Decentralized Identity on Nexus
Nexus provides a technologically adept foundation for the next generation of decentralized identity. This effectively enables greater control of information for individuals and organizations that value safety, security and sovereignty.
According to the World Wide Web Consortium (W3C), “A DID, or Decentralized Identifier, is a URI composed of three parts: the scheme “did:”, a method identifier, and a unique, method-specific identifier generated by the DID method. DIDs are resolvable to DID documents. A DID URL extends the syntax of a basic DID to incorporate other standard URI components (path, query, fragment) in order to locate a particular resource — for example, a public key inside a DID document, or a resource available external to the DID document.“
With Nexus, World Wide Web Consortium (W3C) standards are augmented as all accounts are pseudo-anonymous. No person can reference a corresponding name, date, or social security number to reveal personally identifying information. Individuals and organizations are in control of the data, meaning if one chooses to present a drivers or business license, this is possible. Each entity owns their data, and can control who they share what with, such as medical documents.
If we compare this to the physical identification systems available today, a common ID such as a driver’s license is privileged information and thus the owner retains control over who they reveal it to. When managing accounts, information can only be attributed if one were to authorize the recipient using cryptographic proofs, guaranteeing at the very least that the account holder is indeed the one that authorized the data transmission. This removes the enormous potential for corruption inherent in centralized identification systems.
Nexus uses Signature Chains, which architecturally are comparable to having a ‘personal blockchain’. This enables DApps to be created with a high degree of security and flexibility, also supplying username and password functionality strengthened by a Personal Identification Number (PIN). This technology combined with asset management, provides the foundation for decentralized identification systems. See the below illustration for further clarification.
Nexus’ use of the Location Identifier Separation Protocol (LISP) provides enhanced identity capabilities on the network internet IP layer. The End Point Identifier (EID) decoupling from the IP address enables a device to freely roam between networks as only the locator changes (your IP address), not the identifier. This is a critical security feature, as an EID is bound to a Sigchain, creating a network level identifier that is cryptographically associated with the given identity. A large reduction in fraud, IP spoofing, and identity theft are the anticipated outcomes of LISP and Sigchain use in blockchain applications.
A legitimately decentralized digital identity with superlative security and integrity opens the door for numerous opportunities. Providing authentication and Know Your Customer (KYC) to existing DApps and legacy infrastructure interfacing with blockchain solutions is perhaps the most prominent. Website account generation and authentication functionality is currently available and being developed for integration with new DApps. Basic file integrity (checksums) and encryption functions are possible although will require some logical development at this stage.
The Nexus seven layer software stack and simplified RESTful API enables third parties to integrate customer controlled credentials, identity data, assets and more; taking us another step closer to greater adoption of decentralized technology. This concept has the potential to provide broad self-sovereign identity services applicably. Developers can utilize our API to simplify the creation of DApps that control many types of digital records, some examples include:
- Personal, Professional, and Governmental Identification
- Residential, Professional, and Governmental Licenses
- Educational, Professional, Governmental Certificates
- Personal and Professional References and Endorsements
- Decentralized Finance (DeFi) and Internet of Things (IoT)
- Medical Records, Verification, and Waivers
- Digital Signatures and Reputation scores
- Assets (Titles, Company Registrations, TNS Domains, etc.)
Situational microcosms related to the eventual ease of use are reflected below:
Sovereign identity is a fundamental human right established by most developed countries around the world. The United Nations, Convention on the Rights of the Child, Article 8, defines the right for a child to preserve their identity. As an adult without a valid form of identity, one will find it difficult if not impossible to vote, own property, gain employment, receive benefits, open a banking account (illustration below) or many other engagements many of us take for granted.
Global identity for all by 2030’ is number 16.9 of the United Nations’ Sustainable Development Goals (SDGs). However, as we have seen from authoritative regimes in the past and present, governments will gladly infringe on this ‘fundamental human right’ to leverage as a pervasive control mechanism. With the unfolding of recent events, some are already considering collecting data through compulsory citizen and employee infection testing, contact tracing, vaccinations, and as a requirement for entry or travel to particular places.
In 2009, the Indian government began enrolling over one billion people in the largest biometric identification database ever made. They collected biometrics (iris scans and fingerprints) from the entire population, and issued a digital identity that could be used to receive welfare payments and social services. “While supposedly voluntary, critics said that the scheme had imposed itself increasingly onto citizens’ private lives”, reported Time.
This begs the question, where does the right for identity intersect with informed consent? End User License Agreements (EULA) are commonly accepted on websites and software without being fully understood. 23andMe, Ancestry and similar companies are collecting genealogy identity, taking ownership, and selling to the highest bidders with other conceivably detrimental loopholes. Additionally, one could overlook employment applications, insurance policies, loan contracts and other fine print due to necessity, lack of time or not understanding terminology. These serve as examples of how potentially harming agreements can be entered unknowingly (YouTube’s Dangerous Precedent). Moreover, how do we delineate informed from manufactured consent when submitting our identity? Well, that is typically based on individual trust and source credibility in order to form conscious decisions.
With the importance of identity clearly defined by the “powers that were”, one might consider safeguarding this data a top priority. Unfortunately, these entities embrace technology and governance foundationally based on centralization which is inherently non-scaleable and flawed with more cost than benefits. An extraordinary example is the United States Office of Personnel Management (OPM) attack, a database containing sensitive background information of government employees. The utter negligence, ignorance and lack of victim notification to the situation ultimately resulted in litigation.
As the evolution of centralized Identity Management (IdM) or Identity & Access Management (IAM) moves beyond on-premise settings into Cloud Service Provider (CSP) solutions, vulnerabilities increase exponentially. Credential repositories, considered the keys to the kingdom, historically isolated in strict localized compartments are now being trusted to 3rd party, globally accessible, multi-tenant virtualized environments. Not only are the risks of intrusions amplified, the probability of accidental exposure is significantly increased. Moreover, CSP’s are now offering Identity as a Service (IDaaS) capabilities while advertising appealing a la carte models that can actually be financially exorbitant long term. The below illustration exemplifies the complexities involved with these solutions.
From a personal perspective, reliance on cloud based email, social media and similar services requires an identity to interact. Single Sign-On (SSO) provides enhanced ease of use making these platforms more appealing to the masses. However, behind the scenes they utilize this identity to track every action across the internet based on the individual company EULA. Additionally, these 3rd parties are selling your identity, internet history and related data to the highest bidders, often inconspicuously with Google tracking capabilities and the Cambridge Analytica controversy.
In 2017 a Google report found that 3.3 billion credentials were exfiltrated during third party breaches while only 12 million of these could be attributed to phishing attacks. “Between January and September 2019 there were over 7.9 billion data records exposed — a 33% increase from the same time in 2018”, per an article from IdentityForce. An early 2020 report from Verizon states “Credential theft, social attacks (i.e., phishing and business email compromise) and errors cause the majority of breaches (67% or more)”. Needless to say, the centralized systems are broken.
The centralization challenges of blockchain solutions is a growing trend. These developing confrontations are antithetical to the fundamental trustless principle, circumventing the essence of this innovative technology. While the term cryptocurrency has earned a negative connotation from mainstream character assassinations, some rightfully so, it is meant to be the personification of decentralization; eliminating the middlemen. Centralization is power, ‘power corrupts, and absolute power corrupts absolutely.'
With the advent of digital identification systems currently coming to light, if left unchecked, this sovereign system can be side-stepped into a digital trap that could consume the last parts of integrity remaining. This is clearly not the most desirable conclusion possible, and underlines the importance of protecting this sovereignty with mathematical law.