Over the past decade, we technologists have become very familiar with Distributed Ledger Technology (DLT) and its immediate descendant: blockchains. We’re not alone anymore. We’ve all observed the growing general public interest in- and psychological gravity toward blockchain. As my colleague, Adam Tsao, wrote about in an earlier blog, it’s a fascinating topic that intrigues even the most skeptical Luddite, if, for no other reason, to debate it on scintillating news programs.
To what point have we become overly-reliant on blockchain, making it the universal law of the instrument? Known as Maslow’s hammer, Abraham Maslow said, “I suppose it is tempting, if the only tool you have is a hammer, to treat everything as if it were a nail.”
This quote has particular meaning to me when we, as engineers, are presented with new concepts, technologies, and processes. Often, at the time of their introduction, these ideas are viewed as novel solutions to a problem. We’re drawn towards the new and shiny hammer to replace the old one. And yet, to mix my metaphors, this is like putting lipstick on a pig; it’s the very opposite of the growth and disruption mindset that we need to truly innovate.
Blockchain is not the only tool in the identity management toolbox. To fundamentally change how we solve previously intractable problems and provide better solutions to established practices requires an assessment of how new technologies can demonstrably improve a system, apply them, and measure those improvements.
The rise of the ledger
A distributed ledger is a distributed database that can be managed by multiple parties (vs. traditional databases, distributed or otherwise, with a sole operator). DLTs commonly use a consensus approach among these multiple parties to ensure eventual consistency across all copies of the ledger. A blockchain, specifically, is a distributed ledger where each entry is mathematically bound (via hashes) to its predecessors as a chain of ledger entries.
One of the key differences between DLTs and blockchains is that while blockchain requires global consensus across all parties, DLT can achieve consensus through other various, agreed-upon means.
Blockchains also provide immutability (i.e. write-once), as altering an earlier entry in the ledger would result in invalidating the sequence of subsequent hashes. This immutability comes at a price, which we will explore in part 2 of this missive.
Some of the hype surrounding ledger and blockchain technologies is slightly misleading. For example, it is commonly stated that blockchains are inherently more secure. While it is true that having a peer-reviewed ledger adds a degree of security (more specifically, trust) in the system, without the incorporation of public key cryptography, or use of other well established security mechanisms, blockchains and ledgers are not, in and of themselves, “more secure.” The trust in the system comes from both the peer-reviewed entries (consensus), as well as through the application of more traditional cryptosystems.
In recent years, there have been numerous security incidents pertaining to blockchains. One such breach resulted in a cryptocurrency forking the blockchain network. The Cloud Security Alliance is establishing a registry of some of these vulnerabilities. And while this incident revealed a flaw in software design, not the science, it highlights that, as with all new technologies, we should be cautious about declaring victory.
The dawn of the ledger
DLTs made their most well-known public appearance with the launch of Bitcoin as a powerful social, political, and cultural movement, soon followed by cryptocurrencies aplenty. While each are built on top of distributed ledgers and blockchains, cryptocurrencies are just one of the many emerging applications for DLTs and blockchain.
Other well known (but less hyped) applications include smart contracts and supply chain management systems with irrefutable statements of fact by consensus. Each is a job particularly well suited for blockchains and ledgers.
How would an identity system benefit from these characteristics? In the world of “know your customer” (KYC), and the preponderance of “from the couch” identity verification, irrefutable facts are just what the doctor (or carpenter) ordered! But, how these assertions manifest themselves, if at all, in a blockchain remains an open debate.
The war of the ledger
Today, blockchains are everywhere you turn, and we have the advancement of the distributed ledger to thank for it. They have become our new hammer. There have been hundreds of blockchain-related startups in 2020 based on the premise of speeding up business processes across a myriad of financial services (e.g. Ethereum, Ripple) and non-financial services (e.g. Rally, SuperRare). 2021 will most certainly not be any different. Is identity management a nail for our shiny blockchain hammer? Sort of.
Not surprisingly, the identity management community has added blockchains to its toolbox. What problem did blockchain uniquely solve, where previous technologies could not, or could only partially, address? Part 2 will assess the truthfulness of some of the claims on how blockchain is a game changer for identity.
Blockchain, as a tamper-resistant database shared on a decentralized, peer-to-peer network, has moved beyond cryptocurrencies and into supply chain, intellectual property and identity, but how it fully contributes to an improved architecture remains a work-in-progress. There is no reason blockchain can’t be part of a digital ID solution and we’re eager to show where it is most suitable.