Martin Kuppinger, founder and principal Analyst at Kuppinger Cole, discusses how blockchain IDs might finally deliver universal and trustworthy authentication
Distributed Ledger Technologies (commonly referred to as Blockchain) have been discussed in relation to all manner of business models in all industries. The range of models span topics such as international trade finance, KYC (Know Your Customer), patent handling, land registers, banking the unbanked, universal digital identities, audit logging in manufacturing, registration of diamonds, and last but not least cryptocurrencies, too name just a few.
There is a common element too many of these approaches: They are focusing on getting rid of at least one party in the process by moving trust to the digital element of a DLT. Smart contracts that are based on DLTs thus play a vital role for many of these models.
Consider a holiday apartment with a digital lock, that is opened via the smartphone of the customer, but only after payment and within the period of booking. The smart contract would enable access based on payment for the booking period. This would reduce risks, and help parties transferring the money receive a fee for risk insurance.
If there is a lack of users, no services will adopt. If there is a lack of services, no users will adopt
Optimisation and practicality
Success will be based on two factors: The proposed models must optimise cost, risk, and time, in comparison to traditional approaches. The other is practicality – DLTs must not impose restrictions that become inhibitors. Obviously, the advantages of using DLTs must exceed those gained from using other technologies – if the same improvements can be easily achieved by relying on other established technologies DLTs will rarely win.
Going back to optimisation, solutions must offer some form of cost reduction by getting rid of some of the parties or cost-cutting, such as for notaries when moving to digital land registers.
Process optimisations might occur by executing processes based on automation through smart contracts, as in international trade finance where the location and state of goods can become always known through combining IoT sensors and DLTs, removing the need for inefficient manual checks and paperwork – these creative combinations can also optimise process throughput.
Practicality involves applying the right type of DLT to the problem at hand. Blockchains with a highly volatile coin value lead to unpredictability which hinders adoption. And if the throughput is limited, such as for the Bitcoin Blockchain, this also limits potential business use cases. Luckily, there are many types of DLTs out there – it’s all about making sure you pick the right one.
A case of identity
Identity is crucial to blockchains. Identity is needed to provide access to the wallet of the individual users where they hold their coins, private keys, and other information. Security of these wallets is related to strong authentication, which is fundamentally an identity management problem.
The advantages of using DLTs must exceed those gained from using other technologies
However, there is another angle: Who is allowed to make code changes? In other words, who controls and governs the blockchains effectively? And how do we identify users in permissioned, managed, and identified blockchains? For many use cases, particularly the business-relevant ones but also governmental ones (for instance land registry), identification is a key challenge.
Identity also comes into play when we consider privacy. If you store personally identifiable information (PII) on a blockchain, you end up being in conflict with regulations like GDPR. It has been widely acknowledged that deleting data in a DLT is one of the things that (at least for the vast majority of DLTs) just does not work. For blockchain adoption to increase, the challenge of identity needs to be solved.
Chain of command
With identities being a challenge for the adoption and secure use of blockchains, Blockchain ID becomes an important concept. Basically, Blockchain IDs done right could forge a broadly used, maybe even “universal” ID, that allows for flexible authentication using a variety of authenticators, and has the potential to be highly secure. Having an ID that works for every stakeholder seamlessly, while also being strong enough for highly sensitive and critical use cases is therefore the critical next step in the road.
Before Blockchain ID becomes viable, several hurdles need to be crossed. When looking at the various blockchain approaches, both conceptual or already implemented, most analysts have realised that sensitive information such as PII cannot be held on the DLT.
The use of local wallets for storing authentication information, private keys, and other relevant information, is mainstream. That model, named SSI (Self Sovereign Identity), also focuses on the sovereignty of the individual users over their data – they remain in control of how they share their data and how it can be used.
Blockchain ID has the potential to achieve what is currently missing in identification processes
However, that wallet is the source of the biggest challenges. Most approaches lack support for roaming, i.e. keeping a synchronized state of the wallet across multiple devices. Authentication frequently is not as strong as it should be. And recovery in most implementations is just based on a passphrase, which is basically just a long password. A moderately longer password is a far from perfect security measure for what is essentially the key to your kingdom.
On the other hand, there is the challenge of critical mass, which comes down to a chicken-and-egg problem. If there is a lack of users, no services will adopt. If there is a lack of services, no users will adopt. Some of the players are trying to overcome the problem by targeting large corporations for their existing user base as a starting point, hoping to gather sufficient adoption while delivering re-use of the IDs across all of its customers.
Blockchain ID has the potential to achieve what is currently missing in identification processes: Universally usable yet strong and trustworthy authentication. While some social logins have reached strong global adoption, they lack authentication strength and trustworthiness. Blockchain ID might be the one thing that delivers both, to the benefit of both businesses and users.