Tuesday, August 1, 2017
Blockchain is a foundational technology, like electricity and the internet…

Post 1 (of 3):  A Blueprint Discussion on Identity

By Guest Bloggers: Thomas Hardjono, MIT Connection Science and Pete Teigen, IBM

The blockchain transformation of the economy will require agreements on standards and processes across institutions around the world, as well as major social, legal and political change. -Wall Street Journal

Transformative scenarios, such as large-scale public identity systems, will deliver enormous value. -Harvard Business Review

Business transactions take place every second — orders, payments, account tracking, and many more.  Often, all participants to a transaction have their own ledgers — and, thus, their own individual versions of the facts.  Having multiple ledgers can lead to error, fraud and inefficiencies – vulnerabilities that can be reduced by having a common view of a transaction end-to-end. 

Blockchain technology enables a shared ledger to record the history of transactions with consistency and certainty.  In a blockchain network, all parties to a transaction must give consensus before a new transaction is added – and once recorded in the blockchain network, a transaction cannot be altered.  Blockchain eliminates or reduces paper processes, speeding up transaction times, increasing efficiencies and building trust among participants to a transaction.

How can blockchain benefit government?  How can government lead the way to a broad-based blockchain revolution that benefits all?  The IBM Center for The Business of Government recently initiated a new research effort to explore those questions, led by Thomas Hardjono, Technical Director of the MIT Trust::Data Consortium and CTO of Connection Science and Engineering at MIT.  As a first step in this research, we are drawing on a series of open discussions among key leaders and stakeholders hosted by the Congressional Blockchain Caucus to help frame key issues impacting blockchain and government.

This first of three posts addresses the value that blockchain can bring to addressing secure identity management. The second and third of the three posts will report on the value that blockchain can bring to payment processes and data provenance.

The Promise of Blockchain for Secure Identity Management

Data breaches, identity theft, and trust erosion are all identity-related issues that citizens and government organizations face with increased frequency and magnitude. The rise of blockchain technology, and related distributed ledger technology, is generating significant interest in how a blockchain infrastructure can enable better identity management across a variety of industries.  Historically, governments have taken the primary role in issuing certain types of identities (e.g. social security numbers, driver licenses, and passports) based on strong authentication proofing of individuals using government-vetted documentation – a process often referred to as on-boarding. This identity proofing and on-boarding process presents a challenge to government because it is still heavily paper-based, making it cumbersome, time consuming and dependent on siloed, decades old, and inefficient systems.

Another aspect of the identity challenge is the risk of compromising an individual’s digital identifiers and government-issued credentials through identity theft. With so many vital services (e.g. banking, health services, transport, residency) dependent on trusted, government-vetted credentials, any compromise of that identity can result in a significant negative impact to the individual and be difficult to repair. Compounding the problem, many instances of identity theft go undetected and only discovered after damage is done.

Increasing the efficiency of the identity vetting process while also enhancing transparency would help mitigate those identity challenges.  Blockchain technology promises to do just that. Through the use of multiple computer systems (nodes) that are interconnected in a peer-to-peer (P2P) network, a shared common view of the information in the network ensures synchronicity of agreed data. A trusted ledger then exists in a distributed manner across the network that inherently is accountable to all network participants, thereby providing transparency and trustworthiness.

Using that trusted distributed ledger, identity-related data vetted by one Government entity and including that data’s location (producing a link in the chain) can be shared with other members of the network as needed -- allowing members to instantaneously accept an identity without the need to duplicate the identity vetting process.  The more sophisticated blockchain systems possess this “record-link-fetch” feature that  is inherent in  the blockchain system’s building blocks.  Additional efficiency enhancing features allow downstream processes using that identity assertion as automated input to enable “smart contracts”, discussed below. 

Thus, the combination of Government vetting of individual data, together with the embedded transparency and accountability capabilities of blockchain systems, allow relying parties (e.g. businesses, online merchants, individuals, etc.) to obtain higher degrees of assurance regarding the identity of other parties with whom they are conducting transactions.

Implementation Considerations

Successful implementation of blockchain requires an understanding of the issues around identity and membership management. Within private (permissioned) blockchain systems, membership management should include a comprehensive lifecycle for identity and credential management. This includes mechanisms to onboard new users, permissions/entitlement management, user-credential management, and credential revocations.

For blockchain systems that have specific goals and therefore a limited set of operations allowable within a transaction, the permissions management for a given user may be as simple as read/write permissions associated with that user’s identity.  Write-permissions (which includes read permission) means that the user can submit new transaction into the blockchain.  A read-only permission means that a user or entity can only view and validate completed transactions, which may be sufficient for some applications.

Smart contracts, in the form of executable code (with or without legal weight), introduce another dimension to membership management. In particular, the programmability aspect of smart contracts allows sophisticated agreements to be made via executable code on a shared blockchain system. Additionally, the programmability feature of smart contracts offers the possibility of performing identity verification and even user authentication using one or more nodes on the blockchain.  That is, a node could validate the credential of an end-user as part of that user seeking services or tasks to be performed by that node. This task could be performed partially off-chain by the node(s), or could be performed entirely on-chain (e.g. a smart contract specifically for identity verification).  In either case, it is crucial that the smart contract code be authenticated (i.e. validate the code has not been tampered with) and that the code is safe to execute without interference (i.e. trusted computing base).

A Path Forward

Identity and membership management solutions already exist and can be applied to private (permissioned) blockchain systems. Features within these solutions should be evaluated for their suitability for blockchain systems.  Specifically, these four steps can enable government to start in suing blockchain to address identity challenges:

  1. Evaluate existing identity and membership management solutions in order to identify features that apply to permissioned blockchain systems in the short term.
  2. Experiment with integrating these existing solutions with open source blockchain implementations.
  3. Create a roadmap (with a 2-3 year horizon) for identity and membership management for smart contracts within permissioned blockchains.
  4. Develop a long term plan (a 5 year horizon) for addressing identity and membership management for permissionless (public) blockchain systems. Here again, use open source blockchain implementations as the basis to understand the challenges in the identity space for permissionless blockchains.

Future posts and our forthcoming report will explore these and other issues in more detail.


[1] Irving Wladawsky-Berger,

[2] Paraphrased from Marco Iansiti and Karim R. Lakhani,