Trust is the foundation of identity

Carsten Keutmann
12 min readJul 8, 2019

--

All our credentials are trusted by someone else.

Photo by Ben Sweet on Unsplash

8 July 2019: Published
29 July 2019: Re-edit
7 august 2019: Added definitions, re-edit text
15 november 2019: Corrections and redefinitions
11 marts 2020: Redefinition of attributes

Introduction

Identity is a broad definition that covers many areas of the subject’s existence. In this story, I will try to define identity in combination with Trust in the context of computer science. Illustrating that trust is the foundation for identity information to have any value.

Trust is usually represented in computer systems as access security combined with identity and reputation. These are simply the result of the issuing of Trust from someone to somebody. Making Trust digital in itself enables new possibilities for human and system interaction without the need for centralized intermediaries.

Scope

This scope of the story will try to specify the terminology and concepts for identity and Trust, to promote a common understanding in the field of identity management related to trust in computer science. This story does not cover other aspects of identity in fields like social, group, and philosophy.

Terminology

It is important to clarify the meaning of the words to avoid confusion.

Entity (subject)
A person, an organization, a device, an item, a SIM card, a passport, a network interface card, a software application, a service, or a website.

Identifier
Defines a single attribute about an entity. This could be a birthday, name, age, height, or eye color. It can also be identifiers as email, login name or a public / private key. It can be any information that is derived from the subject, its behavior, self-issued or external issued. Anything that allows others to recognize the subject.

Identity
A collection of identifiers related to an entity. An entity’s identity is all the identifiers that relate to that entity.

Claim (Certificate)
It contains information about who is the issuer and subject, signatures, scope, activation, and expiry date. Like a certificate with a single identifier about the entity. In Digital Trust Protocol (DTP), a claim can only contain a single identifier, usually in the form of an ID or public/private key. for the sake of better management in a decentralized environment.

Issuer (Identity Provider)
Issues claims about entities (subjects). An issuer can be anyone, Person, organization, software, that issue claims about a subject.

Trust
A statement that someone makes on a subject, indicating trust or distrust. The statement is expressed as a claim.

Credential
A credential is the highest level of proof supporting an individual’s educational or professional achievement. A combined collection of claims (certificates) issued from an authority to a subject. This is usually presented physically or electronically in the form of a Passport, driver license, education diploma.

Verifier (Relying party)
Someone or something that authenticates the identity.

Joe Andrieu has written an excellent definition of the terminology of identity.

Identity

A collection of identifiers make up all the data about identity. The identifiers represent different aspects of identity, and therefore, this needs clarification.

There are four groups of identifiers of identity — physical, behavioral, labels, and self-issued.

Physical identifiers are directly identifiable identifiers like shape, form, weight, height, skin color, eye color, etc.

Behavioral identifiers are partially identifiable identifiers like tracking data from a website, fast, slow, strong, weak, aggressive, passive, angry, and happy.

Label identifiers are indirectly identifiable identifiers like name, social security number, nicknames, membership numbers, and other identifiers that do not derive from the subject but are given by someone else.

Self-issued identifiers are claimed by the subject but not always reveal any information about the subject. This can be an email or a public/private key. Emails have shown to be very effective as a common way to identify own self against various systems. Emails can be created with the name of something unrelated to the subject and in this way, the subject is able to identify itself without revealing any other personal information. Email accounts however usually require a service provider; however, the public/private key identifier can be created on the fly without the need for any authority and is very safe to use for verification purposes.

Identity attribute groups. The diagram is missing the self-issued identifiers.

When identifying a subject, physical identifiers can be verified directly by observing the subject. Everyone can verify the identifiers independently.

The behavioral identifiers require the subject to perform some actions to establish some identifiers. If the subject is not moving, no identifiers are produced. Therefore these identifiers are only partially identifiable.

The label identifiers are information that does not relate directly to the subject but is issued by someone else like a state issuing name and social security number to its citizens. Labels need a third party to confirm the attribute, and therefore, they are indirectly identifiable.

Not all identity identifiers are equally suited for the use of identification. A social security number is unique and therefore perfect for unique identification, but is indirectly identifiable to the subject. A picture of a person (physical attribute) is directly identifiable to the subject, but its data structure is bad for unique identification. A combination of a social security number and a picture enables both directly and unique identification. This is how credentials usually are created. Behavioral identifiers are not suited for direct identification but are better for analyzing behavior in a larger data set.

Identity is used for identification and credentials is for authorization; this makes it possible to do interaction with other entities, like people, organization, and systems, that do not know you in advanced.

Identity Context

A person or entity can have many identities. Each identity is usually only relevant in a specific context; therefore, some identities do not work outside these contexts as the trust between the contexts are not established. A person’s online identity, will not work if the person applies for a loan in the local bank, it only trusts a state-issued identity.

Many online applications today require an identity to use them, but not many share a common identity provider, and using your government-issued credentials may not be a good idea, this quickly creates a situation where you have to manage multiple identities and some places, even your reputation as well. The problem is that there is no common Trust language that can be communicated between systems and enable trust in credentials to span multiple systems and platforms.

I defined the problem in greater detail here

Self-Sovereign identity management

Credentials form a unit of data that is easily used for identification and authentication; therefore, many self-sovereign identity management systems focus on this level of identity.

The idea that you can control your credentials, to present them to those who may need it without the issuer of the credentials knowing about it has its advantages. It helps in preserving privacy and increases the ability of the user to control who gets to see the private information.

Physical credentials are a good example of self-sovereign credentials, as it is in your pocket and can be present at any time at your control without the identity provider knowing about it.

Fundamentally there is a couple of things with the electronic self-sovereign model that I find problematic.

First of all, handling your own identity store of credentials requires some bit of computer knowledge and maybe some hardware. Furthermore securing the data and making sure that it is properly backed up securely, is not natural to all people. In many cases having a digital credential may not be desirable, if there is no power or internet access.

Many people still prefer to have a physical credential stored in their pocket or at home.

Credentials usually contain a collection of identity identifiers, that are bundled together, picture, name, birthday, address. This creates a problem for privacy because when presented, the verifier can read all the information from the credential than may be needed in the situation.

Storing the credentials on own devices to make sure that the identity provider cannot delete or remove access to the credentials, is not a valid argument in my opinion. The authority (identity provider) that issues a credential also has the power to redraw or cancel the credential. Storing it locally will only delay the process a bit.

Some solutions use verifiable claims as a way to cryptographic prove certificates on an identity. The problem with this solution is that the relying party has to trust the authority (identity provider) in the first place for the claim to have any value.

Collecting and storing all credentials locally in an electronic version is no more different than having the physical versions of the same credentials laying around at home.

Issuing of credentials

Our credentials are always provided by an authority.

For verifying the credentials of a person, the source authority is needed to verify the claims.

Authorities can be of any entity, like the government, companies, organizations, family, and friends. However, the authority still has to be recognized by others to have any relevance when asking for credentials.

Our first credentials are given to us by birth. This is the first trust a human receives on its identity. Now anyone that trust the local authority can verify the credentials of the child.

Decentralization of identity

The decentralization of identity does not come from controlling your credentials and storing it out the control of the identity provider. You simply just take responsibility for storing the credential from a centralized identity provider.

Many identity providers provide real decentralized identity with more or less equal status. The decentralization comes from the fact that many identity providers are issuing the same credentials. This makes it hard for any single identity provider to control your identity.

I do not suggest using a decentralized identity for passport, banks, driver licenses, etc. This is the job of the local authority (a.k.a state). Decentralized identity is for enabling an anonymous journalist to publish content and be trustworthy by staking its reputation. Because reputation takes time to build and is lost in a second, entities have an incentive to keep its good reputation.

In a federated identity provider system, it is the provider of the identity that carries the responsibility. In a decentralized identity system, you shift that responsibility to the identity itself by staking the identity’s reputation.

The problem with decentralized services is that it is easy to game the system without something at stake. Imagine a blockchain where the cost of making a transaction is zero. Everyone could easily spam the blockchain for free, and the people that are running a full node will carry the cost.

Centralized services, like social websites, etc. is usually also an identity provider, and therefore can control the identity usage of the resources provided by the service.

When you build a decentralized system, where any participant helps carry the cost of hosting, you have no really good protection against misuse of resources and evil intentions, as there is no way to kick the bad entities of the system.

The solution is to use the reputation of identity as the stake when interacting with a decentralized social system. Any participant of the system that provides hosting resources can automatically choose not to allow entities with a bad reputation to use their resources.

The reputation is built from the trust of many other people, and therefore, no single entity will have control of the reputation. It takes time to build a good reputation, and it can be lost very quickly.

Trust

I have previously covered my definition of trust here

In any single identity system, it is always based on trust at its foundation. A state-provided credential is based on trust. Like when a child is born, the local authority trusts the midwife to provide the correct information about the delivery of the child. The midwife and parents could conspire to change the facts, and the state would have no way of knowing. Still, many regard the state credentials as true facts.

Imagine a refugee that turns up at the border and seeks asylum, but do not have any identification or credentials, and there is no one around to identify the refugee. Then the state has no other choice than to trust the refugee when they ask for the name and age.

Every identity provider has some kind of human involvement at some level. You always need trust when dealing with humans.

When an authority issues credentials, the credentials work fine with relying parties that trust the authority. Like a bank will trust credentials from the local government, however, it will not trust credentials from just a common forum website. When crossing boundaries of a trust context, like traveling to another country, the bank in a foreign country may not trust any other credentials than a passport.

Passports are the only credential that is trusted across multiple trust contexts (countries). Other times additional credentials about a person are needed to be verified, and this takes time to clear if the credentials are not issued in the same trust context.

With a large number of different forms of credentials issued today by different authorities, makes it difficult for a relying party to recognize and trust any form of credentials other than from a local context.

A solution to this problem could be to create a chain of trust between identity providers and relying parties. All existing credentials and systems do not need to be changed but can simply be augmented with a chain of trusts.

The system could work in a state to state scenario, where trust is established between states and therefore makes it possible for foreign relying parties to verify your local issued credentials as they have the full circle of trust claims as proof.

The benefit of using a chain of trust for credentials is that it provides the possibility for an instant verification with a high degree of certainty, as it will be very hard to fake. In many situations, the relying parties only do identification according to law. Therefore from a relying party perspective, having a digital chain of trust on the credentials from the subject, greatly reducing risk as they have digital proof of compliance.

Decentralized trust

In a decentralized identity system, everyone trusts everyone. Identities are confirmed by many other entities trusting the same credentials. A reputation is a representation of aggregation trust from many entities from a subjective viewpoint. All of this creates a web of trust scenario.

The advantages of a decentralized trust system are it is based on many different identity providers (people). No single identity provider has absolute power over an identity. It also allows for pseudo-anonymous identities as they are purely based on the behavior identifiers of the entity.

Pseudo-anonymous identities are also in a lot of social web platforms, but the identity is confined to the platform without the possibility of carrying the reputation to another platform.

Reputation

The difference between identity and reputation is that anyone can recognize the identity of a person, but not what they think about that person. With reputation, a virtual or mental rating value is given by the community, authority, family, and friends in specific contexts. The reputation is an expression of trust within the context of a community that the other members can use to share and leverage on.

Here is Tim Pastoor definition of identity and reputation

The idea that identity is a pointer is similar to that it is an identification of someone, but do not say anything about the subject.

Security is based on trust

The most secure system is a system that no one can access and therefore requires no trust at all. This is not that useful as it has no value to anyone. You need to loosen up the security a little bit, so someone can access the system to make it useful. The result is that no system is more secure than the people who are operating it. Therefore you have to be very careful to whom you would allow having privileges on the system.

Highly established identity with a high degree of reputation and a long history of consistency will be the best criteria given a person’s access to secure systems.

So all the fundamentals for security are derived from Trust. Even blockchains require trust in that the miners will not collude, and the developers have not introduced a bug into the system. One has to trust that the incentives built into the blockchain system will be good enough to keep things going.

DTP

The definition of identity-based on trust is the foundation for identities in the Digital Trust Protocol.

Conclusion

A person’s identity is based on trust provided by others and authorities. The identity is only relevant if it is trusted and verified. A person can have many identities in different contexts, but the identities do usually not cross the boundaries as there is no established trust between the contexts.

Reputation is the community’s opinion of the subject within the boundaries of a specific context. A good or bad reputation is based on how much the individuals of the community trust the subject.

Security is based on accurately identifying and relying on the trust and reputation of a subject, to protect and secure the system as much as possible.

References

https://en.wikipedia.org/wiki/Identity

--

--