity cards (well, someone’s identity card, anyway) in order to purchase!
What the machine should do, of course, is require you to present your “adult identity” (that contains no identifying information and merely testifies that you are over 18) and then force an authentication against that (via Bluetooth or whatever). As we all know, in a commercial transaction of this nature, your “real” identity is your least important attribute.