Navigating the Crossroads of Legacy and Innovation in Self-Sovereign Identifier Solutions
In an era where cybersecurity and artificial intelligence (AI) are paramount, decision-makers stand at a crossroads between facilitating legacy technologies with modern bolt-on innovations and embracing entirely new solutions. This choice is not merely technical but profoundly moral and ethical, especially when it concerns the secure application of self-sovereign and decentralized identifier solutions. In this article I consider two systems at the heart of the dilemma: OpenID Connect (OIDC) and the Key Event Receipt Infrastructure (KERI).
OIDC, a well-established protocol built on top of the foundation of public key infrastructure (PKI), has served as a cornerstone for secure online identity verification. However, despite its widespread adoption, OIDC, much like any bearer token-based system, suffers from inherent security vulnerabilities. The bearer token model, which relies on tokens that can be presented by anyone in possession of them, introduces a significant risk if these tokens are intercepted or misused. This is a concept OIDC users cannot afford to ignore.
Enter KERI, a nascent technology designed to address the unbounded term public identifier challenge: the difficulty of changing the controlling key pair behind a public identifier without losing the identifier’s continuity, its reputation, plus trust in — and control over the identifier.
Wat is an unbounded term public identifier?
A public identifier like your Twitter handle represents you and holds reputation. Unbounded term means the ability to keep your identifier “forever at will” even in the occasion that somebody took control over it for a certain period of time. You might not have to discard your identifier after a breach has happened.
KERI introduces a novel concept known as pre-rotation, allowing for the secure and seamless update of these controlling key pairs, establishing itself as a leap forward in security and control over digital identifiers. Not only does KERI add pre-rotation, but it starts with a cryptographic binding between the identifier and the first key pair. This way KERI helps to capture the essence of the chain of custody from beginning to end.
This chain starts with sufficient randomness (entropy) to generate secrets. Think of throwing perfect dice, flipping cards from a thoroughly shuffled stack or tossing a fair coin many times.
As long as you keep your secrets secret and available from that perfect creation onwards, there is no way to beat KERI. As in: there’s no such thing as “KERI light” if you want maximum security, graduated disclosure and controlled privacy, in that order. Just accept that is how it is. It’s the truth. Anyone who believes otherwise, or tries to make you believe otherwise, is deeply mistaken.
What is graduated disclosure?
Lifting confidentiality step by step: Selectively disclosing more data as time and/or necessity progresses, offering backwards verifiability of earlier issued cryptographic proofs.
For example : you proof your insurance policy without disclosing details, before enjoying extreme sports. Only when something goes wrong, e.g. 1 in a 100, you disclose the data. This way confidentiality is kept in 99% of the cases.
No phone home
The existence of KERI offers an opportunity to rethink the foundations of digital identity management. Its approach to key management and the full elimination of the need to “phone home” for verification purposes stand in stark contrast to the traditional approaches that rely on a federated model using tokens. KERI offers a more secure, fully verifiable, gradually data disclosing — and more private facilitating an alternative for self-sovereign identifier systems. However, KERI’s nascent status, characterized by a limited user base and a scarcity of experts, raises questions about its readiness to supplant more established protocols such as OIDC.
The debate between supporting an older, less secure but widely used technology and a new, secure, but unproven solution is not new, nor is it limited to the SSI field. Yet, in the context of identifier solutions, the stakes are particularly high. The responsibility to choose wisely extends beyond technical considerations, touching on the very ethics of technological adoption. It’s out of scope to reiterate the strengths and opportunities of OIDC. The reason to skip that exercise is that newer KERI ticks all the relevant boxes of OIDC’s strengths and opportunities too, even though KERI has the above-mentioned characteristics.
Juicy data
By understanding the weaknesses and threats of both OIDC and KERI, stakeholders are fully informed when tasked with making decisions that will shape the future of secure, verifiable and efficient digital identity management of their organisations and all the relationships involved. It is a very responsible task. Saying “Ich habe es nicht gewusst” is not a credible option anymore when a future security breach happens and personal data or any other digital value gets stolen. The juicier the data you handle, the more likely it is that you’ll be hacked.
Supporting a hybrid model, wherein KERI serves as an identity provider for OIDC, might appear as a compromise, as if you are “getting the best of both worlds” but it is more like “attaching a steam locomotive in front of an electric TGV.” This approach might preserve the status quo but at the cost of not fully realizing KERI’s innovative potential. It’s a solution that might cater to immediate business goals and the inertia of technological evolution but could ultimately hinder the adoption of a more secure and efficient identity management system.
Plausible deniability is gone
Are there any plausible reasons left to build a hybrid system? Because you can build one, it doesn’t mean you should.
Critically, the discussion around these technologies isn’t just about security or the technical merits of one solution over another. It’s about the willingness of businesses and institutions to prioritize long-term security and innovation over short-term convenience and familiarity. The argument that businesses prioritize their goals over security becomes especially worrying when considering the devastating ramifications of a security breach.
Therefore, the decision to adopt a newer, more secure technology like KERI isn’t just a technical one; it’s a statement of values. It’s an acknowledgment that once the vulnerabilities of OIDC are known and the solution to those security holes are available and operational with a KERI implementation, the plausible deniability of their consequences vanishes. Once a problem is seen, it cannot be unseen, and once the risks are known, they cannot be unknown.
In this light, the choice between old and new, between the familiar and the innovative, becomes not just a question of what is convenient or politically achievable, but much more of what is right. As the world becomes increasingly digital and Artificial Intelligence evolves rapidly, the guardians of our digital identities are called upon to aim higher. For this reason, identifier solutions should, in no way, compromise security. ‘Hybrid’ is out of the question because it retains the old security features and security flaws.
How could you choose just for the present, rather than choosing for the future, embracing solutions that offer security, efficiency, and empowerment in the face of evolving cyber threats?
Acknowledgements
Thank you, Phil Feairheller, for your comments and amendments to a draft of this article.
Thanks to Sam Smith for the catchy steam locomotive analogy used in the article and for being an inexhaustible source of fundamental knowledge.
William Lindsey, my English teacher, had nice additions and pointed questions about my formulations; thanks for that.
Imagery (Creative Commons licensed)
DALL-E chatGPT4 OpenAI image of ‘Attaching a steam locomotive in front of an electric TGV’ — prompted by H. van Cann
DALL-E chatGPT4 OpenAI image of ‘Randomness as input of secrets’ — prompted by H. van Cann
https://www.pexels.com/photo/cheerful-young-woman-screaming-into-megaphone-3761509/
