alastria digital identity · what is needed: a user centric, easy to use, safe, lawful, digital...
TRANSCRIPT
Alastria Digital IdentityAn ongoing project
March 2019
What is needed: a user centric, easy to use, safe, lawful, digital identity model
The solution: A Self Sovereign Identity open blockchain platform
World’s first nation-wide,
Cross-industry, enterprise grade,
public-permissioned, Blockchain network
A growing consortium…
… made in Spain ;-)
18%
4%
45%
33%
Large
Medium
Small
Institutions
SuppliersFactories
Logistics Logistics Retailer
Final product
Customer
Social networks
Usage data
Blockchain
Self-Sovereign Identity
Permissioned Privacy
Resilie
nc
y
Smart
Contract
Smart
Contract
Smart
Contract
Smart
Contract
Smart
Contract
Smart
Contract
Services developed by Alastria members
Memberscollaborate on the infrastructure
Members competeon the applications
National Blockchain NetworkNonprofit association, open to everyone
Self Sovereign Identity - SSI
Alastria Id: an SSI inspired, GDPR compliant, Identtity Management solution
Alastria.ID: SSI & GDPR from the ground up
Easure &
Forgoten
?
Financial
Education
Government
Corporates
G.A.F.A.s
Etc.
The roles
User
Attesters Alastria ecosystem Service providersRequire authentication and
other user attributes to provide their services
Attest identity and other user attributes
Blockchain infrastructure Coopetitive ecosytem
Data ownerRequires Attestations and presents Claims under his/her sole control
Financial
Education
Government
Corporates
Trust SPGAFA, etc.
Who am I?How am I?What can I do?
Financial
Education
Government
Corporates
G.A.F.A.s
Etc.
1
2
3
The data flow: W3C VCWG aligned
User
Attesters Service providersRequire authentication and
other user attributes to provide their services
Attest identity and other user attributes
Data ownerRequires Attestations and presents Claims under his/her sole control
Financial
Education
Government
Corporates
Trust SPGAFA, etc.
Who am I?How am I?What can I do?
CG
E
F 0 to 3
ClaimW3C Presentation
AttestationW3C V Credential
W3C DID
Alastria Blockchain
UnlinkableActions Registry
Hash Hash
Hash
Easy to use mobile app
Id Generation Attestations ClaimsAuthentication
Smarts ContractsID Manager
ProxyRegistry
StoragePersonalD
DATA
Alastria (Blockchain)
Registry ofAttestationsClaims
Transactions
Hash
Keys Claims Attestations
B
EG
G
E3
1
Information
Hub storageDoc Manager
Verificacio
nes
ok
Publica
Privada
C
Sele
cció
n CERT
B2
C
1 a 3
1
Hash
Records evidences (hashes) never real personal data
Stores personal encrypted data
User Identity (Wallet)
Information repositories
Financial
Education
Government
Corporates
G.A.F.A.s
Etc.
Privacy by design: unlinkable actionsUser
Attesters Alastria Blockchain Service providers
Financial
Education
Government
Corporates
Trust SPGAFA, etc.
CG
E
F
Claim
UnlinkableActions Registry
Hash Hash
HashId GenerationId & Key RecoveryAttestation
AuthenticationClaim
Id GenerationId & Key Recovery
Attestation
Authentication Claim Presentation
Attestation
Financial
Education
Government
Corporates
G.A.F.A.s
Etc.
Unlinkable actions on attestations & claimsUser
Attesters Alastria Blockchain Service providers
Financial
Education
Government
Corporates
Trust SPGAFA, etc.
CG
E
F
Claim
UnlinkableActions Registry
Hash Hash
Hash
AttestationRevoke
ClaimReceivedDeleted
AttestationValid
Delete
ClaimValidDelete
Attestation
Financial
Education
Government
Corporates
G.A.F.A.s
Etc.
Privacy by design: Private Sharing Multi hashes
User
AttestersAlastria Blockchain
Service providers
Financial
Education
Government
Corporates
Trust SPGAFA, etc.
CG
E
F
Claim
Unlinkable HashState Registry
Hash HashHash
Four, independent,Private Sharing hashes
Issuer Attestation Hash
Receiver ClaimHash
User Attestation Hash
User ClaimHash
Attestation
Timeline
Id Generation
Attestations
ClaimsAuthentication
Attester & SP Emulation
Mobile App.
Use cases
SMART CONTRACTS
Features
Id Generation
Attestations Claims
Authentication
• Under User control, backed by Alastria Member
• Permanent: Flexible Pub&Priv Key management
• Linked to Attestation & Claims• Allows Single Sign On authentication• Secure ID & Key recovery mechanism
• Under User control, linked to Alastria ID• Signed by Issuer (Alastria Member)• User Deletion & Issuer Revocation
• No linkable actions• Multi Standard Attribute support • Mandatory Subject’s Alastria Id• Level of Assurance support• Validity Period
•Easy to use Single Sign On•User Authentication •Anti phising S. Provider Authentication •Alastria Id current Pub Key checking•Interoperable with S.P. Auth. Tech.
•Under User control•1 to N multi-issuer signed attestations•Validity Period•Linked to specific Business Process•Signed by Subject•Subject Presentation & Deletion Req.•S. Provider Deletion Confirmation•No linkable actions
IdentityAlastria Id Specification Overview
Alastria Blockchain
Alastria IDRegistered hashes and status: Valid,
AskIssuer, Revoked, Deleted
Service Provider
Id Generation
Claim (Level of Assurance)Authentication: This is meClaim: I am (attribute)
I can do it
Attestation (Level of Assurance)Who am I?How am I?
What can I do?
RegistryPub KeysAttestationsClaimsTransactions
ALASTRIA IDRoles and relationships
Id Recovery
Attestation& Claim
Repository
SubjectPrivate Keys
Validation 18
ConfirmationRevocationAttestation
IssuersCore Attributes
Other Attributes
Alastria Id – Primitive ActionsOn-Chain & Off-Chain
• Alastria Id Generation• Authentication• Public Keys
Generation, Registration, Revocation and Deletion
• AttestationsIssuance, Registration, Revocation and Deletion
• ClaimsPresentation, Registration, Confirmation and Deletion
• Identity and Private Key Backup & Recovery• Signed transactions
AlastriaBlockchain
19
Alastria Id – Attestation - W3C Verifiable Credential
Header:@context: http://schema.org@type: PersonNetworkId: AlastriaTestNet01
Subject:SubjectAlastriaID: SubjectProxyAddress
AttributeData:@LevelOfAssurance: 2address:
@type: PostalAddress,addressLocality: Madrid,addressRegion: Spain,postalCode: 28001,streetAddress: Alfonso XI, 6
IssuanceDates:InitialValidityDate: 2018-04-20/12:00EndValidityDate: 2023-04-20/12:00
Issuer:IssuerURL: IssuerURL IssuerAlastriaID: IssuerProxyAddressIssuerPubKey: CurrentIssuerPubKeyIssuerSignature: IssuerSignature
• Multi standard support for Attribute Names.
• Network identification• Mandatory Subject’s Alastria Id• Level of Assurance• Single attribute recommended.• Multiple attribute supported.• Mandatory Initial Validity Date.• Optional End Validity Date.• Optional Issuer revocation URL• Mandatory Issuer’s AlastriaId.• Mandatory Issuer Signature (with
current Private Key)
Attestation Info:
20
Attestation
ClaimDates:InitialClaimDate: 2018-04-20/12:00EndClaimDate: 2023-04-20/12:00
Recipient:RecipientAlastriaID: RecipientProxyAddress
Purpose:ProcessHash: Hash of the process description & permanent link to it
Signature:SubjectPubKey: CurrentSubjectPubKeySubjectSignature: SubjectSignature
Attestation N
IssuerSignature: IssuerSignatureN
Attestation …
IssuerSignature: IssuerSignature…
Alastria Id – Claims - W3C Verifiable PresentationClaim
Attestation 1Header:@context: http://schema.org@type: Person
Subject:SubjectAlastriaID: SubjectProxyAddress
AttributeData:@LevelOfAssurance: 2address:
@type: PostalAddress,addressLocality: Seattle,addressRegion: WA,postalCode: 98052,streetAddress: 20341 Whitworth Institute
IssuanceDates:InitialValidityDate: 2018-04-20/12:00EndValidityDate: 2023-04-20/12:00
Issuer:IssuerURL: IssuerURLIssuerAlastriaID: IssuerProxyAddressIssuerPubKey: CurrentIssuerPubKey
IssuerSignature: IssuerSignature1
• Direct Use of Attestations to share Attributes with SP would have made correlation easier.
• Much more than a simple Attestation list.• 1 to N attestations from (different) issuers,
including their original digital signatures.• Mandatory Claim Initial Validity Date.• Optional Claim End Validity Date• Mandatory Service Provider Alastria ID.• Business Process Description Link & Perm. Hash,
linking the consent to a specific business process or purpose.
• [Optional] current Subject’s Public Key.• Mandatory Subject’s Signature (done with
current Private Key).
21
• Subject should be able to register (the hash of) an attestation.• Registration is made on the Blockchain by the Registry Smart Contract using the AlastriaId.
• Subject should be able to mark an attestation as deleted in the Registry.• Everybody must stop using the attestation and delete their copies.
• Issuer should be able to revoke attestations on the blockchain.
• Third parties should not be able to realize any Issuer- Subject relationship from the above actions.
• Alastria Id will use Private Sharing Multi (PSM) hashes derived from the attestation.• SubjectAttestationHash (aka AttestationHash or dataHash): used to register and delete the
attestation.• IssuerAttestationHash (aka RevocationHash): used to revoke the attestation.
• The relationship between both PSM hashes and the attestation is only know to those having produced or received the attestation off chain.• Issuer.• Subject (sent by the Issuer).• Service Provider (sent by the Subject).
Private Attestation Management: requirements
22
Private Metadata Sharing: Private Sharing Multi Hashes
• UserAttestationHashComplete attestation
+Issuer Alastria ID
Header:@context: http://schema.org@type: Person
Subject:SubjectAlastriaID: SubjectProxyAddress
AttributeData:@LevelOfAssurance: 2address:
@type: PostalAddress,addressLocality: Madrid,addressRegion: Spain,postalCode: 28001,streetAddress: Alfonso XI, 6
IssuanceDates:InitialValidityDate: 2018-04-20/12:00EndValidityDate: 2023-04-20/12:00
Issuer:IssuerAlastriaID: IssuerProxyAddressIssuerURL: AskIssuerURLIssuerSignature: IssuerSignature
• IssuerAttestationHashComplete attestation
+User Alastria ID
Header:@context: http://schema.org@type: Person
Subject:SubjectAlastriaID: SubjectProxyAddress
AttributeData:@LevelOfAssurance: 2address:
@type: PostalAddress,addressLocality: Madrid,addressRegion: Spain,postalCode: 28001,streetAddress: Alfonso XI, 6
IssuanceDates:InitialValidityDate: 2018-04-20/12:00EndIssuanceDate: 2023-04-20/12:00
Issuer:IssuerAlastriaID: IssuerProxyAddressIssuerURL: AskIssuerURL
IssuerSignature: IssuerSignature
RoleId: User Alastria ID
Properties & Relationship• Different UserAttestationHash and
IssuerAttestationHash.
• Both are easily calculated from the very same attestation.
• Not guessable without attestation.
• User Alastria Id added in UserAttestationHashIssuer Alastria ID added in IssuerAttestationHash
• The pair of hashes could be used to privately update Blockchain information about the attestation.
• Only available for those having shared the attestation or a claim that includes the attestation.
• Attestation could be marked as deleted (by the Subject) or revoked (by the Issuer) in the blockchain.
• General multi-role Private Metadata Sharing mechanism using Private Sharing Multi hashes, PSM Hashes.
23
RoleId: Issuer Alastria ID
Has
he
d D
ata
Hash
ed
Data
• Subject should be able to register (the hash of) a Claim.• Registration is made on the Blockchain by the Registry Smart Contract using the AlastriaId.
• Subject should be able to Ask a Claim to be deleted, just using the Registry.• The receiver must stop using the Claim and delete any copy, unless allowed by GDPR
• SP should be able to confirm reception and deletion, on the blockchain.
• Third parties should not be able to realize any Subject-SP relationship from the above actions.
• Not even the Issuer could have any clue about attestation usage inside claims.
• Claims registered actions must be unlinkable to attestations registered actions.
• Alastria Id will use a couple of PSM hashes derived from the Claim.• SubjectClaimHash (aka dataHash): used to register the Claim and Ask the Claim to be deleted.• SPClaimHash: used to confirm Claim reception and deletion by the Receiver.
• The relationship between both PSM hashes and the Claim is only know to those having produced or received the Claim off chain.• Subject (Sender).• Service Provider (SP-Receiver).
Private Claim Management: requirements
24
Attestation Issuers
Core AttributesOther Attributes
Service Provider
Id Generation
Signed Claim (LoAs)
Authentication: This is meClaim: I am (attributes)
I can do it
Signed Attestation (LoA)Who am I?How am I?
What can I do?
ALASTRIA IDSmart Contracts
Encrypted Attestation
& Claim
SubjectPrivate Keys
Proxy
IdMngr
Registry
IdMngr
ProxyIdMngr
Proxy
OtherContracts
Validation
Alastria Blockchain
25
• identity Manager• Manages the relationship between public-private subject keys and Proxy
• Proxy• Acts on behalf of the subject
• AlastriaId is the address of the subject’s proxy contract
• The proxy contract, and so every AlastriaId, is forever
• Registry: AttestationRegistry, PublicKeyRegistry & ClaimRegistry• Central registry for everything related to Alastria Id
• Stores mainly hashes and statuses, never personal information
• Could be extended to transactions
Alastria Smart Contracts (SC)
26
Service Provider
Signed Attestation (LoA)Who am I?How am I?
What can I do?
Attestation RegistrySubjectHash &
IssuerHash
Subject
Alastria Blockchain
27
Set SubjectHash, Valid
Set SubjectHash, Deleted
Set IssuerHash, Revoked
Proxy
MetaIdMngr
AttestationRegistry
MetaIdMngr
Proxy GetStatus SubjectHashGetStatus IssuerHash
AttestationIssuers
Role Based HashesEnsure actions registered on the blockchain are unlinkableby third parties
Registry is only understandable for Issuer, Subject & SP
that have produced or received the attestation
AlastriaId Generation
SesionManager
WebApp
Alastria IdUser
Password
Private/Public Keys
A Open Access
2 2a
4
3b
BlockChainIdMngrProxy
Registry
Process
1. Private/Public Key generation on Subject’s device
2. Authentication by the current member WebApp.
3. Alastria Id set-up
a. Members Pushes or shows QR
i. JSON Alastria Token (AT)
ii. Requiring KPub
b. Subject sends signed AT and waits SetUpAlastriaId Event
c. Member calls setUpAlastriaIdFrom: MemberTo: MetaIdentityManager.Function: SetUpId (PubKey)Returns: AlastriaId
d. At SetUpAlastriaId Event
Subject calls CreateAlastriaIdFrom: SubjectTo: MetaIdentityManager.Function: CreateId (PubKey)Returns: AlastriaId
4. At CreatedIdentity EventMember links AlstriaId to Subject preexistent Id on its systems.
1
3a
28
3c
3d
AlastriaId Authentication
2
4
7
Process
1. User connects to WebApp and selects Alastria Id.
2. Member phushes or shows QR signed JSON with:
a. Alastria Token
b. Requiring Subject’s AlastriaId & PubKey
3. Alastria App picks member’s Public Key (Hash) trough GW.
4. Step 2 signature is checked.
5. User sends Signed Alastria Session with:
a. Alastria Token
b. AlastriaId + PubKey
6. Member picks subject’s Public Key (Hash) trough GW
7. Step 5 signature is checked
8. First time AlastriaId authentication requires traditional authentication or reliable attestation. AlastriaId must be linked to preexistent Id.
9. Session token is sent to WebApp.
6
3
9
1a
5
8
29
WebApp
Alastria IdUser
Password
SesionManager
A Open Access
BlockChainIdMngrProxy
Registry
Private/Public Keys
1
Alastria Open Access (AOA)
• In a permissioned network as Alastria, nodes can only be run by members. Alastria network can only be accessed through those nodes.
• A specific mechanism, Alastria Open Access, is required to provide fine grained exposure of RPC API.
• Alastria Open Access is meant to give access to:• Personal users• Members not running a node • Affiliated service providers that are not Alastria members
• AOA (Alastria Open Access) should be as transparent as possible:• Providing TLS• Exposing selected RPC API and filtering everything else• No added value or combining Smart Contracts calls
• AOA should be able to detect and react to DoS attacks.
30
Alastria Open Access available RPC
• RPC should be carefully analyzed
• Initial approach• Admin & Personal RPC should be filtered
• Call & SendRawTransaction should be allowed
• Remaining should be filtered unless required
• For Members willing to provide just Alastria Identity access• All SendRawTransactions should be addressed to the most recently deployed
AlastriaIdentityManager
31