Opinions vary widely concerning the significance of blockchain technology. Some commentators compare its potential impact on society to that of the telephone, while others remain deeply skeptical about its practicality. Surely, the truth lies somewhere between; blockchain technology is evolving, and practical variants will emerge. But, for many applications, existing solutions will continue to outperform their blockchain counterparts.
The most famous example of a blockchain application surely is Bitcoin, which is an example of a pseudonymous, permissionless and public variant of blockchain technology, well-suited to a cryptocurrency application. But, attributable, permissioned and private variants are required to address the needs of many other applications.
While a standard identity framework for blockchain has yet to emerge, it is clear that public key technology will play a pivotal role in its definition.
Bitcoin uses unregistered public keys to link a series of transactions involving the same wallet, and thereby prevent double-spending. But, in order to support security services such as source attribution and transaction confidentiality, public-keys have to be registered.
Public-key-based identity frameworks quite often employ a central identity provider, which goes against the decentralized philosophy that was the original impetus for blockchain. And while there do exist some decentralized approaches to public-key infrastructure, such as PGP and SPKI, it’s unlikely that these approaches will provide sufficient assurance for most business applications. Nevertheless, additive-RSA-key-splitting may provide a basis for decentralizing the identity provider function.
The availability and integrity characteristics of the blockchain architecture stem from the way these properties aggregate when many independent actors come together; no single actor has to be reliable or honest for the ensemble to behave in a reliable and honest way.
But, identification services don’t exhibit the same property; unless there is at least one actor that can be relied upon to be both reliable and honest, then any identity assertion remains susceptible to a sybil attack. Nevertheless, a blockchain approach to identity and access management can provide benefit in a high-assurance application.
The original motivation for the ISO/ITU X.509 authentication framework was to support secure communication between individuals and organizations at the global scale. The X.500 directory was to be the vehicle for distributing public-key credentials and their life-cycle transitions. But, as it turns out, a global directory of personal information was misconceived. And no alternative has emerged in the intervening 40 years. Could blockchain fill the gap for business models that require attributable, permissioned and/or private communications, whether or not those communications themselves leverage blockchain technology?
The most attractive property of blockchain is the cost saving that it promises. Any governance regime that demands participants keep records for a long period of time, guarding them against loss and corruption, reconciling them with copies held by others, investigating and resolving discrepancies, and having their systems audited by independent third parties, can benefit from the cost savings.
When the records are available for all to see in a distributed database whose authority is undisputed, regardless of the fact that no individual node, on its own, must bear the cost of operating a high-assurance system, then the savings can be significant.
And just as there existed a circular dependence between the ISO/ITU authentication framework and its directory, the identity and access management solution required by attributable, permissioned and private blockchain implementations can leverage the blockchain itself to create efficiencies.
Whether blockchain will have the societal impact that some predict remains to be seen. But, surely, blockchain, as currently understood, and its emerging variants, will become a significant enabler for new business models. And its benefits will extend to the identity and access management services upon which those variants will depend.