Subject: Fwd: Re: [ABA-IDM-TASK-FORCE] Report from UN Meeting on Legal IssuesRelating to Identity Management
XACML folks-- At the end (bottom) of this thread is a link to a
new UNCITRAL report on international legal issues around identity
and access management.
The other entries are comments on the report that then veers into
a discussion of blockchain's possible relevance to IAM, including
a few other links for those inclined to dig deeper.
-------- Forwarded Message --------
There actually is one very good privacy use of chaining, which was first used commercially decades ago for time stamping by BellCore if I remember correctly.
When a user gives permission to use an attribute to a relying party, and that party gives the access to another party, the block chain would be the perfect way for the second party to prove that they have a chain of permissions back to the user.
The binding of a mark to a digital artefact is adequately achieved by regular digital signature.
What I do understand is this. Nothing apart from Bitcoin is actually "on" a blockchain. To record anything else of value in the ledger requires a broker to bind that thing to ledger entries, and another broker to bind the user to their private key(s). In the Bitcoin blockchain there is no need to bind users to keys because all there is is Bitcoin. But the reality is different in every other use case.
When you layer a broker, intermediary or trusted third party onto blockchain, the benefits of the consenus algorithm are lost. Nakamoto himself said so in the second line of the abstract to the Bitcoin white paper.
Non Bitcoin use cases plainly have to *start* with trust. Blockchain doesn't produce trust, nor does it change in any important the way how trust is mediated.
So back to the entry point for my input to this debate, namely where I said not to refer to blockchain books for insights. Many of us on this list have been examining trust for over twenty years. If we haven't cracked the nut by now, why should a new crypto currency algorithm (an anonymous currency at that - think about it) shed new light on the problem?
If I may, I've said all along there is no problem. Trust is not someting that matters at the level of technology protocols. What matters is mechanisms for knowing and showing pertinent attributes of transacting entitiess.
Lockstep Consulting provides independent specialist advice
With respect the greatest Stephen, I actually think you do not understand blockchain and how it is put together.
The fundamental aspect is not the consensus protocol whether it is proof of stake or proof of work. Even though the consensus protocol is an important element for bitcoin it is not necessarily an element of a private blockchain.
The real benefit of the blockchain is the ability to emulate in the digital environment the characteristic of what occurs in the paper based environment. With paper or any physical structure once a mark or some information has been embedded onto a document, it is very hard if not evidentially impossible to alter the mark or physical information without leaving a trace on the physical material. For more detailed explanation see my papar in the University of New South Wales Law Review : “Electronic Signatures - Understand the Past to Develop the Future”.
Since digital information is simply a represenation of 1s and 0s it has always been possible to alter a document without leaving a trace. See for instance the case of Scarfo v. US, 2002 Fed court case dealing with some evidence presented by the FBI. In particular see the affidavit of special agent Murchison PhD. It has always been in the digital environment a requirement to have some secondary document such as a transaction log to establish changes.
The blockchain is not, as has been stated incorrectly in my view, imuttable but is tamper evident technology. The term imuttable basically means that the information in the document whether digital or otherwise cannot be chnaged. That is just not correct. The issue is whether the changes can ALWAYS be identified. Is there evidence of the change. This certainly occurs in the physical environment. The benefit of the blockchain is that it does not rely on any secondary evidence to establish that a change has occurred. The blockchain can actually emulate the paper-based environment which is its greatest strength. If a change does occur to any prior block then the chain will metaphorically speaking be broken which will lead to all parties involve to investigate which block is affected and when did the change occur, due to the timestamping of the prior block and the succeeding block.
As our mutual firend Charlie Morre has been recently been explaining on other forums the blockchain comprises now new underlying technology, which I agree, but where I differ from Charlie is that the combination of hash algorithms, digital signature mechanisms and merkle trees together with timestamping is unique. This combination is new as such a combination had not previously been described in the way Nakamoto described it in his/her seminal paper.
So from an Id Management perspective, what needs to be determined is once an Id has been placed in the blockchain is that what organisations want, as each relevant Id should become fixed in the blockchain, unless an unauthorised change occurs which will become self evident from the chain itself an thus lead to all parties onto a train of investigation as to what the unauthorised change was and when.
I would not be guided by the blockchain books on the question of trust.
Most of what I read about blockchain is flat out wrong. Don Tapscott's book in particular embodies many misunderstandings of what blockchain actually does.
The blockchain was expressly designed so anyone at all can join the network and start moving Bitcoin; the integrity of the blockchain in fact demands that millions of people join in, unencumbered by registration or credentialling. Trust is utterly moot in that world. It has to be, or the system won't scale up sufficiently.
The blockchain futurists make an unwarranted leap from the trust-less blockchain algorithm to posit that some new meta-layer of trust obtains. Trust does not in fact "[derive] from the network and even from objects on the network". Remember that blockchain does one thing only: it produces consensus on the order of ledger entries without needing an umpire. That's all. To find "trust" in that mechanism, no matter how magical it might appear, is simply fantastical.
provides independent specialist advice and analysis
Martin, we'd start with defining trust in the limited business context, which is the expectation that the other party will behave according to the four principles of integrity: honesty, consideration, accountability, and transparency. See
Don Tapscott and David Ticoll, The Naked Corporation (New York: Free Press, 2003).
In his new book, Blockchain Revolution (Penguin, 2016), Tapscott views the impact of Blockchain by contrasting trust in a pre-Blockchain world--where trust in transactions derived from individuals, intermediaries , or other organizations acting with integrity-- with the emerging Blockchain world, where "trust derives from the network and even from objects on the network."
So the underlying concepts of contract formation and reliance are unchanged. It is the concept of a trusted third party that is due for a makeover.
The Microsoft effort is based on the troublesome notion that many people in the world are stateless, unbanked, or both. Yet they are still people, and they are increasingly likely to rely more heavily on online services than their traditional counterparts. Does it continue to make sense for private banks and government entities (or for that matter, social networks) to control the identification and credentialing of individuals, even if the technological means exist to give that control to the data subjects themselves?
Ken-- Can you recommend a good source for understanding the MS/Blockstack/ConsenSys concept you mentioned?
Not sure if this is related to your point, but I do think it would be good to minimize the idea of "trust", as distinct from the idea of enforceable "recourse". My impression is that the info-tech community grabbed and persisted the fuzzy concept of "trust" without understanding that it doesn't go far without enforceable commitments and assignment of liability.
So, another possibly related suggestion: the UNCITRAL report notes different applications of (or use-cases of) identity capabilities, distinguishing between commercial and government requirements and priorities, for example. A distinction I have thought relevant is between those use-cases that only involve financial risk, vs other risks. (I think of these a "civil" vs "criminal", but that's just a naive non-attorney conceptualization.) Financial risk can be mitigated by commitment of a financial bond to guarantee performance in a transaction. (Or any other mechanism that reliably makes the cost of cheating higher than the reward, or even quantifies the risk so it can be managed.) Note that the financial use case also allows for users to be truly anonymous.
Controlling non-financial risks (e.g., insider fraud using genuine credentials, espionage, etc.) requires something that may help the authorities lay hands on a physical person (via a binding between a credential and the subscriber to which it was issued.)
I can see that blockchain tech could support the financial use-case by being an automatic and auditable enforcer of the release of the bond-- a smart contract application. I don't (yet) see how it applies to the "criminal" use-case, but I'm not very familiar with the tech.
PS--One really good point in the UNCITRAL report was its observation that recourse against sovereigns (vs. private parties) is limited.
On 6/6/2016 1:53 PM, Ken Moyle wrote: