Zug ID: Exploring the First Publicly Verified Blockchain Identity
We recently announced our cooperation with the City of Zug and local development partner ti&m to introduce the world’s first live implementation of a self-sovereign government issued identity on Ethereum. Thus far, more than 50 citizens in Zug have successfully verified their uPort identity in person with the City, enabling them to access a new suite of e-government services in a trusted and self-reliant manner. With all the excitement around this launch, we wanted to outline for all of you the underlying mechanics of the Zug identity verification system, the benefits this provides for various stakeholders, as well as future use cases and its evolution.
How it works: Mechanics of the Zug ID
Alice is a resident in Zug and hears of the new Zug digital identity system. She downloads the uPort ID app from the Apple App Store and creates an account. In this moment, the uPort app creates a unique private key on her phone and deploys two smart contracts on the Ethereum network that act as the user’s identity hub (currently identities are being deployed on public testnet Rinkeby, however Main-net support will follow soon).
More specifically, Alice’s private key manages a controller contract, which allows her to recover access to her identity should she lose access to her phone. The controller contract in turn controls her identity (proxy) contract, or permanent identifier. With this setup, Alice is now in complete control of her identity and all its associated data and can’t lose access due to loss of her private key. You can read more about uPort’s core architecture and identity contracts here.
After around 2 minutes, Alice has created her uPort ID on the public Ethereum network and may now visit the website of the City of Zug at https://stadtzugid.zg.ch/ to register. Here, she scans a QR code to interact with the identity of the City for the first time. The City has its own identity on a public Ethereum network that allows it to sign and verify data. Find out more about how to create an identity for your own app, organisation or government agency here using the uPort Appmanager.
Access to the Zug City identity is managed by the City clerk, who uses their own personal uPort identity authorized with specific admin rights. The front-end web portal and role management system for the entire integration was built by our local development partner ti&m, with strategic input from Mathias Bucher from the IFZ University Lucerne. Having reliable local partners who are aware of local regulation, requirements, and culture was crucial in making the project a success.
Once Alice has entered her date of birth and passport number on the City website, her request is cryptographically signed and sent to the City as a new verification request. She is asked to visit the City’s Einwohnerkontrolle (citizen registration office) for an in-person verification of her details within 14 days. Once confirmed, the City clerk issues Alice a verified attestation that is signed by the City’s identity, as a server-side credential.
The Zug ID attestation is a JSON data piece that contains her verified information. This data is not stored on the blockchain, but stored on her device in an off-chain environment. Instead of being publicly accessible or stored with a central service provider, Alice chooses who she wants to selectively disclose that information to — be it the City, a service provider, or another dapp. In addition, her passport number, date of birth or other sensitive information is never revealed to others scanning the blockchain.
Alice is now able to interact with the online services of the City of Zug in a seamless way. She doesn’t need a user account or password to log-in, and with each interaction she does, the City knows exactly who it’s dealing with. Whenever she logs into the City’s web portal, a “Requester server” validates that the identity who provides the attestation is the same identity that received the previous attestation. You can read more about the inner workings of our server side attestations and review a guide to set up your own app identities here.
Benefits of the uPort ID solution
Low infrastructure requirements
As the City is relying on a public instance of Ethereum, it does not need to host its own servers or nodes, or maintain complex databases of user credentials. Furthermore, it doesn’t need to invest in building a knowledge base for users to interact with the Ethereum blockchain or purchase their own gas, thanks to the uPort fueling server.
Decreased security risk
As the City does not host its own servers but instead distributes the ownership of both identity and attestation to its Citizens, it is less susceptible to cyber attacks or data theft.
The City and anyone who wants to use this attestation is fully GDPR compliant. Companies merely verify the minimum amount of information necessary for a specific use case. This reduces liability for service providers, as they only save the data that they use.
In comparison to other identity services, the uPort implementation is currently free as it relies on a testnet. Once it moves to the public network the Gas costs would be anywhere between $1 — $10.
The attestations in this use case are being issued off chain and disclosed selectively. This means there are no transaction costs for on chain transactions, or backlogs with the City.
First Use Cases and Next Steps
In the above example, uPort is being used in a traditional client-server model with the added security of distributed blockchain-based identities. However, this attestation could also be shared with any other service provider, or decentralized application (dapp), such as a Melon fund, or a Slock.it lock to unlock a bicycle. Already, dapps are planning to integrate this. Melonport will be using this as a form of KYC. Another use case the City wants to trial is unlocking access to e-bikes. Here, a dapp like Slock.it could be an ideal integration partner, using the Zug city verification as an enabler for any citizen to automatically unlock a smart lock.
In the coming months the City of Zug is planning to organise workshops with the public to determine what the first use case implementations will look like. One possibility may be to conduct public surveys (“Umfrage”) on general topics, which constitute a crucial part of the Swiss political process and an important first step in how uPort could be used for systems like e-voting.
Another use case that is being discussed is an integration with the local tax web portal. Here, the uPort eID could be used to identify yourself when logging into the City’s tax portal, submit your tax forms and receive a corresponding ticket or timestamped attestation of submission.
These examples show that a once-issued attestation like this can be used by a multitude of service-providers, dapps, and government agencies, and can potentially greatly decrease the cost of on-boarding and compliance.
We believe that this new attestation economy can radically change the current standards of digital transactions and information sharing, and we will further explore the potential of this new model in a future series of articles and guides. Stay tuned!