uPort is a neat concept of self sovereign identity but there is one thing to keep in mind. uPort is a neat concept of self sovereign identity but there is one thing to keep in mind. It doesn’t remove the need for trust in 3rd parties but instead users choose the 3rd parties they want to trust. Firstly, lets do a quick recap on the basic concepts. Firstly, lets do a quick recap on the basic concepts
Self sovereignty can be thought of as having self authority or for yourself to be in control of something.
Self Sovereign Identity is the ability to own and control your identity.
Another neat definition is: “Self-sovereign identity is a concept where the individual has ultimate control over their identity and is the final arbiter of who can access and use their data and personal information” – John Lilic ( ConsenSys).
This is an interesting concept because have you ever stopped to think if you actually own your identity? Your name, your date of birth (D.O.B), or your work experience that you display on LinkedIn, who owns that? Your hobbies, the places you have visited, your martial status on Facebook, who owns that? The T’s & C’s may say you “own” it, but you have in fact lost control of it because it’s being stored in a database somewhere… and can/is being monetised.
uPort is defined in its whitepaper as “a secure, easy-to-use system for self-sovereign identity, built on Ethereum.”
It’s defined in its support page as “a self-sovereign identity system that allows people to own their identity, fully control the flow of their personal information, and authenticate themselves in various contexts – both on and off blockchain.”
What does all this mean?
In plain language, blockchain technology has allowed the realisation of the self sovereign identity concept. You control your personal data and can choose to release all or parts of it in return for access to services you want. This is different to the old days of Google or Facebook holding your personal data creating a centralised “honey pot” for would be attackers.
Many websites also choose not to hold personal data but use Facebook or Twitter as identity providers. Either way, once you provide your date of birth, it is in the service providers hands.
What uPort and other self sovereign identity systems do is utilise blockchain technology and therefore cryptography to wrestle ownership and control back to you and I.
This is the key: “On this platform, the user creates their identity and collects reputation data on a user-friendly mobile app without the need for technical knowledge, and is completely independent from centralized 3rd parties.” – Thessy Mehrain (uPort).
Take this scenario. On Facebook users need to be aged 13 and over and require a D.O.B. Instead of giving that data away, I can provide an attestation of my age via the blockchain. In other words, I claim that my birthday is Jan 1st, 1982 then I can have someone from an institution like a bank digitally sign that assertion and say ‘we’ve checked this persons passport and we can attest to the fact that her birthday is Jan 1st, 1982’. – John Lilic (ConsenSys)
In the example above, at no point do I provide the actual date of my birthday and that is very neat but consider this. Without attestation from a 3rd party such as a bank, notary or a government system like RealMe in New Zealand to attest (verify) my actual birth date, I could claim my D.O.B to make me any age I want. 65 to get the pension and 12 to get kids price on movie tickets. Therefore, I do need to trust some 3rd party to attest or “back up my claim”. And that is the crux of the matter. uPort doesn’t claim to remove the need for trusting a 3rd party.
Thanks to Christian from uPort for clarifying this as well. “The difference is that when you have a self-sovereign identity platform like uPort you have full flexibility to choose who you trust, and you can trust different identities or authorities for different things.”
Therefore, it seems we still have to trust some 3rd party but there is more flexibility which is great.
Going back to Thessy’s statement “On this platform, the user creates their identity and collects reputation data on a user-friendly mobile app without the need for technical knowledge, and is completely independent from centralized 3rd parties.” I think it is important to still recognise the importance of 3rd parties and that they are not completely cut from the loop. The key though, is that they attest my D.O.B but don’t hold or store it.
Self Sovereign Identity is a powerful concept. I can access online services by showing a virtual piece of paper saying “global bank X attests that I’m over 13”. What happens next is that ownership and power shifts back to the individual. Individuals not only have control over their own data, they can choose to monetise it instead of Facebook. However, it does not remove the need to trust some 3rd party to attest the data. This is not to say though that a peer to peer reputation based framework couldn’t be used in the future.