Source| Media.com/pelith author| Ping Chen
Digital identity, or self sovereign identity, is a technology that uses asymmetric encryption technology to provide authentication for network transactions and ensure the integrity and non repudiation of transactions. It is a prerequisite for a number of Internet activities, such as certification, private information transmission and, of course, financial services.
The picture is provided by Chris Yang of unsplash
Password or key the idea of "key as identity" has existed since the last century. However, digital identity was not widely accepted by ordinary users at that time. The main reason is undoubtedly that using this system is too complex. How can non-technical personnel conveniently and safely keep the private key in their own hands? They can't do it.
As a result, when Web2.0 emerged, Internet companies needed to authenticate their users, and they decided to adopt the account password mode rather than the public-private key pair mode. When registering a new account, users create passwords they remember, and the network company saves passwords. After that, they log in using a "brain to database" authentication method.
The simple model of security and centralization crisis works, but it also brings a series of security problems. Because remembering multiple passwords is tiring, users tend to reuse their passwords everywhere. If one of the service providers stores the user's password in an insecure way (e.g. without "salt", using an insecure hash function, etc.) and is broken, all other services will be in danger.
Note: in cryptography, inserting a specific string at any fixed position in the password makes the hash result inconsistent with the hash result using the original password. This process is called "salt". This treatment can add additional security.)
OAuth was invented to solve this problem. It allows small companies to rely on existing service providers. They don't need to run their own authentication server, but just entrust this part of the work to a third-party company whose user already has an account. Nevertheless, even giant companies like Facebook have been found to store plain text passwords and have been leaked. Not to mention the risk of centralization, many companies using OAuth are affected by changing policies. Once a company is banned by OAuth suppliers, the whole business will collapse.
Now, people in this industry begin to discuss the alternative of account password model again. Password free solutions such as biometric, SMS and OTP are feasible, but in terms of identity, key pairs still seem to be the ultimate goal. We believe that blockchain, Ethereum, will revive digital identity. The reasons are as follows.
Blockchain user-friendly cryptocurrency infrastructureAs mentioned earlier, availability is the primary issue based on key pair identity. It is unrealistic to require laymen to sign transactions with a command-line tool. It is also terrible for them to be fully responsible for saving keys when using a decentralized system.
Commercial wallet for storing private key
People in the cryptocurrency field are already familiar with all these concepts. As the tool matures, signing with a private key has never been easier.
Thanks to DAPP and Ethereum, more and more people have the first experience of having a private key and signing a transaction with it. People have built a large number of browser extensions, mobile applications, and hardware devices to meet the growing demand. These easy-to-use tools are conducive to the popularity of digital identity, even if they are not built for it.
The state of blockchain is different from password verification. Public key encryption itself is stateless, which means that the effectiveness of encrypted signature is independent of the environment. However, in some advanced scenarios, digital identity still needs "state". Many GPG users interact with a (to some extent) centralized key server to register / replace / revoke their public keys. In general, we still need state to enrich the availability and expressiveness of digital identity.
(Note: GPG is the abbreviation of GNU privacy guard. It is a free software substitute for PGP encryption software suite launched by American software company Symantec)
Chain record of identity
Blockchain can perfectly meet the need to provide status for your identity. Unlike using MIT servers to store key records, Ethereum, a distributed ledger, has about 5000 copies around the world. All records are auditable, tamper proof and have economic certainty. Projects like ENS are providing an on chain registry for your identity. You can link overseas accounts and add metadata for your identity, which do not require a license.
Account controlled by private key vs. account controlled by code
In addition, by implementing access control with smart contracts, your identity on Ethereum is programmable. You can add multiple signatures, social recovery, or even dead man' S switch) while maintaining the simplicity of daily use.
Although many users already have private keys, we do not have a general solution for service providers to make digital identity adopted by more people. Fortunately, OAuth has been adopted by many suppliers. Combining OAuth with key based authentication, web2 companies can integrate digital identities in the way they are used to.
Eauth is an Ethereum based and OAuth compatible authentication service. Integrators can seamlessly use digital identity as an option of OAuth without any knowledge of cryptography and Web3 wallet. Although using OAuth usually means handing over control to a third party, the identity authenticated by OAuth will always remain unmanaged.
Users, wallets and web2 service providers communicate through eauth
There is no denying that web2 + Ethereum login can not perfectly achieve decentralization. The decentralized world should be completely unlicensed and untrusted, but most network activities are still carried out on web2 servers. It is likely that the web2 and Web3 worlds will be parallel for some time. During this period, eauth can become a bridge connecting the two worlds.