Identity Management

I have a dream that one day …

Introduction to Global Assured Identity Network (GAIN)

I have read three new items that seem to have a common string. Let’s dive in to see if we can figure out the commonality among them.

Fig.1. Interestingly there is a commonality !?

Interestingly it is the anonymous nature of the accounts that are unearthed in all these financial frauds, online hate speech, misinformation & disinformation campaigns, and fueling racism. Being anonymous is a great ambassador for maintaining privacy which as an IAM enthusiast I root for. But the primary concern here is, within the principle of privacy, skilled actors have taken asylum for their illegal activities. These shadow-khans could not be held accountable for the amount of atrocity they exhibit in the digital world.

It is obvious that the digital shadows of people are different dimensions of their nature that they could exhibit in the physical world. Though a person could exhibit different shadows in the real world, legal and social frameworks have been preventing certain shades from surfacing. It is due to the verified identity (name, face, family, and social connections) that is ensured with an Identity card, Driving license, or passport, and an individual can be held accountable by law or by social and religious norms for the unfavorable shades to humankind. But the lack of verified digital identity leads to the issue of un-accountability nature and is a pressing issue of the moment. I have a dream that one day any digital shadow of a person will be held accountable as there will be a verified digital identity.

This is not just a dream of any individual but a dream of 150+ active authors who are contributing and building a more user-centric, high-trust Identity paradigm called GAIN which stands for Global Assured Identity Network.

GAIN is an overlay network over the internet hat ocnsistso accotinabel particiaptnts with assured identity only.

Through GAIN, the IAM world is trying to address the fundamental issue of accountability and re-establish accountability for each actor in the ecosystem. And when such eco-systems interconnect based on mutual recognition principles to form a network of accountable eco-systems leading to a more entrusted digital world. GAIN tries to re-’gain’ the lost trust in digital identities due to a lack of accountability and verified identities.

Nowadays, many business transactions have moved to the digital world. But due to the concerns of un-verified digital identity there exists a trust issue. but GAIN provides financial institutions such as banks, money transfer apps, and payment gateways a common front where the involved parties can help each other businesses and stay secure in the digital world together.

GAIN Eco-system

Fig.2. GAIN Eco-system

Key Terms

1. Identity Information Provider: An entity that makes verified identity information, available to Relying Parties.
2. Relying Party (RP): An organization that wants to ensure that an End-User is a person they claim to be and is entitled to an activity, based on identity information. Thus, they consume information from Identity Information Providers for the purpose of providing services to their end-users.
3. End-User: A person who has identity proofs (such as a National Identity card, passport, and driving license) to prove who he claims to be, to register with a bank, which will then serve as an identity information provider.
4. Service Provider (SP): Say a banking app that provides the service for end users.
5. GAIN: The overlay network over the internet that consists of accountable participants with assured identity only. It addresses the issue of accountability and wins back the lost trust. It also ensures an interconnected eco-systems which is made only of trusted and verified participants.

A user will first register with the online banking service of a renowned bank in Srilanka (ABC Bank). The bank required that individual to provide NIC details and did a lot of verification back and forth for him/her to get registered. It was a hassle but he/she can confirm that his/her digital identity is properly verified, not impersonated, and true. This bank will function as Identity Information Provider.

Then when that individual is trying to consume services at a payment gateway that serves as the service provider, the relying parties of that service provider, are required to obtain verified digital identities from the Identity Information Provider through the GAIN ecosystem and use that information. Isn’t it better to say this is me Vs this is me and this bank trust that this is me? GAIN ensures these attested identities.

Getting into the Technical details of the

End-user experience view

1. The GAIN does not have any direct interaction with an end-user. RP and the Identity Information Provider channels deliver the experience for the end user. The GAIN provides a mechanism for selecting the Identity Information Provider in the relevant Relying Party channel. The end users will be able to use the Identity information provided of their choice rather than forcing them to create accounts in each Relying party. As you have seen in UX, there is a sign-in with back, which is an ID information provider. RP can remember the choice and then skip the choice in the future.

2. After choosing the ID information provider, the end user is able to share only selected attributes and they have their say to deny any other requests (unselect them basically) as we do now for required attributes with IDP.

3. Privacy dashboard: The information ID provider in our case, the bank will provide a dashboard so that end users can see where the information is shared and has the power to stop any future sharing.

Privacy View

Privacy is protected with multiple measures in GAIN. Partial anonymity & pseudonymity is a prominent ones with which we ensure verified identity doesn't mean we compromise on privacy and ensure that the end user is not broadly identifiable. The principle of minimum disclosure should be followed and the end user can remain anonymous to the service if the use case allows. But the real beauty is if there is a criminal activity we can link the anonymous user through a special entity “designated opener”.

Data flow view

1. End user: They are the central point & they control how and where their data is being shared.
2. SP: Do the initial authentication of the RP
3. Identity Information Provider: It authenticates the end user and enables the user to share data with RP selectively.
4. Attribute provider role: This can be played by the ID Information provider and this provides attested end user attributes.
5. Relying Party: It relies on end-user authentication results and serves the end user by utilizing the shared data and implementing DCR to register.

Operation View

GAIN complement existing & future finance services including trust management, registration, and discovery.

1. Registration: Provide a single registration interface with the process to establish the validity of the applicant organization and the registration provides access to every information provider. this same applies to RP registration as well.
2. Discovery: GAIN provides bank selection and discovery.
3. Trust Management: GAIN ensures participants establish a secure connection by providing endpoint details of the ID information provider. And all entities can identify, authenticate and authorize each other.

GAIN is gaining shape there are lot of things happening around this. The article intends to provide a brief introduction to GAIN and the problem it is trying to solve.

On a concluding note,

When I chose this title, I never wanted it to be fancy or rather for SEO but to convey the real dream that many could possibly think of- i.e. holding people accountable for whatever they do no matter what. I have a friend who has broken up with his love. Then that girl went on creating a fake account and adding posts claiming him a womanizer, ending up with my friend attempting suicide. Literally, we could not get anyone accountable since the Identity is anonymous (and it impersonates another friend of mine). I have a dream that one day we can be held her accountable for the trauma she caused and be a cause of self-harm. I have a dream that one day the world will be away from bullies; I have a dream that the world will be away from anonymous shadow khans spewing hate; I have a dream that one day we will have functioning GAIN; I have a dream that one day those anonymous will be held accountable; I have a dream that social media world reflects the physical world; I have a dream that one day we all live in brother-hood; I have a dream one day that majority stand with minority but not bully; I have a dream that one day, am not afraid of my identity.

References:

[1] https://gainforum.org/GAINWhitePaper.pdf

[2]https://www.tandfonline.com/doi/abs/10.1080/01292986.2019.1699938?journalCode=rajc20

[3] https://www.cpalanka.org/weaponising-280-characters-what-200000-tweets-and-4000-bots-tell-us-about-state-of-twitter-in-sri-lanka/

[4] https://nat.sakimura.org/2021/09/14/announcing-gain/