Presentation at the Consumer Identity World 2017 EU in Paris, France
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Presentation at the Consumer Identity World 2017 EU in Paris, France
Presentation at the Consumer Identity World 2017 EU in Paris, France
And you share everything everywhere. Okay. And then if you look at something like my, my Google of ships, okay. This is where Google kind of maintains where 10 have given to lot of websites. I can show, show you a quick thing. What I've got my on this stuff. Okay.
So, okay. So I've got like 20, 25 ions. Okay.
So I got, and then if you look@howaboutbeing.com, it say there was a big, negative reach three, four years ago, and then that's one of the biggest reach. So lot of the PP has gone into, into the dark net. So if you go to have a phone, you will see lot of your email ID things compromised. And then you can see there, which, which account you have years used estate. And where is it stolen from?
So, so the architecture is been simple in a PSC two world. And so you have a banks, so banks will be connecting to them as a AI P and then say, yeah, provider for future. And then you have the platform that we are talking about. This is bit of a blockchain using Ethereum. So you could pretty much use anything. The concept is saying. And then you just say from there, like, if you look at the board and you say full identity, authentication, everything is there. And from there, onwards is PDO numbers and nothing is kept in blockchain.
It's sort like you have some of black backend and then backend doesn't have any of this, all data. So this is bit of a provisioning side. So the user comes to register in a single page. So the blockchain apps goes down. And then from there user gets to talk to the power back and server with I server and then say I a bank and then go through it. And then you get the of this, and then you get a data. Okay. The only the relevant data in the contractor. So you have a smart contract in blockchain. One of the relevant data is kind of take from there.
And then you create a smart contract in I, if you, based on the public reminder and then say, yes, I, I, I help to create that and deploy that contract. I, I say yes, because the deployment is done from the user perspective. So if he has to pay some gas or, or bid Bitcoin, he has to pay for it. And then we come and say, yes, I can watch for that because it's my data's not being time for, although in the future, the banks can come all the way and say, yeah, that's the real data, but you don't get the identity. So there is a bit of a crypto material that would be fast long.
And then the banks can look at the crypto material and say, yes, I can adjust this guide. So if you look small contractor, we say a person X, Y, Z anonymous, or S it could be a hashed iPad number with the crypto material banks say, yes, I send this data and he's the smart contract can, can gate like resident of a country. That's it. Okay.
Not, not too much. So if you go into a liquor shop, they only wanted to know, are you or 18 plus, okay. They don't need where to do. And all of that, if you're buying a lottery, they want to know, are you resident of this country? Okay. And then you say, yes. Okay. They don't need anything else.
So that, that's how we are looking at the problem and say, because if you try to share all the data and then it's leak, and you're everywhere in the digital world. So this is simple UI, you say, okay, you can connect to any of those networks. Like even the production, we're not testing with these ones. So you put the public address, you could ITM authentication, PKI, respective, what you use when you can bring in a fiber. And you can start using that, just the PKI technology, how stove your key is your problem. And it's all yours. There's nothing there in the server or the provider side.
Okay. Sign the challenge.
And then, then validate the signature. And that's it.
So, so this is the interface you have saying, you come in and say, this is your public address. You can create nickname if you want.
And then, then there is list of banks. You could just say, choose the bank, verify your identity and stuff. This is it. In the PS world. You can see lot of banks. Okay? All the banks, literally, if you are signing as the TTP being banking world, then can list all of that. Okay?
This is, I don't want to go through it, but you get the hand of it. This is for your future. And if you're interested, all we are saying is the bank. Then the other station of the contract. And then this is a, let's say this is a fix years company. So gold back. And then in the gold back, well, we are just saying the guy saying, oh, I'm integrated with the blockchain P provider, which is, or the wides not difficult for that. And then to say, oh, you could use one of these to log website and then say, okay, I'll use open bank kind and then use, build the log.
And then this is again, a, what happens is the YC flow. You just verify the identity. There is something here that is a bit of a code, which is a blockchain library.
We are, we are encouraging the third party to use. In the sense, if we tell us more contract, they can pick a more contract saying age contract, or a resident contract, something like that. And then when we send the data back to them, we will give them an I contract address. So all they have to do is when they receive it, they have to go and validate that address and look at the data in the contract, in the blockchain. And if that says, yes, it's resident does this country. Then you allow the research to use it, to access your resource.
So, so in a normal or YC flow, the only thing you'll probably be doing different at end of it. Okay. Not inside of, or, or why. End of it. You just start to link it to the blockchain and say, I want to validate this contract. And just library, order backend, you can write simple library to call the blockchain. And so this is kind of a demo we have been building. So we've been busy as well with the open banking deliveries and stuff. But then we, we, we kind of found time to build this.
So, so we have two banks and one is built on four drop stack, a hundred dollar built on stack. And then this is our infrastructure platform. And then this is the gold back. I've been talking. So they have a line. And then this is their application application, access it. And then they send it to Ethereum. So we are doing YC club and then we are actually delivering YC off the pack. And then once the user is finished, we gets access to the website. And then this guy text the theory and say, this, this is the validation of our stock to validate the smart contract of identity.
And this is bit more technical. I don't know, to go too much into it, but you, you will see, it looks so simple on the login and stuff, but, but really I would listed all the APIs or calls. Okay.
You, you like the number a here, downside customer IDC request chart that takes like first five or second factor consent. That's like four or five goes there already. And then there is something you wanted to check. If the PVP is valid, this is the open banking policy. It could be open banking implementation, or it could be in the PSK world. We don't know what's coming. So we probably check the validation of that entity as well. So if open it is the TPP, we need to validate that side. So it goes into like pretty much, I can say 30, 40 flows calls here or met end of it. You get it.
But then on a user perspective, just like four or five screens, okay, this is what we store actually, it's there in the smart contract, in the smart contract. So you have the public address. And then you could say, resident, you don't even have to say data birth. You just say over 18, or you could say month of, or Europe is your smart contract. You can just define. And then the last bank log. So you don't want a guy who's logged in 10 years ago and then trying to access someone. And then you could say, no, I want this guy recently logged into a bank in the last six months.
Something like that. You could say so that you get bit more realistic view of person. Then other stations is something bank ID. We at this as well. So open bank ID when it's open bank ID. So that platform will like us say, why did put this data on the blockchain?
And, and then the banks will come on as well in the future. Yeah. Make them to do it. And maybe they will do it. Other attribute you, you write whatever. So it's your smart contract. You deploy a contract and you try to fill that contract with the data available about achieving with the bank. So I only calling it as a bank PSP, two world. He could be anything. He could be connecting to a Frank DV or what's it passport authority, or you have the gas as well. So all of that can be brought in because gas and everything that has true identity.
And then you just want to Ize it it, so, and then they can create their own contracts, more contracts. This is a simple ID token that be on this point, not all the claims there, but then all of the main thing is the ID contract address. And that's the main, that's a private claim that should go. Because only with that, the third party who's consuming, your IDP service will be saying, okay, I'll go into the blockchain for this address.
And I can, I can see that he's a proper valid person regarding complains. I dunno if everyone is started to use users autonomous or are an only, and if they are kind of bullying or stalking or anything on the internet or proposing materials, how do, how do you, you track them? Because they log into a platform, let's say some social media website and social media. So say I'm gonna use anonymous provider. Okay. And if I use it and they started to misuse it, what do you do? This is something, because if you're in a blockchain, your, your data is not pay everyone. And they don't know you.
That's a point what you do. So it's only people complain. So providers can suspend the user and say, okay, this user, you get something, we are suspending it. They can do all that. But then can they pursue you? Maybe if you have been done a big crime. Yes. Because we know people are being caught and not, not using the forensics of the blockchain, but outside of, for forensics gives you the, the authorities pursue people who have done malpractice with the block or slow money and those kind of things. So yes. Can we track outside?
And what, what service provider can do is just suspend the user inside, sorry. And you'll just go create another account. So this is a bit of a, what to say, issue that, that that's facing us. So not for the good people, bad people. You've gotta live with all of them in this world. And how do you protect yourself? Okay. And I have a demo as well. Just see.
So, so this is mark question one time. Yes. Couple of questions. It is first. I was curious if you could talk a little bit about the value of using blockchain for identity management, because blockchain, for the most part, I think one of the fundamental things that it brings to it is preventing double spending, right? Which is because when I have a dollar and I give you a dollar, I'm not giving you a copy of that dollar is the dollar itself price that asset. Whereas in a federated network, like you're talking about, let's say there are 20 banks.
If I give, like, my name is, will be, every bank would have a record of that name. It won't be my name that I'm transferring from one bank to another. Right. So you could potentially end up in a situation where you have conflicting records of names across banks. So how do you use blockchain to prevent that kind of a problem, which is kind of one of the main reasons why people use blockchain to Begin?
So, yes. So that's the typical problem. But in this contract we are talking is, there's just a saying anonymized, okay. There's probably, there is no data. There is no consistency. That thing you could have 10 bank accounts and you can publish, you have 10 identity contract on the network. And if you log the N and you left a bank the next day, so it's kind of, it's not going to keep that consistency. And so you will have all the records of your identity contract. You can't delete it and it still stays there.
But then there is no data, which is, it only has the minimal data because you don't want to tell everyone, my name is this. And I process this. And all of that, all it's saying is probably 18 plus or year of birth. Okay. That's pretty much what we would store. Or you would say resident of a country. This is what we need in the real world. How many times, maybe if you are going to a shipping company and so career, and you need to provide your address. Okay. But then with this, in this model, we are not even gone there.
It's just that there are tons of websites where we are using Google provider to log into, but I'm saying Google knows all about you. And then other website knows all about you. But so we are trying to say, just put the minimal data. We don't need all that. And then consistency.
We can't, you not doing police work. We kind of clean up everything and say this identity contractor, this by answer your just quickly, how story five. Yeah. Okay. So this is you log in and then you say balance, and then you say the last conference I did probably do. Okay. Okay. That authenticated. And then it should be back here. And then what this is saying is now it's going to, so it's finished authentication, not the claims needed, but it's not forcing all the claims only posting the relevant claims at the minute. It's just about date. We could just cut down of the apps.
So storing into blockchain. So this is where you are.
Actually, the data is forcing the contract into blockchain world. And so it's repairing the contract, it'll deploy the contract and then it'll do the mining. So at the minute I'm using a private network on AWS. So usually in a, in a line, one you're mining and all of that 10 minutes, you can using private, maybe early. So that that's kind of a thing you have. But if you do it once, you don't have to do it many times, probably for six month or one year. And unless the, so the, the third party can say, this login is more than 10 years. I want the user to go. And reauthenticate.
So if they say that, then the open bank, I will then drive that and say, now go back to the bank again, because it will remove that bank and then say bank again. Then we'll be able to kind of do that. So just say the contract is done. And then the next one is, So while, while you're setting that up, I was wondering if I could ask my question, cause a little bit germane to what you were just showing, assuming that you do want to use blockchain as part of the identity stack. I've got two questions as part of this one.
It sounds like what you just said was that the login process is going to be beholden to the, to the block lag of whatever, whatever chain network you're associated to. So it could take me 10 minutes to log into my bank the first time, which is a problem from usability. The second question and related to this is I'm curious, which parties in the O I D C ecosystem need to be running the whatever blockchain stack software and connected to that network. Is it the client? Is it the as, is it something that the user has to run on their own machine?
Who, who actually has to have access to, to the blockchain database? Yeah. Okay. So the first part is the 10 minutes login it's from the login is usually installs into the bank's just that when we close the data into the blockchain, it takes time. The mining takes time. Okay. So that's the 10 minutes We are talking. Right. I understand.
But it, it sounded like, and perhaps I'm just being denser, that, that the bank wasn't really going to log you in until that had been posted until that had been reported. So if you have, sorry, if you have registered as a, as a T PPP and you tried to log in and it should be instantaneous because that, that's what we are trying to solve within NPS to do, Because you've previously staged. This is what you're saying. That Previously Stage the contract, No, the contract will be done. So the first part is you log into the bank, get your user claims. Okay. That's the first part.
And it's just instantaneous. It should go in real time at least. Okay. So with the label three to five seconds, and that second biggest third one, we say, okay, we got the claims there in the I ID token from the bank. And we are taking the selective ones like Europe, birth or resident of a country or something like that. And then say, prepare a contract. And this is, this is where the time consumption of the delays, the whole thing starts.
You say, I'm going to prepare a contract. Okay. Whenever I say there is already a contract, we are creating the instance of that contract. So you have a, you're trying to combine the code with the Attribute, right?
Yeah, no, I get how that I get how the technology works. My question is what is that as a consequence for the user experience, if I'm clicking to go do something at my bank, which is presumably what I'm trying to do, because I'm logging in, do I have to wait for that contract post before it happens and Log in and you come out inspect bank. Okay. So this is all happening behind the scenes. Yes. Interesting. Okay. And the second, The second part is currently it's the private network.
So the, the browser here talks to the, the AWS TM. So the browser's running in Ethereum client.
No, it's not at the, it's having some JavaScript of it. The client. So the browser's running in Ethereum client in JavaScript. Yes. Okay. And then the actual Ethereum itself, is there an Aw AWS?
So, so tomorrow's browser, they will be all blockchain. Ready in the sense we have met a mask and The internet will be, I PB six universally any minute now. Okay. Thank you. Great. Anything?
Yeah, that's the kind, so they prove it. And then once you've done the web validation, then you can log in. So when you haven't limited anything further, so just start saying, okay, this is so time to, okay. Last question. When we start talking acronym, it's time to stuff. That's when it starts. Hi. So I'm not a blockchain expert by any means, but isn't there a cost to writing data into the blockchain likethere and how much of a cost do you think that would be? Personal attributes, maybe an avatar photo and your age range, all these kinds of things. Seriously dunno.
But what we have been using and test data is usually the, what we have seen the code we are trying to compile and post, it should not cost like less than 10 cents. It should be pretty much less maximum. Probably 5 cent is something you click up talking as well. So it's just prohibition. Your contract could be less than that, but I'm just giving it number. So it's not extensive. That's what I'm saying. Thank you very much.
Our next speaker from Simmonds and Simmonds is going to talk about more of the aspect of privacy and blockchain while you're setting up one last question, which is, this is an open source project. We, how people, So it's probably we trying to opensource this project and to contribute, or maybe some, some helping enterprise would say that, that, so you'll probably the so it's.
Okay, Great. Thank you very much.