On 4th September 2019 Chris Eckl, CTO at Condatis, delivered a presentation on the future of Identity and Trust at the 2nd International Conference on Blockchain, Identity and Cryptography in Edinburgh. In this article we summarise the key takeaways of his presentation.
- Condatis (part of Sitekit) has been operating in the digital health space for over twenty years. From initially providing websites to the NHS, to eventually providing citizenswith interoperable personal health records (most famously eRedbook), digital identity has always been a key theme.
- Secure data exchange between health providers and individuals can only take place if there is a trusted digital identity to communicate with.
- Establishing trust is paramount. Even if we successfully manage to establish a self-sovereign network using a ‘digital identity wallet’, users still need to trust the system. It can be challenging for users to determine whether a digital identity provider is trustworthy. Data breaches frequently make news headlines, affecting even the most well-known brands. In addition, users may be unsure about whether their data can be sold or re-used for different purposes.
- Creating trust can be done by trusted intermediaries; for instance, trusted brands like financial institutions. The user already trusts these institutions to handle their data safely. A trustmark provided by intermediaries could help the user decide whether an identity provider has ‘good’ or ‘bad’ intentions.
- A first challenge is Enrolment, as users need to validate their credentials. This has been one of the top priorities of the UK.gov Verify programme. They have put together a process that allows citizens to evidence their real-life existence up to an assurance level of LoA2, based on GPG45, without a face-to-face interaction. They have done this using outsourced identity providers – a user must scan identity or financial documents, resulting in a calculation of strength of the evidence, validity of evidence, and activity of the claimed identity over time.
- A secondary challenge is Liveness Binding, to ensure that the relying party knows that the digital identity is ‘live’, e.g. that the user has not lost access to their digital identity wallet and keys.
- There is an existing demand for a service provider that can manage the attestation of liveness and matching of biometric attributes against the official identity documents outside of the wallet.
- Recognisable trusted brands need to work together to offer a digital identity trustmark for users.
About Chris Eckl
Chris Eckl is the CTO of Condatis and has been with Sitekit for over 19 years. He is an internationally acknowledged subject matter expert in identity systems and their application. He is also the chief architect of several substantial public and private sector digital identity projects.
About the 2nd International Conference on Blockchain, Identity and Cryptography
The International Conference in Blockchain, Identity and Cryptography is organised by the Cyber Academy in partnership with the Blockpass ID Lab (at Edinburgh Napier University) and Blockpass IDN, in collaboration with IOTA. The conference focused on three main areas:
- Blockchain. Focus on applications and use cases related to blockchain, DLT (Distributed Ledger Technology), cryptocurrency, and tokenization, and present results from current work.
- Identity. Focus on the provision and consumption of identity, and include areas of self-sovereign identity, anonymised credential passing, and so on.
- Cryptography and IoT. Focus on the latest application of cryptography into building safe, secure and resilient infrastructure. Key topic areas included: Zero-Knowledge Proof (ZKP), Privacy-preserving methods, Digital Signatures, IOTA, and Light-weight cryptograph