Different Standards Needed For Blockchain-based Identity
In the last blog post, I wrote about why standards will be so important to making blockchain-based identity more mature and mainstream. Now let’s spend some time on the different standards that are needed and what each does. Pikcio believes that standards are needed at several layers of identity:
- Definitions of identity: What constitutes identity data? There are some standards for personally identifiable data like government issued documents (passports, birth certificates, etc.) but what about how we classify about other kinds of data like medical records? Xrays and dental records have a different level of detail than appointment schedules and which doctor a patient sees, for example. Classifying data based on type and on uses is important when thinking about other standards — what someone can do with the knowledge of a patient’s primary care physician, for example, compared to what someone can do with a passport.
- Data standards: How data are classified and stored in databases and how they’re interoperable is a key basic standard that needs to be addressed. Without a standard format, we’ll just replace today’s siloes with new ones. We need standards that allow data to be shared across interoperable networks easily.
- Validation standards: NIST calls this identity proofing, essentially allowing network participants to have a common understanding of how identity data was validated at its inception. For example, if one tokenizes a driver’s license on a blockchain network, how does the network know how that driver’s license was validated? What process was followed? Also, related to the definitions of identity standard, there can be different levels of validation based on the kind of data — government-issued data requires stricter validation standards than personally identifiable social media accounts. This will be important particularly for re-usability. Whether or not to trust tokenized identity data has a lot to do with whether you trust the original authenticator.
- Timeliness standards: Some personal data won’t change over individuals’ lifetimes — a birthdate, the place someone was born, where he went to university, eye color, for example. Some data will change, sometimes frequently, such as places where one has lived, how many children someone has, where someone has a bank account, etc. When sharing identity data on a blockchain, the people checking the data, like employers, mortgage lenders, and hospitals, need to know when the data were last validated. Just as today we use dated records like utility bills to prove where we currently live, on a blockchain everyone needs to know that data have been checked and re-validated with some frequency in order to trust the validity.
- Ownership/authentication standards: All of the hashes and connected data can be correct, but the network also needs to be sure that the person (or company or device) using identity data is in fact the owner/controller of that data and that a bad actor hasn’t obtained identity records illegally. It will be critical to blockchain-based identity’s market adoption to be able to secure identities and quickly determine which ones have been hacked or taken over.
The standards development process has really just begun in blockchain-based identity and there’s a lot of work that needs to happen. As these standards evolve, blockchain’s potential to revolutionize identity can be realized.