Smart Contract Federated Identity Management without Third Party Authentication Services

Published: March 28, 2019


Peter M. Mell, James F. Dray Jr., James Shook


Federated identity management enables users to access multiple systems using a single login credential. However, to achieve this a complex authentication has to occur between the user, relying party (RP) (e.g., a business), and a credential service provider (CSP) that performs the authentication. In this work, we use a smart contract on a blockchain to enable an architecture where the CSP is no longer needed. This has all the same benefits of traditional federated identity management solutions but authentication is performed solely through user to RP communications. No third party needs to be contacted (not even the smart contract). No public key infrastructure (PKI) needs to be maintained. And no revocation lists need to be checked. Our resultant solution has additional strengths. It is hierarchically managed (like a PKI) which enables authoritative data to be added about users, but it still enables a level of user self- sovereignty. Users can to choose to be authoritatively identified (when they desire to do so) and provide their attributes to RPs to support business interactions. Privacy is maintained by encrypting user attributes such that only the user can view and share them.
Proceedings Title: Open Identity Summit 2019
Volume: 293
Conference Dates: March 28-29, 2019
Conference Location: Garmisch-Patenkirchen, -1
Pub Type: Conferences

Download Paper


federated identity management, authentication, smart contract, blockchain, self-sovereignty
Created March 28, 2019, Updated May 01, 2019