Federated identity management enables users to access multiple systems using a single login credential. However, to achieve this a complex authentication has to occur between the user, relying party (RP) (e.g., a business), and a credential service provider (CSP) that performs the authentication. In this work, we use a smart contract on a blockchain to enable an architecture where the CSP is no longer needed. This has all the same benefits of traditional federated identity management solutions but authentication is performed solely through user to RP communications. No third party needs to be contacted (not even the smart contract). No public key infrastructure (PKI) needs to be maintained. And no revocation lists need to be checked. Our resultant solution has additional strengths. It is hierarchically managed (like a PKI) which enables authoritative data to be added about users, but it still enables a level of user self- sovereignty. Users can to choose to be authoritatively identified (when they desire to do so) and provide their attributes to RPs to support business interactions. Privacy is maintained by encrypting user attributes such that only the user can view and share them.
Open Identity Summit 2019
March 28-29, 2019
federated identity management, authentication, smart contract, blockchain, self-sovereignty