Yet today’s IT systems rely heavily on service orientated architectures, which chiefly means that applications call each other’s application programming interfaces or APIs to fetch external data or outsource complex tasks.
Unlike blockchain though, most existing services do not use cryptography to sign transactions and guarantee data confidentiality, integrity, availably and non-repudiationor or use crowd consensus to guarantee reliable execution.
So what’s the solution? This is where smart oracles step in. A smart oracle is an off-chain service that takes external data and injects it into smart contract’s storage on blockchain. Once that data is on-chain, it gains all of the useful attributes we need. You are still at risk if the smart oracle injected incorrect data, but at least the oracle cannot refute the data they supplied. You could also seek same data from multiple oracles and accept majority data only.
Why is this relevant to digital identity? Well, let’s imagine we want to model a virtual or fiat currency as a smart contract on blockchain. We could just model such a currency as it is today – a ledger of how much each holder has. Yet, once we go smart, we can add extra capabilities like regulatory checks.
“We can build it in and guarantee execution reliability at a much lower cost”
For example, why not build in AML checks into the currency smart contract – only allow transfer of money to legal entities resident in non-embargoed jurisdictions. Today we ensure this through external systems
that monitor money transfers, but with blockchain we can build it in and guarantee execution reliability at a much lower cost.
But to do this, we need to know that the recipient’s pseudo-anonymous public blockchain address is linked to a legal entity resident in non-embargoed jurisdiction for that currency, in other words we need digital identity. Yet we can’t call some external identity provider, so we need a smart oracle identity provider to pump that data onto blockchain to make use of it.
“So here comes the aha moment – to create regulatory compliant currency smart contracts you need identity smart oracles”
Existing identity providers will probably continue to provide off-chain web services, but will also start to pump their data into smart contracts. Providing high availability web services is an expensive business, whilst being a smart oracle is cheap – you don’t need to host web and app servers, all you need is a simple desktop app to inject data.
If blockchain does take off for general purposes financial transactions, then I suspect before long identity providers will transition from hosting own services, and instead switch to being blockchain identity oracles, perhaps providing web services adaptors to integrate on-chain identity into existing external applications i.e. blockchain becomes the identity repository used directly by smart contracts and via web services adaptors by off-chain applications.
Ok, so how would this all work? Well, let’s take the DVLA example I blogged about earlier. DVLA is in effect an identity provider. It confirms that a legal entity identified by a legal name like Alex Batlin has a number of verified by DVLA attributes e.g. an address, a photo, a right to drive a motor vehicle.
Let’s consider a few use cases for a driving license – police may wish to stop a driver and check that they have a valid driving licence, a car hire company may check that the driver still holds a valid licence before renting out a car.
In the days of the paper counterpart you could do that by checking a piece of paper, today you can either call the DVLA or use their web service to check the validity of a driving license. To do so, the police officer or the rental agent can ask for the driving licence, take a look at it and determine if it is fake or not, compare the photo to the person presenting it, and if they are happy with a match, they can supply the driving license number to a DVLA phone operator or the DVLA website to check current status.
It’s expensive for DVLA to have phone operators and maintain a website. What if they could just become an identity smart oracle and attest to the status of the driving license on blockchain? All they would need to do, is use a simple desktop app to make that attestation whenever they issue a new licence or update a license status if a driver is banned, has additional points, license expires etc.
Those credentials could be stored on-chain as hashes to preserve people’s privacy – in effect you only store a fingerprint of a credential, so you can’t deduce the identity on blockchain from this hash, but you can affirm it.
If that happens, anyone who wishes to check the driving license status would simply need to search the blockchain for that attestation at no additional cost to DVLA.
In fact, now that this data is on blockchain, and if you choose to trust DVLA’s address validation, you can code your currency smart contract to use the DVLA smart oracle data as input for regulatory jurisdiction checks. Bingo!
KYC, employment due diligence
This can be extended much further – need to check that someone is FCA certified, or has a university degree? Simple, each of those institutions no longer has to create web services or call centres to confirm credential status, all they need to do is post credentials to their smart contracts. Anyone performing checks e.g. KYC, employment due diligence etc., can simply search the blockchain smart contracts to confirm credentials – doing something in seconds what takes today weeks, at a fraction of the cost.
It’s worth mentioning at this point UK’s GOV.UK Verify service. It’s objective is to eliminate the need for lengthy, postal service reliant, government ID on-boarding processes. Once you have that ID, you can access a whole host of government web based services e.g. filing taxes, accessing DVLA etc.
What the verify service has done, is in effect design a standard for digital identity assurance – which documents and which checks need to be carried out by someone to assure the government that the online identity is authentic.
Each identity provider becomes a smart oracle
Based on this standard, they certified a number of partners to carry out specified checks on behalf of the government – in essence these partners are digital identity provider aggregators. They collect data like address, phone number, passport number etc. from a person and then call out various identity providers like DVLA, utilities, passport agency etc. to check those details. Once all the checks come back as successful, they assure the government that the online identity is indeed authentic.
This is a sensible current state architecture, but may force individual identity providers to serve same data in different ways to multiple identity aggregators, or in reverse, aggregators may have to create custom solutions per identity provider. Whilst it can work, it is inefficient.
What we can do is invert this flow. As mentioned above, each identity provider becomes a smart oracle and injects credentials into their smart contract on blockchain. They no longer have to maintain expensive call centres or web sites.
The aggregator, now also a smart contract, then collects data from a person, and calls relevant identity smart contracts to satisfy the standards specified by identity consumer – the government in this case. All done in near real time and a fraction of today’s cost. Any status changes can be quickly responded to.