Yesterday afternoon I had the pleasure of being involved in the Payments Forward Afternoon Tea Discussion, which on this occasion was considering Bitcoin and all things block chain.
The panel, which was expertly chaired by Izabella Kaminska, included well known figures from the cryptocurrency scene as well as representatives from the banking community. As you can imagine the 90 minute discussion covered a whole range of topics.
I want to pick on a one particular area to comment.
Conversations about block chain very often get sidetracked onto adjacent topics that are not really block chain issues. A classic and very current such topic is that of digital identity. And as with block chain, digital identity suffers from a linguistic problem – everyone means something different by digital identity.
In my world, digital identity is about the attribute data that needs to asserted and verified in a particular context in order for a particular transaction to be possible. For example, I may need to assert my name, address, age, preferences or any number of other attributes. Block chain is built around the concept of a self asserted anonymous identity (a cryptographic key that the user controls) but that’s as far as identity goes. The rest of the block chain is about using that anonymous identity to claim ownership of digital assets (or digital representations of physical assets) and transfer them to other anonymous identities. I postulate that my attribute data is not something I would want to store “on” the block chain because firstly I would never need to transfer it to anyone else (my name is Steve and always will be, I’m not going to transfer it to anyone) and secondly to be privacy enhancing (or to use the technical term – to ensure minimal disclosure) I wouldn’t want my attribute data to be associated with my anonymous identity for any longer than one transaction. Certainly not in a public ledger of all history.
I think one model that could work is where attribute providers working off the block chain provide identity proofing (or attribute proofing) and then provide certification that a particular anonymous identity is associated with a particular attribute. For example, I could get my public key signed by an attribute provider with an assertion that I currently reside in the UK, if that was the thing I needed to assert for the transaction. Assuming that was the only thing I had to assert all other attribute data could be omitted for the purposes of that transaction. To be fully privacy enhancing that assertion would last only for the length of the transaction, although potentially as the identity owner I may choose to allow the linkage between my anonymous identity and the assertion of residence in the UK to last longer. A model like this would allow transaction specific identity assertions to be made that could be associated with a particular transaction on the block chain – the transaction where it is relevant.
There may be other better models and thought would need to be given to how to prevent a build-up of attribute data that would compromise the privacy currently inherent in block chains. Also there is the question of whether or not those attribute provider services can or need to be decentralised, and whether there is role for conventional attribute providers (e.g. banks) to provide services into the block chain.
I’m sure some people will disagree with the above assessment, but for the moment this appears to me to be a model that makes some sense. One thing is for sure, there is a very important interplay between digital identity and digital currencies and more debate is needed.