A claims-based approach to identity


#1

The Blockcerts project has no notion of identity – by design. Rather, public keys are used as surrogates for all participants in an issuing transaction:

  • For the issuer, the type of public key depends on the blockchain choice (e.g bitcoin address); the issuer key is used as the ‘from’ address in an issuing transaction.
  • For the recipient, this can be a cryptographic key owned by the recipient. The recipient’s key is included in the certificate, which is hashed and stored on the blockchain, allowing the recipient to make a strong claim of ownership by signing a message with that key.

This enables individuals control over how they curate and present themselves to the world, via their digital records. Of course, this also places responsibility on the recipient to maintain ownership of records and retain their proof of ownership.

The burden of storing public keys posed a significant usability challenge. So, a certificate wallet (mobile app) was introduced to address this problem. This app makes use of a BIP-39 compliant library to provide an easier means of getting private/public keys and restoring them via a passphrase if needed. This allows recipients to reimport their records at anytime and easily restore their ability to prove ownership.

The mobile app also makes it more convenient to share digital records online or directly with a 3rd party. Provably owned records can also be valuable as part of an online professional (or other) curated profile. This could be presented on commercial sites like LinkedIn or a decentralized identity provider that keeps individuals in full control. For example, if the recipient has a Blockstack profile, which is associated with other social media profiles, they could attach records they own to that profile.

This claims-based approach to identity is consistent with the principles of self-sovereign identity, which continues to influence and guide many decisions about what to include and what to leave out.