The single biggest challenge for digital identity systems has been to create counterparts to the secure physical identifiers we use today.
For instance, there has yet been no effective online equivalent to producing your driverâs license at the drug store. And while there are traditional identifiers most people are familiar with online (like the Facebook login), these systems raise key questions about the centralized registries trusted by consumers and the control they have on the systems that secure them.
Now, Project Indy, a blockchain initiative developed by the Sovrin Foundation, is trying to fix this problem using a hybrid distributed ledger platform. As described, the ledger would be public, but in order to interact with it, an invite would be required.
According to Phil Windley, chair of the Sovrin Foundation, the idea is to âstrike a middle groundâ between permissionless ledgers like bitcoin and permissioned options like R3âs Corda.
âOne of the key philosophies of Project Indy is that private information is never written to the ledger, even in encrypted form,â said Windley. âIt gets anchored on the ledger so thereâs proof that it existed on a certain day.â
Elements of identity are then updated on the distributed ledger to be verified by an agent. In the example of a digital driverâs license, an agent could be the Department of Motor Vehicles (in the US). However, the idea is that the system is used by third-party operators, but not owned or controlled by them.
Project Indy subscribes to the concept of âverifiable claimsâ â a method of cryptographically authenticated online identification, where no private data is written to ledger, returning some ownership to the user.
Windley explained:
âWith a verifiable claim, this is now a cryptographically signed self-contained set of data that I can hold. Now when I come to the pharmacy and need to prove Iâm over 18, my system can prove that to the pharmacy in a way they can trust, they can verify, they can validate that it was the DMV that issued that.â
Itâs worth noting that the World Wide Web Consortium has set up a verifiable claims working group to encourage interoperability among different players building decentralized ID solutions.
But why is centralized identity a problem? And what does blockchain do to provide a solution?
Online identity has been a âdisastrous situationâ for some time according to Brian Behlendorf, executive director of Hyperledger, the blockchain group overseen by the Linux Foundation.
Project Indy recently joined Hyperledger, and now hopes to get the ball rolling on this new form of identity with some practical use cases. A prominent use case would be in the financial services sector, replacing fractured systems that are prone to privacy breaches and leave the user with little or no control over their identity data.
The mission statement of Project Indy is restoring control to peopleâs online identity by moving away from centralized services.
Windley told CoinDesk:
âBy putting this on a ledger thatâs operated by a number of different players under governance rules, nobody owns its, everybody can use it, anyone can improve it.â
In partnering with Hyperledger, the Sovrin Foundation is contributing Project Indyâs code to the non-profit consortium â a move Windley believes will hasten development of the projectâs proofs of concept (PoCs).
âWe have running code that can serve as the basis for prototyping, experimenting, hacking, certainly for finding holes, both security holes or conceptual holes,â said Hyperledgerâs Behlendorf.
Like many distributed ledger technology efforts, the financial services sector is showing the most interest in Project Indy so far. And, according to Windley, there are six financial services PoCs already underway.
âProbably the first one thatâs going to be launched is one that identifies people in call centers, which isnât the sexiest application you can imagine, but itâs a real problem that financial institutions have,â he said.
Another banking use case is compliance with know-your-customer (KYC) regulations. Identity ledgers would reduce the regulatory costs felt by financial institutions in this regard, claimed Windley.
Healthcare is also a potential beneficiary of the tech. The project envisages a system where doctors who move between different hospitals could hold their own identifiers to verify their credentials.
Still, Behlendorf is more open-minded about where the project might lead, saying:
âRight now we are very eager for people to come in and kick the tires.â
Egg in flour image via Shutterstock
