Kauri ID - A Self-Sovereign, Blockchain-based Identity System

Transcript

1. Kauri ID A Self-Sovereign, Blockchain-based Identity System Guy Kloss (SingleSource)

   Paul Salisbury (BlockchainLabs.NZ) Vishnu Devarajan (ASB) ITP Conference Wellington, 13 July 2018

2. Who am I? • (Cryptography and Computer Science) Geek •

   Working (now) for SingleSource: • KYC and AML focused services • Part of the “Centrality family” of companies • Building an underlying digital identity system • Lots of blockchain and underlying cross-company synergies 2/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018

3. Mission Statement Solve this common problem: Kiwis can’t express their

   identity digitally and securely across cultural backgrounds and across competitive boundaries. 3/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018

4. A Driving Economical Problem The cost of KYC and AML

   (e. g. to banks) Example: Royal Bank of Scotland • Employs approx. 2,000 staff (early 2017) for KYC rules • Expectats to reduce head-count by 95 % (given a viable digital solution) Source: Bloomberg Intelligence’s Report “The Year Ahead 2018” 4/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018

5. Who Dunnit? Wynyard Innovation Neighbourhood 5/29 | Guy Kloss, Paul

   Salisbury, Vishnu Devarajan | Project Kauri ID c 2018

6. Who Dunnit? Wynyard Innovation Neighbourhood 5/29 | Guy Kloss, Paul

   Salisbury, Vishnu Devarajan | Project Kauri ID c 2018

7. Value Proposal • Secure & Trustworthy (enable fine-granular, selective, confidential

   data sharing) • Self-sovereign (privacy preserving, no third party custodian) • Tamper Resisatant . . . using blockchain (for us) 6/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018

8. Why Blockchain? by Brendan (Jim) Boughen http://cartoonsbyjim.com 7/29 | Guy

   Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018

9. Why Blockchain? • No custodianship • No tampering/immutability • Built-in

   security/reliability 8/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018
10. None

11. Immutability!

12. Based on Distributed Consensus Whakaaro wh¯ anui: The beauty of

    thinking together, not thinking the same. (People in agreement.) Chris Cormack at OSOS 2015 10/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018

13. What is Kauri ID? • Used to be: The project/vision

    I’m talking about • Now: Protocols, data structures, concepts • Allow for this to work in a decentralised environment • May be implemented using centralised systems • Based on a “Web of Trust” approach 11/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018

14. What is Kauri ID? • Very different from traditional/centralised design

    • Easy to go one way, quite difficult for the reverse • A “standard” with a reference implementation, that allows for integration and federation of ID attributes 12/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018

15. The Vision • For individuals Give power back to the

    individual to be in control of their Digital Identity. • For Organisations Take the pain out of compliance and enable risk free business. We leave traces of our digital self everywhere. Our data is harvested, mined, exposed, stolen and traded, which is used in cybercrime and financial fraud. This undermines the trust between individuals and organisations as we are more reluctant to share information and organisations are having to rely on a spaghetti of processes to screen customers and meet tougher regulations. 13/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018

16. The Vision • For individuals Give power back to the

    individual to be in control of their Digital Identity. • For Organisations Take the pain out of compliance and enable risk free business. We leave traces of our digital self everywhere. Our data is harvested, mined, exposed, stolen and traded, which is used in cybercrime and financial fraud. This undermines the trust between individuals and organisations as we are more reluctant to share information and organisations are having to rely on a spaghetti of processes to screen customers and meet tougher regulations. 13/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018

17. Privacy and Data Protection by Brendan (Jim) Boughen http://cartoonsbyjim.com 14/29

    | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018

18. The Vision • Still along the lines of the original

    project • Standards-based, open, collaborative • But allows for (easier) federation/integration (e. g. with proprietary systems) • Using strong cryptographic assurances, and guarantees of tamper resistance 15/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018

19. The Vision Identity (uPort) Provenance (PROV) Customer management contracts (B/C)

    uses uses uses controls uses B/C Storage IPFS 16/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018

20. The Vision • De-couple tech from policy/governance • A robust/capable

    “core” → Can be used in various legislations (spill beyond the boundaries of NZ) • Keeps complementary aspects decoupled/separate (regulatory compliance, GDPR compliance, etc.) • But supports meeting these requirements • De-couple Kauri ID from ID/authentication → Can “bolt onto” various systems (such as uPort), to allow for better integration 17/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018

21. Modular Design LEGO LEGO LEGO LEGO LEGO LEGO P =

    8.0 mm = 5/6 × H = 2.5 × h 3.0 mm 5.0 mm 1.7 mm H = 9.6 mm = 1.2 × P = 3 × h P - 0.2 mm = 7.8 mm 2 × P - 0.2 mm = 15.8 mm h = 3.2 mm = 0.4 × P = 1/3 × H 18/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018

22. A User Journey 1. Onboarding for AA Membership, making a

    virgin KauriID (with DL and POA, extracting attributes & including photo) 2. Local Library Membership (with attested POA “basket” from step 1) 3. Purchase alcohol (with attested DOB and picture attribute only from step 1) 4. Onboarding for a Loan at ASB (with Passport and S&P Agreement) • ASB attests a stronger identity and updates POA “basket” • Updated POA “basket” → user’s choice to share updates 5. Connecting power from Mercury (online only, using latest from step 4) 6. Registering to vote in local election with KauriID records (with latest from step 4) 19/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018

23. Data Structures It’s a bit too deep to go into

    data structures . . . , but the following shows what they’re supposed to achieve. 20/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018

24. Data Structures The 10 Commandments :-) 1. The ability to

    make “self claims” by the subject (to be attested by another party). 2. The ability to make “foreign claims” (usually by the attester, usually attested immediately). 3. The ability to keep content of claims/attributes confidential. 4. The ability to decrypt every claim element/attribute independently (separate encryption key). 5. The ability to reference each claim element/attribute independently (tuple: claim set reference, attribute index). 6. The ability to verify the authenticity of every claim element/attribute independently. 7. Uphold opaqueness of the type of attribute (or named key) to an outside observer. 8. Uphold opaqueness of the attester (signer) of a claim to an outside observer. 9. A requester by default is only enabled to retrieve the attestation meta-data of a single attestation. 10. A requester can be enabled to recursively retrieve the attestation meta-data of the entire (backward facing) attestation provenance trail. 21/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018

25. Data Structures A glimpse of the current work in progress

    (incomplete, not up-to-date) 22/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018

26. Initial Technical Platform • uPort on Ethereum: Blockchain Authentication Framework

    • IPFS: Decentralised, Immutable Data Storage Framework • PROV: W3C standard system and grammar to express relationships and processes • JSON (RFC 4627): Storage structure for common data payloads • JOSE: IETF Javascript Object Signing and Encryption • ERC-780: (Emerging) Standard to reference on-chain claims in Ethereum 23/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018

27. Current Status • NZ DIF • Industry-driven, government involved •

    Technical collaboration • On Kauri ID core matters • Adoption/implementation • Use case evaluation • Collaborators: SingleSource, Spark, BlockchainLabs.NZ and ASB 24/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018

28. Are you interested? • Follow the KauriID project documentation https://kauriid.gitlab.io/kauriid_doc/

    • Get in touch! 25/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018

29. Now, what’s Provenance? AA validates the address kauriid:provingAnAddress wasAssociatedWith nzta:dl/john_doe_0815

    used watercare:bills/customer/4711/month/201709.pdf used kauriid:persons/4242/attestation/0001 wasGeneratedBy wasDerivedFrom wasDerivedFrom prov:content name, dob, photo, dl_no, dl_version, dl_issued_ts, dl_expires_ts, street, suburb, city, post_code aa:Organisation aa:Bob actedOnBehalfOf water bill driver licence 26/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018

30. Now, what’s Provenance? AA validates the address kauriid:provingAnAddress wasAssociatedWith nzta:dl/john_doe_0815

    used watercare:bills/customer/4711/month/201709.pdf used kauriid:persons/4242/attestation/0001 wasGeneratedBy wasDerivedFrom wasDerivedFrom prov:content name, dob, photo, dl_no, dl_version, dl_issued_ts, dl_expires_ts, street, suburb, city, post_code aa:Organisation aa:Bob actedOnBehalfOf Bob works for AA 26/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018

31. Now, what’s Provenance? AA validates the address kauriid:provingAnAddress wasAssociatedWith nzta:dl/john_doe_0815

    used watercare:bills/customer/4711/month/201709.pdf used kauriid:persons/4242/attestation/0001 wasGeneratedBy wasDerivedFrom wasDerivedFrom prov:content name, dob, photo, dl_no, dl_version, dl_issued_ts, dl_expires_ts, street, suburb, city, post_code aa:Organisation aa:Bob actedOnBehalfOf new identity attestation 26/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018

32. Now, what’s Provenance? ASB checks validity of the identity kauriid:provingAnIdentity

    wasAssociatedWith dia:passport/john_doe_0815 used kauriid:persons/4242/attestation/0001 used kauriid:persons/4242/attestation/0002 wasGeneratedBy wasDerivedFrom wasDerivedFrom prov:content name, dob, photo, dl_no, dl_version, dl_issued_ts, dl_expires_ts, street, suburb, city, post_code, place_of_birth, country, passport_type, passport_no, passport_issued_ts, passport_expires_ts kauriid:provingAnAddress used wasAssociatedWith harcourts:snp/house_47110666.pdf used kauriid:persons/4242/attestation/0003 wasGeneratedBy wasDerivedFrom wasDerivedFrom asb:Organisation asb:Ray actedOnBehalfOf New attestations joined with old graph * 27/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018

33. Now, what’s Provenance? ASB checks validity of the identity kauriid:provingAnIdentity

    wasAssociatedWith dia:passport/john_doe_0815 used kauriid:persons/4242/attestation/0001 used kauriid:persons/4242/attestation/0002 wasGeneratedBy wasDerivedFrom wasDerivedFrom prov:content name, dob, photo, dl_no, dl_version, dl_issued_ts, dl_expires_ts, street, suburb, city, post_code, place_of_birth, country, passport_type, passport_no, passport_issued_ts, passport_expires_ts kauriid:provingAnAddress used wasAssociatedWith harcourts:snp/house_47110666.pdf used kauriid:persons/4242/attestation/0003 wasGeneratedBy wasDerivedFrom wasDerivedFrom asb:Organisation asb:Ray actedOnBehalfOf Can be stored in bank’s private system 27/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018

34. Demo Time https://kauriid.herokuapp.com Look, mum . . . No password!

    28/29 | Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018

35. Questions? It’s all about trust! Guy Kloss [email protected] 29/29 |

    Guy Kloss, Paul Salisbury, Vishnu Devarajan | Project Kauri ID c 2018