How to Use Blockchain as an Identity Provider

Nowadays, Internet services are evolving rapidly and amount of everyday using services are growing up exponentially. Some services we start to use, some of them we abandon. Yesterday we used ICQ and Hotmail, nowadays we use Slack, Gmail and Snapchat, tomorrow we will use next-generation services. Internets services help us to do different kinds of stuff: exchange text messages and media, maintain documentation, listen music and watch video, rent houses and cars. The only one thing, that almost all services have in common, is need to sign up and sign in to this services. You pass your personal data to service, and service use this data to identify you as a user.

With growing numbers of using services you need to share your data within these them. The main problem is that you need to make new password every time you sign up within new service. It is necessary to keep all your accounts safe, because if one of your services is compromised, your other accounts will also become at risk.

This problem can be solved partially, using most common services as identity provider via OAuth protocol. For example you can sign up with AirBnB via Facebook or Google. Or on Medium you can sign up via Twitter, Facebook or Google. But what if you do not use these services or you have lost your account on Facebook or your account has been stolen?

It is necessary to create identity, that can be owned only a user, who created it, and only owner could provide access to his identity for third-party services. I.e. identity is stored in individual protected user’s storage that allows only user to control its data. Reading and writing is not allowed for others. When user signing up in new service, he allows access to his data only for this service, and only for user-defined data. Service reads data, and creates identity, connected to signing up user.

This solution can be implemented using blockchain technology. User installs blockchain client software to his device or uses trusted web service. Software generates pair of cryptographic keys: public key, for profile data encryption, and private, for decryption. User creates his profile with desired data — name, email, phone number, etc. Software encrypts users data with public key and stores it in blockchain. So this data can be accessed by anyone, but it is encrypted, so data cannot be read by anyone but its owner. So user can maintain his data.

This process is shown on the diagram below:

Then a user tries to sign up in some service. Service generates pair of keys (public and private) asks user to give access to his data, and give him a public key. User confirms access, blockchain client software reads user’s data from blockchain, encrypts data with stored early private key, encrypts users data with services given public key and stores it in blockchain. Then a user notifies service, that he allowed access to his data. Service reads encrypted users data, decrypts it and creates users account. To increase speed of user registration, client software could send encrypted data directly to a service within writing it to blockchain.

Open Identity Community member, OSS Enthusiast