Announcing the New Origin Identity

I’m excited to announce the release of a new version of Origin Identity! Self-sovereign identity is one of the foundational building blocks of the Origin platform. It allows buyers and sellers on the Origin marketplace to build trust with each other while giving them full control of their personal data.

Context

Back in October, we launched the Origin DApp Beta to Mainnet. The identity functionality was designed and implemented to be compliant with two Ethereum draft ERCs:

  • ERC 725: proxy contract for key management and execution, to establish a Blockchain identity.
  • ERC 735, functions for adding, removing and holding of claims.

After the launch, we received strong feedback from both our users and partners about improving our Identity system. While our implementation was a “successful” demonstration of self-sovereign identity, there were two dimensions we could improve on immediately:

  • Lower costs to create and update an identity — the gas fees in our original implementation were in the order of several dollars per write or update! For most users, it did not make sense to spend that much money for creating a profile, especially since they are used to doing it for free on centralized marketplaces.
  • Create a more flexible and open format for profile and attestation data. Our original system was storing data in a very rigid and naive way — for example, an attestation was stored as an integer representing its type (an enum) and a text payload with no structure.

Internally, we also realized that since we had designed the Identity system, a key requirement had changed. We had operated under the assumption that our marketplace smart contract, which is the central piece enabling buyers and sellers to transact, would need to verify users identity on-chain. But after some iteration on the marketplace contract implementation, we decided to keep logic on the contract itself to a minimum and to move most of the validation off-chain, into the Origin Javascript library.

It was time for us to go back to the drawing board for Origin Identity…

New system

High-level architecture

Origin Identity architecture

The central part of the system is our decentralized DApp which allows users to create, update, and read identity data.

The creation or update of an identity from within the DApp involves the following steps:

  1. A user enters the profile data she is willing to make public. For example their name, a short description, and a profile picture. These are called claims.
  2. Optionally, the user may choose to add some attestations to her profile. For example, she may choose to add an attestation showing that a verified phone number is associated with her account. For generating those, the DApp sends requests to an attestation server and receives back signed attestations.
  3. The final step is to for a user to publish their own identity. First, your profile which is comprised of claims and verified attestations is uploaded as a blob of JSON data to IPFS. Second, the DApp makes a call to a smart contract to record the IPFS hash of that data by emitting an event (more details on this later).

Reading a user’s identity is achieved by scanning the blockchain for identity events associated with the user’s Ethereum address to get the latest IPFS hash for the identity, then loading the identity data from IPFS.

Smart contract

Our previous identity system would deploy a new contract for every profile creation. This had the major drawback of incurring very high gas fees.

In comparison, our new system uses a single smart contract shared by all users. In addition, as opposed to storing any data within the contract itself, we use an approach we refer to as “event sourcing”. The data is stored off-chain in IPFS, and the contract simply emits events containing an IPFS hash. Here is the source code of the contract — at about 10 lines of solidity code, it would be hard to make it simpler! As a result, the gas cost for publishing an identity is drastically reduced and is in the order of $0.01 (1 cent) at today’s ETH price. This is two orders of magnitude of improvement from our first version!

Identity data format

One of our key objectives at Origin is to develop a protocol for specifying and exchanging peer-to-peer marketplace data. As such, we put a particular emphasis on defining an open and extensible format for storing user identity data.

We opted for a JSON representation of the data and leveraged JSON schema to define its structure. Here is the schema for an identity — it is mainly a shell that holds two core sub-schemas: one for the user’s profile and the other for her attestations.

Here is an example of an Identity:

Identity data example

The attestation schema provides some interesting capabilities worth highlighting:

  • Different levels of privacy are available to the user for storing the attested data: verified but not stored (in this case only a boolean indicates data was verified), stored as a hash, or stored raw. For example a person using the Origin marketplace to buy an item may not want her identity attestation to show her raw email or phone number. On the other hand, a business selling on the Origin marketplace would want to be as transparent and open as possible and have their contact information in the open.
  • Description of the verification method used by the attester. For example was the phone verified by SMS or by making a call?
  • Information about the attestation issuer, including name of the organization, URL, etc.
  • Attestation issue and expiration dates.

The realm of possible attestation types and verification methods is very large — in this first iteration for those schemas, we did not attempt to be comprehensive but rather wanted to get an initial version into the hands of our users and partners before continuing to iterate. As such, all those schemas are versioned so that we can release future improvements.

Attestation server

The attestation server acts as a bridge between the Origin Protocol decentralized application and centralized systems such as email, phone, and social networks. Upon receiving requests from the Origin DApp, the attestation server attempts to verify claims from users (for example, verification that a user really owns a phone number, email, or social handle). The type of verification methods vary depending on the claim type itself. Origin does not write your personal information to the blockchain, but signs attestations and hands them back to you to publish if you so choose.

As a community service, Origin runs an attestation server and open sources its code. Our vision is that 3rd-party entities will also offer attestation services and that users will be able to choose which attestation service to use.

What about ERC standards?

The Origin team is a strong supporter of the work done by the ERC 725 Alliance, which we helped launch and have been actively working on improving that standard. While we don’t have any immediate plans to implement the revised ERC725 in our DApp, we will continue to support it and contribute to its development. Today, ERC-725 continues to be the best option for anyone that requires on-chain validation of claims.

We’re looking forward to collaborating with other projects that are focused on solving the challenges around identity, including uPort and 3Box. We think the standardization of how claims and attestations are structured is more important than where they are stored. We look forward to working with the community in coming up with shared standards that we can all benefit from.

Conclusion

Our new Identity system meets the main objectives we had defined when we started this project:

  • Minimal cost for creating and updating a profile on the blockchain (a few pennies).
  • Open and extensible format for storing profile and attestation data.
  • Decentralized profiles without a single point of failure.

With this foundation in place, our team is now shifting its focus to promoting user growth on the Origin marketplace platform.

Try out Origin Identity today ! Go to the Origin DApp and create a profile and a few attestations for yourself. We look forward to seeing you on the Origin platform!

Learn more about Origin:

Thanks to Fabian VogelSteller, Nick Poulden, Filip Lazovic, Tyler Ysaka, Daniel Von Fange, Stan James, and Josh Fraser.