Blockchain Identity Management: The Definitive Guide (2020 Update)

After this post you’ll know exactly what it means to use blockchain technology for Identity Management.

Our expertise in digital identity technologies has led us to develop pilots with a major international NGO and the Turkish Ministry of Foreign Affairs and placing top 5 in the global Chivas Venture award among a thousand startups. We are now about to launch Ana, a digital identity management platform that uses blockchain technology and allows organisations to issue tamper-proof digital credentials which are verifiable anywhere, at any time.

Current identity management systems have privacy and security problems. And blockchain technology may be the solution for them. On this blog we examine what blockchain is, what benefits it brings to identity management, the role of cryptography and zero-knowledge proofs, what Self-Sovereign Identity is, why it’s a terrible idea to put personal data on the blockchain and much more.

Let’s dive in.

What is Blockchain?

Distributed Ledger Technology (DLT), commonly simply called “Blockchain Technology”, refers to the technology behind decentralised databases providing control over the evolution of data between entities through a peer-to-peer network, using consensus algorithms that ensure replication across the nodes of the network.

More simply put:

Imagine a book (or ledger) that anyone could obtain, free of charge, where anything written on its pages would be there forever, and at the same time, would be cross-referenced with the other books to check whether what was written to be valid and true; this is the essence of DLT.

Why was Blockchain created?

Digital assets have a problem. How does one avoid that an asset, such as digital money, is copied and used by several people? That was a problem that always plagued the adoption of digital currency. 

Banks allow trust between people exchanging funds. The bank withdraws the funds from person A and assures it’s deposited on B’s account. Both parties trust the bank to perform the operation.

But if one intended to create an ecosystem where there is not a single entity controlling the flow of information, where a user could send money directly to another user without it going through a central entity, this was a problem. How could the people involved in this financial system trust that the money had left A’s account and deposited on B’s? How could it be avoided that this digital money was copied and double (or triple) spent by A?

This problem was solved by the person, or entity, known as Satoshi Nakamoto in 2008.

Why is a Blockchain secure?

What makes blockchain secure is the fact that each block where data is recorded cannot be changed. One can only write to the blockchain after the consensus of the majority of the network. Meaning that for a piece of information to be changed, all the blocks created after it would have to be changed and 51% of the network would have to agree on that change. Since blocks are being created every moment, changing those and the blocks preceding it until reaching the one we intended to change, would require enormous computing power. Also changing a block will result in creating a new branch of information which will be considered the source of truth, but the existing data also remains in a different branch, this process is called forking.

Satoshi created blockchain to solve the double-spend problem of digital currency and to act as a ledger, a registry, of the transactions of Bitcoin. Each person that transacts Bitcoin acts as a node in the network, registering a transaction on the Bitcoin blockchain. This makes it decentralized, as no central authority is needed and each person in the network can write on the ledger, and allows for consensus in the network without the need of a middle-man. The more people are in the network, the more difficult it is for a majority collusion in order to subvert the veracity of the information on the blockchain.

With a public, immutable, registry, managed by collaboration and collective altruism, this digital currency users could easily verify transactions and be assured that the funds were being transferred only once and not digitally copied infinitely. 

A Blockchain is also considered a system with high Byzantine Fault tolerance. A Byzantine Fault is an occurrence on decentralized systems where it may appear, for one user, that the system is working perfectly and, to others, that the system is failing.

How does a Blockchain work?

The units where information are registered, the “pages” of this ledger, are blocks. Each block contains hashed information.

A hash is a function widely used in cryptography. It’s a mathematical algorithm that transforms a piece of information into a string of alphanumeric values: the “hash” or “hash value”. If the same information is introduced in the input, it will always deliver the same hash in the output. If there’s even the slightest change in the input information, the output hash will be widely different (this is known as the avalanche effect). Avoiding any correlation between hashes. 

It’s a “one way function” because using the hash value in the output to find what was the information in the input is extremely difficult.

An Example of the hash and how the avalanche effect alters the output with even the slightest change in the input. (Graph Source)

Each block is linked to the next block through a cryptographic hash, and so one. Creating a chain. Thus, the blockchain.

Permissioned or Permissionless Blockchains

Blockchains can be Permissioned or Permissionless.

Permissionless, like the most digital currency blockchains, allow all users to write on the ledger. There’s no permission needed from anyone to become a node on the network.

To become a node on a Permissioned blockchains, one would need authorization from one or several parties. An example of a Permissioned Blockchain is the Sovrin one. Sovrin is governed by a set of Stewards who act as nodes. This is done to preserve the integrity of the information, in this case related to digital identity, that is written on the ledger. Stewards are trusted and vetted by The Sovrin Foundation.

What is Identity Management?

Also known as “identity and access management”, or IAM, identity management comprises all the processes and technologies within an organisation that are used to identify, authenticate and authorize someone to access services or systems in that said organisation or other associated ones.

Examples of this would range from customers and/or employees accessing software or hardware inside a company/enterprise – and the level of access, privileges and restrictions each user has while doing so – or, in a governmental setting, the issuing and verification of birth certificates, national id cards, passports or driver’s licenses (that allow a user/citizen to not only prove his identity but also access services from the government and other organisations).

The problem with current Identity Management Systems

Identity has a problem. If it’s paper-based, such as birth certificates sitting idly in a basement of a town hall, it’s subject to loss, theft of fraud.

A digital identity reduces the level of bureaucracy and increases the speed of processes within organisations by allowing for a greater interoperability between departments and other institutions. But if this digital identity is stored on a centralised server, it becomes a honeypot for hackers. Since 2017 alone, more than 600 million personal details – such as addresses or credit card numbers – have been hacked, leaked or breached from organisations.

Most of the current identity management systems are weak and outdated.

Identities need to be portable and verifiable everywhere, any time, and digitization can enable that. But being digital is not enough. Identities also need to be private and secure.

Several industries suffer the problems of current identity management systems:

  • Government: The lack of interoperability between departments and government levels takes a toll in the form of excess bureaucracy. Which, in turn, increases processes’ times and costs.
  • Healthcare: half of the world’s population does not have access to quality healthcare. The lack of interoperability between actors in the healthcare space (Hospitals, clinics, insurance companies, doctors, pharmacies, etc) leads to inefficient healthcare and delayed care and frustration for patients.
  • Education: It is estimated that two hundred thousand fake academic certificates are sold each year in the USA alone. The difficulty in verifying the authenticity of these credentials leads to hiring of unqualified professionals, brand damage to the universities and the hiring companies.
  • Banking: the need for login details such as passwords decreases the security of banking for users. 
  • Businesses in general: the current need to store clients’ and employees’ personal data is a source of liability for companies. A personal data breach may result in huge fines due to GDPR infringement – such as the British Airways case – or simply due to customer trust loss and consequential damage to the organisation’s brand.

We’ve written about how private and secure digital identities and identity management with blockchain is a major innovation for banking and healthcare.

Cryptography in Identity Management

Whenever we need to prove something about our identity – either our name, address or passport number – there is a process of authentication. A verifying entity confirms that the data we are claiming about ourselves is true or false. This is usually done through the verification of our identifying documents.

These identity verification and authentication processes make privacy concerns arise. Should a verifying entity requesting me to prove my name with my passport have access to the remaining information contained in my document while they are looking at it to verify that information? Does an entity that request a proof of my age need to know the day and month I was born?

A blockchain identity management system that uses Zero-Knowledge Proofs

A Zero-Knowledge Proof is a method of authentication that, through the use of cryptography, allows one entity to prove to another entity that they know a certain information or meet a certain requirement without having to disclose any of the actual information that supports that proof. The entity that verifies the proof has thus “zero knowledge” about the information supporting the proof but is “convinced” of its validity. This is especially useful when and where the prover entity does not trust the verifying entity but still has to prove to them that he knows a specific information.

In an identity management with blockchain scenario, this allows a person to prove that their personal details fulfil certain requirements without revealing the actual details.

For example, one could prove that she is over 21, without showing her exact date of birth.

Zero-Knowledge Proofs are famously illustrated by the “Yao’s Millionaires’ problem”. A scenario formulated by the computer scientist Andrew Yao. Yao discusses two millionaires, Alice and Bob, who do not want to reveal how much money each has but want to know who is the richest.

A Blockchain based Identity Management Solution

In identity management, a distributed ledger (a “blockchain”) enables everyone in the network to have the same source of truth about which credentials are valid and who attested to the validity of the data inside the credential, without revealing the actual data.

The 3 actors in Identity Management with Blockchain: Owners, issuers and verifiers

When talking about leveraging blockchain technology for identity management, it’s important to note that there are three different actors in play: identity owners, identity issuers and identity verifiers. 

The identity issuer, a trusted party such as local government, can issue personal credentials for an identity owner (the user). By issuing a credential, the identity issuer attests to the validity of the personal data in that credential (e.g. last name and date of birth). The identity owner can store those credentials in their personal identity wallet and use them later to prove statements about his or her identity to a third party (the verifier).

A Credential is a set of multiple identity attributes and an identity attribute is a piece of information about an identity (a name, an age, a date of birth). 

Credentials are issued by second parties whom attest to the validity of the data inside the credential. The usefulness and reliability of a credential fully depends on the reputation/trustworthiness of the issuer.

How Blockchain brings privacy and security to Identity Management

Through the infrastructure of a blockchain, the verifying parties do not need to check the validity of the actual data in the provided proof but can rather use the blockchain to check the validity of the attestation and attesting party (such as the government) from which they can determine whether to validate the proof.

For example, when an identity owner presents a proof of their date-of-birth, rather than actually checking the truth of the date of birth itself, the verifying party will validate the government’s signature who issued and attested to this credential to then decide whether he trusts the government’s assessment about the accuracy of the data.

Hence, the validation of a proof is based on the verifier’s judgement of the reliability of the attestor.

Leveraging blockchain technology, like Tykn‘s digital identity management system does, establishes trust between the parties and guarantees the authenticity of the data and attestations, without actually storing any personal data on the blockchain.

This is crucial as a distributed ledger is immutable, meaning anything that is put on the ledger can never be altered nor deleted, and thus no personal data should ever be put on the ledger.

Blockchain Identity Management Red Flag: Does personal data go on a Blockchain?

  1. Putting personal data on the ledger puts the privacy of the users in danger (as it will constantly be subject to hacking and data breaches). It could always be hacked (if not now, probably at some point in the future)
  2. It violates current privacy regulation (e.g. GDPRright to be forgotten);
  3. it is also not efficient as an identity is dynamic (attributes can change over time e.g. house address or number of children).

When working in digital identity and identity management with blockchain, it’s extremely important to always keep in mind that:

No personal data should ever be put on a blockchain.

When using a Blockchain Identity Management system what exactly goes on the Blockchain?

Only references and the associated attestation of a user’s verified credential are put on the ledger.

Privacy can be ensured through non-correlation principles via pseudonymisation. So, instead of storing actual private information, the only things stored on the ledger (for the purpose of verification) are:

  1. Public Decentralised Identifiers (Public DIDs) and associated DID Descriptor Objects (DDOs) with verification keys and endpoints. 
    • DIDs are a new type of unique identifiers for verifying digital identities, and are entirely controlled by the identity owner. DIDs are independent of centralised registries, authorities or identity providers.
  2. Schemas
    • The formal description for the structure of a credential.
  3. Credential definitions
    • The different (often tangible) proofs of identity or qualification issued by authorities; such as drivers licenses, passports, identification cards, credit cards, etc. Hence, credential definitions are — as the name suggests — merely the definitions of these different credentials to be stored on the ledger.
  4. Revocation registries
    • An option for issuers to be able to revoke the claim. The revocation registry is what tells the rest of the world how the issuer will publish the revocation information.
  5. Proofs of consent for data sharing
    • In order to prove consent or reception of data (basically saying the data has been received and checks have been executed on it), these consent receipts (i.e. proofs of consent) let people do so.

Decentralized Identifiers: The next big thing in Identity Management with Blockchain.

DIDs are a new type of unique identifiers for verifying digital identities, and are entirely controlled by the identity owner. DIDs are independent of centralised registries, authorities or identity providers.

According to Phil Windley, Chairman at Sovrin, DIDs should have the following properties:

Decentralized identifiers should be non-reassignable. They should be permanent. Other identifiers, such as IP address or email address, can be reassigned to other entities by whomever is in control. This reduces privacy and security.

Decentralized identifiers should be resolvable. Each DID resolves to a DID Document that states the “public keys, authentication protocols, and service endpoints necessary to initiate trustworthy interactions with the identified entity” (source). Through the DID Document, an entity should understand how to use that DID.

Decentralized identifiers should be cryptographically verifiable. Through the use of cryptographic keys, a DID owner can prove their ownership of the DID. The public key contained in the DID Document can also be used to attest to the authenticity of the issuing authority’s signature associated with a credential.

Decentralized identifiers should be decentralized. Current identity management systems rely on centralized registries. Each of these registries ensures trust. DIDs do not depend on a central authority. Distributed ledger technology ensures trust as it allows everyone to have the same source of truth about the data in the credentials.

A new spec is coming up in W3C where you don’t need to always rely on the central service to resolve DIDs. For use cases where a DID is going to be unique. E.g in pairwise connections or closed groups you can use Peer DIDs. More info on this, here.

Decentralized Identifiers could then increase security, as they eliminate siloed identity management, and increase privacy, as they give the identity owner the opportunity to selectively disclose specific information about himself. Ultimately, they will turn digital identities into Self-Sovereign Identities as they allow each individual to own and control their identity without depending on other parties.

What if I need to change something? Revocation in Blockchain Identity Management

Next to checking the attesting party, verification of a credential also includes checking the validity of the attestation itself. The validity of the attestation, meaning the accuracy and can be validated through a so called revocation registry.

The registry contains the status of each credential, whether it has been revoked (deleted or updated) and hence whether this specific credential is still valid.

In other words, the ledger enables everyone in the network to have the same source of truth about which credentials are still valid and who attested to the validity of the data inside the credential, without revealing the actual data.

The scenario

>“This is my drivers licence”

>> “Says who?”

>“Says them”

>> “Who are they and do I know I can trust them?”

+

>> “Do they still agree/attest to this or have they changed their judgement?”

>“Yes they have not revoked their attestation up to now”

Revocation means deleting or updating a credential. The possibility for an issuer to revoke a credential is crucial to an identity infrastructure for the main reason that identities are dynamic.

Attributes can change over time e.g. house address or number of children, and some credentials should have a expiry date for example a passport or drivers licence. The fact is, however, that in order to ensure trustworthiness of the system and eliminate the possibility to defraud, credentials are immutable.

After issuing, no one (not even the issuer) can change the information inside the credential. Hence, when attributes change, a new credential needs to be issued and the old one needs to be announced invalid. Thus, at each proof the users needs to proof that the credentials used in the proof are still valid. The revocation registry allows him to prove this without contacting the issuing party.

For example, the Government issues a credential to you, that you have 3 children. A month later your family is blessed with a 4th child. Now, the Government will mark the previous credential as invalid (stating that you have 3 children) and will issue a new credential stating that you have 4 children.

The revocation registry is a complex mathematical concept. One that we dive deeply on this blog, written by Katja Bouman, about how the revocation registry works.

How to prevent identity fraud and identity theft if I’m doing Identity Management with Blockchain

Through identity management with blockchain technology, each user stores their digital identity credentials on a digital identity wallet on his devices (like his mobile phone). Which begs the question: what if his phone is lost or stolen?

According to Sovrin, there are two steps to be taken.

The first one is to revoke the device’s authorization to use credentials. Digital Identity credentials are only valid if used from a device that was authorized to do so. If a user’s phone is lost or stolen, that user could use another authorized device, like his laptop, to write on the blockchain that his mobile phone’s authorization is now revoked. 

This would take immediate effect and stop anyone from using the digital identity credentials on the phone. The thief would not be able to impersonate the user even if he has her passwords, biometrics or phone because the blockchain, immutable and secure, would contain a revocation registry for the phone.

Revocation of the device’s authorization impedes the thief to impersonate the user to create new relationships. The second step impedes the thief to explore the existing relationships between the device and other people or organisations. The second step thus is to revoke the existing relationship keys (pairwise connections where each of them has a unique key).

These two steps stop an identity thief to use digital identity credentials to access new services or explore relationships with existing ones. While conveniently letting the user still use his credentials on another device.

In many current cases, if users wished to cancel a stolen identity card, they would have to physically go to the municipality or governmental department, cancel that card and make a new one from scratch. Which would take time and still would not impede an identity thief from using your data. In the case of a stolen credit card, users will call the bank (which still takes considerable time) and won’t be able to use the card until a new one is issued and sent to him.

Sovrin have published a pdf with a thorough explanation on the technical aspects of device loss of theft that we recommend.

Models of Digital Identity Management

The first model of digital identity management was a siloed one. Each organisation issues a digital identity credential to a user to allow him to access its services. Each user needs a new digital identity credential for every new organisation he engages with. According to Elizabeth M. Renieris (Former Global Policy Counsel at Evernym) this provides a “poor overall user experience”. Just remember all the websites you had to register and create new passwords and login details for.

The second model of digital identity management is called the “Federated” one. Because of the poor user experience of the first model, third parties began issuing digital identity credentials that allow users to login to services and other websites. The best examples of this are “Login with facebook” and “Login with Google” functionalities. Companies “outsourced” their identity management to major corporations who have an economic interest in ammassing such large databases of personal data. This, of course, raises privacy and security concerns.

Facebook, Google and others became the middlemen of trust.

The emergence of Blockchain technology is what allowed the third model of identity management: Self-Sovereign Identity.

If you’re keen on reading more about it, we published this Ultimate Beginner’s Guide on Self-Sovereign Identity.


Learn more about Ana, Tykn’s digital identity management system leveraging blockchain technology.

Why is Hyperledger Indy the best solution to start a Self-Sovereign Identity solution on?

The biggest community of people building a Self-Sovereign Identity infrastructure is Hyperledger Indy.

“Hyperledger is an open source collaborative effort created to advance cross-industry blockchain technologies. It is a global collaboration, hosted by The Linux Foundation”. (1)

One of its projects – Hyperledger Indy – is a distributed ledger built for the purpose of decentralized identity.

“Hyperledger Indy provides tools, libraries, and reusable components for providing digital identities rooted on blockchains or other distributed ledgers so that they are interoperable across administrative domains, applications, and any other silo.” (2)

Although Hyperledger Indy is still quite young with a lot to be discussed and done, we believe it is by far the best infrastructure to study and to start building in a Self-Sovereign Identity Solution on. Indy has one of the most mature codebase and an engaged community around it, researching, asking questions and working towards the maturity of the ecosystem. Not only are the best people in the identity field working on developing it but also because it’s part of a transparent consortium, a transparent foundation.

The main tool to start using Indy is Indy-SDK. An SDK (Software Development Kit) is a “kit” that brings all-you-need tools in one library.

We do believe Hyperledger Indy still has to overcome two hurdles:

1) Today the solution still relies solely on the Indy-SDK.

That can be tricky as it carries a lot of heavy-weight assumptions like the need to use ZeroMQ, which browsers are not compatible with because it requires RAW TCP access to communicate with the node. That usually requires more recent mobile devices to work. Also, being a kind of all-in-one library it carries functionalities not always needed to everyone that uses it. 

2) The use of Rust to write the Indy-SDK

According to Daniel Hardman, Technical Ambassador at Hyperledger, the reason to use Rust as the programming language for Indy was because “We needed a language that could cross-compile for many different platforms, and that produced a C-callable API so lots of other languages could benefit from the artifacts it builds; if we didn’t have that, we’d have to write the same low-level crypto and wallet operations multiple times. Rust, Go, and C++ were the only serious candidates, and Rust had the nicest compiler options for cross-platform. Go’s C-callable support is harder to adapt when you are using Go routines. Rust is growing and is very popular with its developers.” (3)

We do agree that Rust is a very optimized programming language. It was a great choice to develop Indy. It compiles into C and can be read by most of the libraries. Rust can be compiled into C callable libraries and can be called by Node.js. But, in our opinion, it doesn’t matter much if it can be called but cannot be read by the great majority of other programmers.

Other languages that can generate C callable libraries – like C# (CoreRT) – are way easier to read and have a bigger community. For us to ramp-up someone new to this space, someone fresh out of University who needs to be onboarded to Sovrin, for example, we have to teach him blockchain, mathematics, cryptography, P2P networking and now also on Rust. The amount of knowledge that needs to be transmitted makes it more difficult to democratize this technology. To make it available for more developers. 

In opposition, Ethereum has many libraries compiled in many languages. There’s Go, Python, C#, Node.js, Javascript. The idea behind this was to make it easier for someone to be able to read and start contributing to it. It’s more democratic, it grows faster.

Nonetheless, we believe Rust is a promising language.


If you’d like to read more, we wrote this in-depth blog on Identity Management with Blockchain and the Ultimate Beginners Guide to Self-Sovereign Identity.

We just launched Ana, a digital identity management platform that allows organisations to issue tamper-proof digital credentials which are verifiable anywhere, at any time.

“Changes in The Sovrin Foundation” – Tykn’s Statement

Tykn is one of the Founding Stewards – a validator node – in the Sovrin Network. A Self-Sovereign Identity network based on a public permissioned blockchain started by The Sovrin Foundation.

As you may have possibly heard/read by now, due to the recent economic climate, The Sovrin Foundation’s funding model became no longer viable and the Foundation will, until further developments, be relying upon a full volunteer staff.

Nonetheless, The Sovrin Network is operational. From the Sovrin Foundation Press Release:

  • – “Stewards, like Tykn, are operating validator nodes and transactions are being validated and added to the ledger.
  • Transaction Endorsers are writing credential definitions, public DIDs, and other ledger data on behalf of Transaction Authors.
  • Credentials are being exchanged and validated.
  • The Board of Trustees is functioning and carrying out their duties.
  • Various self-organizing governing bodies such as the Technical Governance Board, Governance Framework Working Group, and Steward Qualification Committee (SQC) are all functioning and carrying out their duties.

The Sovrin Network was designed to operate in a decentralized manner, independent of the Foundation staff and it’s functioning as expected.

This is one of the merits of true decentralised networks: if one of its parts stumbles, even if it’s the one that started it, the network continues on.

We are, and will continue to be, using the Sovrin Network on our mission to create a future of opportunity through digital identity. Because people matter.

5 Remote Working Tips from a Remote-First Company

For most of our 3-year existence, Tykn has been a remote-first company. Our Sr. Sovrin Engineer, Product Manager and Marketing Director are fully remote. Working from India, the UK and Portugal respectively.

We support the scientific community’s opinion that social distancing & behaviour change as well as the constraining of mobility patterns are the best deterrents for the spread of COVID-19. We believe it to be our civic duty to help stop the virus’ proliferation. If not contained, its escalation is certain to overload medical facilities with tragic consequences.

From our remote working experience we’ve learnt a few best practices that might be useful to other teams:

Stand-Ups

Every morning, our team dials in on Zoom for a quick call (usually around 15-20 minutes long).

In this Daily Stand-Up each person answers the following questions:

“What have you done yesterday?”
“What will you do today?”
“Are you feeling any blockers?”

We believe adding a daily stand-up to our routine has had a tremendous positive effect on the teams’ productivity. It enhances everyone’s focus and organisation on the tasks at hand, progress is better tracked and small blockers are, sometimes, easily solved right there. But most importantly this daily call allows for social contact and it creates a feeling of unity within the team.

We also use a Slack Bot – Geekbot– to help us further account for our daily goals. Every morning the bot prompts each member to answer those questions and they are all compiled in a Slack channel. Even if a team member is not able to join the stand up, everyone knows what the others are up to.

The Daily Stand-Up, also known as Scrum Meeting, is a process originated in Scrum, an “agile process framework for managing complex knowledge work” (you can read more about it here)

Weekly Goals

Every Monday, the team dials in to state the goals they want to achieve that week. In every Weekly Goals meeting, one team member takes the lead as Master of Ceremony and registers everyone’s goals in Notion.

Documentation

Notion has been one of the great discoveries we have made for collaborative work and documentation. We previously used Google Docs but, unfortunately, while Google is great at search they tend not to be within their own Drive. Using it, we felt clumsy, unorganised and lost at times.

Notion lets us work on the same written documents collaboratively while having an intuitive and smart folder architecture. It also comes packed with great templates ready to use, such as an Engineering Wiki, Sales CRM or Roadmap! This blog draft is going right in there for the team to comment on before publishing 🙂

Meeting documentation is important not only for future references but also for enhanced clarity within the team, each person documents their meetings on Notion. Be it internal meetings or ones with partners, clients or prospects. That way, a member who does not attend can always refer back to the meeting memo to be up to date.

Open Communication & Cultural Awareness

Clear and efficient communication is key to great remote work. It’s important that the entire team clearly understands what someone else is conveying without having to second guess.

In our case, we have 6 different nationalities in the team so we are especially conscious about it. Could cultural backgrounds affect what the other is perceiving?

At Tykn, everyone has read Erin Meyer’s “The Culture Map”, which masterfully describes cultural differences across spectrums of feedback (direct vs indirect), context (high vs low), hierarchy and more. For instance, in Arabic cultures, direct negative feedback can be perceived as rude, while in Dutch culture it is embraced and welcomed. It’s important to be cognizant of these nuances and Erin highlights this with many more examples and anecdotes. Great book for multicultural teams!

Also, in our day to day, everyone needs to be able to openly say they did not understand something or ask someone else to clarify. Do not leave room for interpretation (as adopting low context communication leads to less miscommunication across multi-cultural teams). This applies not only to video conferencing (where we favor Zoom) but also to written communication (where we favor Slack, Email & Notion).

We like everyone to know everything. We are transparent about the challenges and welcome any kind of feedback on ourselves and the company. We want everyone to feel included in the decisions and why they were made. You may be far but we want you to feel close.

Weekly Cool-Down

By the end of the week, the team dials in again for a cool-down call.

Everyone talks about the progress made in the Weekly Goals and also how they felt during that week. One of the purposes of this meeting is to celebrate our achievements. In a high-paced work environment, it’s easy to be constantly consumed by our stresses and to minimize the achievements. It’s an hour for compliments and constructive feedback!

A great tool to get feedback on how our team is feeling is Officevibe. It sends everyone regular emails with several prompts asking how that person is feeling towards their work, colleagues and company. It sends back the results, anonymised, to the person in charge of the team.

Schedules and Boundaries

While working remotely, routines and disciplined schedules are important.

Starting at the same time, having lunch and small breaks at consistent times, and, most importantly, finishing at the same time. Since your work space is your home space, it’s easy to fall in the trap of working non-stop.

Or letting yourself procrastinate and then having to work late hours to finish your tasks. A disciplined schedule let’s you go all in on work during “work time” and relax during leisure time, without the guilt of thinking “I have stuff to do, I should be working”. There will always be more things to do. Rest is important. Be mindful about it.

This also means respecting each other’s boundaries. We only use Whatsapp for emergencies or urgencies. Meeting calls end at the time they were programmed to end and we try to keep meetings as short (and rare) as possible, without going on tangents.

Async

Working in an asynchronous manner has several benefits. First of all, it becomes easier to filter out what is really urgent from what is not.

“Does this matter really require a Slack or can it wait for tomorrow’s stand-up? Do we really need this meeting after I’ve documented my thoughts and given everyone the opportunity to comment on it?” 

Since your colleagues are not a “tap on the shoulder” away, people become better at planning. Work flows become better aligned and communication is more thoughtful. This leads to less stress and less fires to put out. Also, it allows people to work in the time period they feel more productive on. If you’re a night owl, great! You do you.

Especially during this period, take into consideration that parents with younger kids will have to spend a considerable amount of time helping them with their remote classes during the day. Asynchronous work may be a necessity. Be flexible with them!


We hope these 5 tips can help you have a productive remote work experience. They’re just guidelines, each team will probably have a different flow. Just find what works best for you 🙂

And remember, keep safe!


Wondering what SSI is? We published an Ultimate Beginners guide to Self-Sovereign Identity.

We just launched Ana, a digital identity management platform that allows organisations to issue tamper-proof digital credentials which are verifiable anywhere, at any time.

Interview with Joni Brennan (President of the Digital ID & Authentication Council of Canada – DIACC)

Why should a member of the government care about digital identity? The Digital ID & Authentication Council of Canada (DIACC) has identified at least $15 billion (CAD) of potential benefits for the Canadian economy in result of improvements in the digital identity infrastructure. 

A “conservative estimate” considering $300 billion CAD worth of transactions are done on Canada’s payment network. That’s according to Joni Brennan, President of the DIACC, and whose career has been focused on Identity and Access Management innovation and digital identity standards development.

The problem is that “digital identity was not built for the digital economy” (1). It currently costs organisations $236 per user to solve password reset related issues. Users spend up to 600 hours recovering from identity theft and a company whose data is breached incurs in losses of 5.68 million dollars.

Joni believes solving the problems of digital identity requires a “paradigm shift that no single organisation can achieve alone” (2). Governments and industries have to work together.

According to Joni, the solution has to:

– be economically focused;

– designed with the user’s needs at the centre 

– deliver efficiencies in governments and businesses; 

– reduce fraud;

– increase trust for the consumers and citizens that use it.

To her, that’s what a successful digital identity solution will look like.

In Canada, the idea of one single digital identity is not acceptable. Legal identity stems from 14 different places in the country. Identity is rooted to each of the different provinces where a citizen is born. For immigrants and refugees, legal identity is rooted in the Federal Government. However, the Federal Government is not the central authority for identity in Canada. All the different provinces feed identity into it. This involves and requires a lot of different digital relationships between individuals, individuals and organisations, organisations and organisations and all the devices they interact with.

What the DIACC is working on is a framework of industry standards and practices to enable “interoperable networks that will have verifiable data requesters ask for particular attributes to be verified and attribute verifiers to provide that verification” (3)

Canadian companies claim they waste more than $10 billion every year on unnecessary bureaucracy (4). Each Canadian business owner has to use three different tax numbers and navigate three different levels of governmental bureaucracy: local, provincial and federal.

This interoperable framework – The Pan-Canadian Trust Framework – could enable citizens to start businesses and not deal with so much bureaucracy and have trustworthy transactions online. 

As an example, one trusted organisation in the value chain (such as the Provincial Government) could issue a digital verifiable credential to the business owner, and the other organisation (such as the federal government or a financial institution) can verify that credential and trust the attestation made by the first organisation.

“Governments create data about us that we should be able to use in the economy and in the ecosystem. Just the same as banks and telcos also create and manage data about us. We need to have access to that data and we need to get it into an ecosystem that we can use securely, simply and with privacy by design (…) This is not only login. This is a new data strategy for Canada.” (5)

We had the chance to ask Joni a few questions:

What are your responsibilities and goals as President of the Digital ID and Authentication Council of Canada?

As President of the DIACC, I work alongside our inspiring members and Board of Directors – leaders from the public and private sectors in Canada, which include banks, as well as government and provincial representatives. I maintain a keen awareness of what is happening in the space within Canada as well as abroad, and participate in various international events (which there are no shortage of)! 

At the DIACC, our goal is to deliver a framework for Canada that supports our vision of an identity ecosystem that: is inclusive and interoperable across the country, supports Canada’s full and beneficial participation in the global Digital Economy, and provides Canadians with choice, control, and convenience. 

While DIACC benefits from a diverse and engaged group of contributors at the table, we are seeking to harness innovation and leadership across the country and around the world to position Canada as a world-class leader on digital identity. 

What needs to be true to “establish a digital identity ecosystem that accelerates the digital economy, grows Canada’s GDP and benefits all Canadians”?

It is crucial to prioritize privacy, security, user-centred design, and convenience of use. This is the approach that DIACC members take, and this shared approach guides us forward. 

While the implementation of solutions may vary, it’s crucial that a unified approach to digital identity interoperability is taken. We firmly believe that collaboration is key. If the public and private sectors do not work together and have diverse industry stakeholders involved, systems will be developed in silos, which may not benefit all parties and may actually exclude some parties from accessing benefits. 

What is the biggest myth or misconception about Digital Identity?

I think the biggest myth is that identity is only about the individual. Yes, the individual should be at the centre of every approach, yet the entire economy is impacted – as identity is key to delivering services for financial services, small and medium enterprises, and government. Identity must not only verify people, but also organizations. And of course, this verification must be done with an individual’s consent. People, businesses, and governments – all have the opportunity to benefit from identity solutions and services interoperability. 

In the field of Digital Identity, what is the question that people should be asking more but aren’t?

How can I get involved? 

People may think that solving for digital identity is solely the work of their governments and business leaders, but I encourage everyone to educate themselves, be curious, and contribute to the discussion. Successes and failures to accelerate secure, private, and convenient digital identity impacts the whole of our society. 

At DIACC, we’re passionate about working in the open, and that’s why our collaborative work to deliver the Pan-Canadian Trust Framework is open and available for anyone to comment and contribute. The Pan-Canadian Trust Framework drafts can be located here https://diacc.ca/pan-canadian-trust-framework/

Please get involved and share your perspectives to advance a framework for identity that will work for everyone. 

Specific roadblocks other people in this space should look out for?

Lack of education and awareness are challenges. Successfully convincing someone of the merits of digital ID is a challenge, and in order to get others on board, the education piece is critical. 

Other roadblocks include: a lack of action or a clear strategy, and digital identity solutions that benefit some, but not all.  

Finally, it’s important to have an open dialogue regarding classifications and types of data.  Canadians need to know what data exists about them and businesses and governments need rules and tools to guide access and verification of that data – with the consent, choice, and control of individuals. While we are working to solve digital identity challenges, it’s important to consider the ability to verify data as necessary for various kinds of transactions. 

If you had the chance to write something on all the boards in all the classrooms in the world, what would it be?

Stay curious and engaged! Learning is a lifelong process and the path to changing the world by advancing identity that works for – and respects – everyone is often a marathon and not a sprint. 

What are the next steps for the Pan-Canadian Trust Framework? And how is the DIAAC accelerating “interoperability by securing adoption of the Pan-Canadian Trust Framework”?

The components of the Pan-Canadian Trust Framework (PCTF) undergo various review cycles, soliciting input from those from the public and private sectors, as well as international experts, liaisons and the general public. After each review cycle ends and comments are collected, our community editing team incorporates all comments, and each draft’s content clarified and refined. 

The PCTF unlocks public and private sector identity capabilities, by harnessing the power and expertise that comes from both sectors. By taking an open and transparent approach, the DIACC is ensuring that all voices are accounted for. 

As for next steps for the framework, various initiatives are underway for the first half of 2020, including a glossary of key terminology, as well as an assessment and infrastructure component.  

Our members and collaborators are working hard to deliver the Pan-Canadian Trust Framework minimum viable product 1.0 this year! 

What are your hopes for the future of Digital Identity?

I would like to see greater collaboration between governments and the private sector to look at identity through the lenses of prosperity and economic growth. A true test of the value of the PCTF will be its broad adoption, and we believe that the best way to ensure PCTF adoption is to work with a diverse community of collaborators ensure that the PCTF is developed and maintained to represent stakeholder needs. On the economic front, we believe that, with public and private sector collaboration, the potential value of trusted digital identity to the Canadian economy is at least 1% of GDP, or CAD 15 billion. That growth could in fact be much higher when realized across the whole of the economy. 

What are the books you have recommended most to others?

Much of my identity practice related reading comes from peer organizations or from DIACC members in the form of research and white papers. There are simply too many to list here. 

Regarding non-identity specific reading, I’ve been reading and listening to audio books including:

  • – Deep Work by Cal Newport
  • – Digital Minimization by Cal Newport
  • – Harvard Business Review – On Managing People
  • – Harvard Business Review – On Managing Yourself
  • – The Artist’s Way – Julia Cameron
  • – And… the manual for my MOOG synthesizer which is quite a complex and enjoyable stress relieving machine

We, at Tykn, would like to thank Joni Brennan for her time and for sharing her ideas and knowledge with us. Thank you, Joni! Be sure to follow her on Twitter.

Tykn is a digital identity company. We just launched Ana, a digital identity management platform that allows organisations to issue tamper-proof digital credentials which are verifiable anywhere, at any time.

If you’re keen on reading more we suggest you check out our Blog. There are interviews with Daniel Hardman, Elizabeth M. Renieris, Kim Hamilton Duffy and many more. There’s also our Definitive Guide to Identity Management with Blockchain and the Ultimate Beginners Guide to Self-Sovereign Identity.

How To Find Private Keys in Hyperledger Indy

After this post you’ll know how to find the private keys inside Hyperledger Indy. A problem our Tech Lead, Eduardo Elias, was facing and could not find the solution for online.

The value in private keys

In Hyperledger Indy, as in all most common blockchains, people have their private keys inside their wallets. The difference is that, in Indy, they do not have access to them, at all.

We believe the value in every blockchain is in holding the private keys.

It’s important to note that a private key can be used for multiple cryptography purposes. The same private key that generates my identity for Indy (for SSI, for Sovrin) can be used, for example, for a GPG signature for Github. It could be the same key that can be used for Ethereum or Bitcoin to generate an address.

If the technical infrastructure where you are trying to use your keys accepts the same type of encryption – like Elliptic Curve Cryptography – you could use your Hyperledger Indy private keys there. Structures like HTTPS, Ethereum, Sovrin or Corda, for example, all accept this encryption. Right now it’s not possible to use those Hyperledger Indy’s private keys to establish connections with other parties of a user’s choice. 

No access to private keys in Hyperledger Indy

We were trying to post transactions directly to a Sovrin node without the Indy-SDK. To do that we need to encrypt the data. To encrypt the data we need the private keys. But, through Indy-SDK’s Wallet implementation and its CLI tool, there is no method to retrieve the private keys from inside the wallet.

When we open the Indy-SDK code and find the wallet specific code there is a method to list all the credentials stored. But it only shows the public keys. Not the private ones. 

We’ve been to Hyperledger’s Rocketchat and we haven’t found an answer on how to access those private keys.

So we had to change the method.

How to find the private keys in Hyperledger Indy

Eduardo, our Tech Lead, had to change Indy-SDK’s code. He forked the project on Github, created a branch on his fork and then asked for a Pull Request with that change. 

The Pull Request was never merged, it’s just a way to show what part of the code Eduardo changed:

Github

Using this method, Eduardo was able to access private keys in Hyperledger Indy.

This small change on the code enabled the private keys to be shown on a “hacky” stdout call. The code above is a preparation to enable the command that lists credentials to show the private keys in a formatted way.


Tykn is a digital identity company.

We just launched Ana, a digital identity management platform that allows organisations to issue tamper-proof digital credentials which are verifiable anywhere, at any time. If you’re keen on reading more we suggest you check out our Definitive Guide to Identity Management with Blockchain and the Ultimate Guide to Self-Sovereign Identity.

Ransomware Attack – How to Prevent

There has been an increase in ransomware attacks here in The Netherlands, mainly targeting SME and Startups. Our Tech Lead, Eduardo Elias Saleh, kindly wrote an internal memo detailing how we should prevent and protect ourselves from a ransomware attack.

“Security is not something we do once, it’s a culture.” – Eduardo

We thought that these tips could provide value to many more so we decided to share what Eduardo wrote. Here are some actions we need to take to avoid being victims of an attack:

Ransomware Attack: Definition

Ransomware is a type of a attack, a malware, where an hacker blocks a user’s access to their data, encrypting it and requesting a ransom for it to be unlocked and decrypted.

Never open unwanted attachments

Even when coming from a known person, avoid opening attachments that you don’t explicitly asked for. Known people contaminated by the virus can spread it and most of the times the emails are quite compelling. 

Backup everything

Not only because of the virus but because HDs (even SSDs) fail. Keep at least two up-to-date copies of the important documents you have in your possession in external drives.

Don’t download/execute apps you don’t know

Pirated, unofficial and non-commercial software can carry trojans. Only use/download/execute software that came from known reliable sources.

Q: “What should I do if I suffer a ransomware attack?”

This is a very complex answer. If you don’t have a backup of your data, either you pay or it’s gone.

The “politically correct” answer is: don’t pay, call the police and pray. But there’s nothing the police can do. It’s highly improbable they find the culprit and, even if they do, they won’t find the keys that encrypted your disk.

The only solution is to prevent and have a backup or pay. Otherwise, you just have to accept it’s all gone and move one.

Additional Security Measures

Strong password login: Only you should be able to have access to the data in your HD. In case someone gets physical access to it, it shouldn’t be easy to access the data.

Encrypt your storage: Doesn’t really matter if you have a login and password but your HD is not encrypted. If someone steals your machine and your HD is not encrypted they can remove the HD and grab the data from another computer.


You can chat with Eduardo in his linkedin.

Tykn is a digital identity company. We just launched Ana, a digital identity management platform that allows organisations to issue tamper-proof digital credentials which are verifiable anywhere, at any time. If you’re keen on reading more we suggest you check out our Definitive Guide to Identity Management with Blockchain and the Ultimate Beginners Guide to Self-Sovereign Identity.

Interview with Darrell O’Donnell (Founder at Continuum Loop, CTO at CULedger)

What happens when an organization does not own my identity anymore? This is a question that Darrell O’Donnell –  founder at Continuum Loop Inc., currently CTO at CULedger, investor and advisor at several companies (including Tykn) – has been answering with his work in the Digital Identity space.

According to Darrell, holding a digital identity database inside an organization is a liability. It’s a huge expense in data management – unless you are Google or Facebook and have a financial incentive to host such a database – and the liability of having an “honey pot” of personal data that could be leaked, hacked or breached is tremendous. As seen, for example, with the Equifax case in which the personal information of 147 million people was exposed.

Self-Sovereign Identity – a model of identity management where users own and hold their own data – avoids the “honey pot” issue. There is no centralized database of identity to be breached. This is achieved through the use of blockchain technology. 

Through the infrastructure of a blockchain, the verifying parties can immediately verify data that is shared. They do this by using data anchored in a blockchain to check the validity of the attestation and attesting party (such as the government) from which they can determine whether to validate the proof.

For example, when an identity owner presents a proof of their date-of-birth, rather than actually checking the truth of the date of birth itself, the verifying party will validate the government’s signature who issued and attested to this credential to then decide whether he trusts the government’s assessment about the accuracy of the data.

Leveraging blockchain technology establishes trust between the parties and guarantees the authenticity of the data and attestations, without actually storing any personal data on the blockchain.

“The solutions that resonate well with blockchain are in areas where there is no one truly in charge. In digital identity there is no one truly in charge. There are different players. Companies, governments, individuals. But their job is not to own the whole problem. When someone owns the whole problem there is no need for a blockchain. All it is is a slow database. But in situations where there is no central point of control, and there shouldn’t be a central point of control, then blockchain is ideal.” (Source)

If you’re an organization looking into Self-Sovereign Identity solutions, Darrell believes two important questions should be asked to every vendor:

– What can you tell me about how your Self-Sovereign Identity system is governed?

– What happens to my Self-Sovereign Identity if your company disappears?

These questions let you know if the system is using Self-Sovereign Identity or if it’s just a “polished version” of the old thing.

Be aware of these red flags in the answers: If there is no governance or governance is automated “in the code”, Darrell thinks you’re in for a “world of hurt”. Governance is such a complex matter that it is not yet possible to have it automated. Heavy governance is just as bad. “Identity requires some light human governance” (source). Also, if a digital identity depends on a vendor and it’s useless if the company disappears then it is not self-sovereign. “It’s just relatively open”. The user must own his identity.

“In 10 years nobody will care that the advent of self-sovereign identity created a seismic shift in both technology and the balance of power. What they will care about is that their lives have been improved. They won’t talk about privacy, security, and other things that we talk about.

And somebody, in 10 years, is going to say “Really? You let a big company control your identity and monitor everything you did? Why would you do that?”.” (Source)

We had the chance to ask Darrell a few questions:

What is the biggest myth or misconception about Digital Identity or SSI?

That regular people care about it – they don’t. The Identerati see how it solves problems but the preaching doesn’t help. The key message that needs to be heard is that it helps us act like we do in our non-digital lives – naturally establishing relationships with reasonable privacy. Under the hood it certainly is a better solution – but no ordinary person ever said (or thought) “geez I need a better digital identity.”

Specific roadblocks other people in your space should look out for?

Similar to the earlier question, we expose far too much complexity, which makes decentralized identity/SSI unapproachable for most. Please don’t misunderstand me – I know that the digital identity space is incredibly detailed and there are important distinctions. My point is that if your business isn’t helping make the key decisions for your customers you’re not adding value. One of the changes that I made at CULedger, for example, was to take a multi-week effort down to a few hours for a developer. Our API has 2 main calls. That’s it. That’s all that is needed to get started. If you can get a developer productive with a couple of hours of work they will invest more time to go deeper. If the learning curve is measured in weeks or months you will only attract a miniscule audience. 

If you had the chance to write something on all the boards in all the classrooms in the world, what would it be?

Learn how to learn. Your teacher is probably teaching you how to memorize…

In many many years, looking back to your life, what would make you feel you accomplished your mission?

I would like to think that there are people out there that have made more impact because of some small thing that I helped them with. Seeing a major shift to an internet that can be trusted more would be fantastic. Lately I have been looking at ways that I may be able to help out with a big impact with the climate emergency. I started my career in environmental engineering but was pulled into software – the landfill and wastewater treatment work wasn’t what I wanted. 

What books greatly influenced you and why?

As a founder of multiple companies, The Hard Thing About Hard Things (Ben Horowitz) had a huge impact. Knowing that CEOs around the world are dealing with the same thing was incredibly impactful. CEOs have huge responsibility and they are alone – knowing, strangely, that there are others going through what feels like hell often was oddly comforting.

I keep returning to Abundance (Peter Diamandis) as a recommendation for the folks that I advise as well. It explains that the world is changing faster and faster because of the convergence of many things. We have a lot of hard work ahead of us to correct some extreme problems (climate) but there is hope. 

Do you have a favourite victory or failure of yours?

I had a company that we had to wind up over a weekend. A key client (too many eggs in one basket) flipped a curveball at us and forced us to shut down. It was horrible. I had to lay off all of my team. Every one of them landed jobs within a couple of weeks with substantial raises. But every one of my direct reports told me over the next year that their time with me was by far the best thing that had ever happened in their career. It was hard to recover but awesome to see the impact. Years later I kept wondering if I should have left that business earlier but I know now that it happened at the right time. The lessons learned in that pressure cooker-style environment gave me a lot of tools that I didn’t realize were important for others.

In your field, or in life, what is the question that people should be asking more and they aren’t?

I’ll steal this one from Tim Ferriss – “what would this look like if it were easy?”

Bonus Question: Pineapple on pizza. Yes or no?

Good god no. 


We, at Tykn, would like to thank Darrell O’Donnell for his time and for sharing his ideas and knowledge with us (not only in this interview but also as our advisor!). Thank you, Darrell! Be sure to follow his Twitter.

Tykn is a digital identity company.

We just launched Ana, a digital identity management platform that allows organisations to issue tamper-proof digital credentials which are verifiable anywhere, at any time. If you’re keen on reading more we suggest you check out our Blog. There are interviews with Daniel Hardman, Elizabeth M. Renieris, Kim Hamilton Duffy and many more. There’s also our Definitive Guide to Identity Management with Blockchain and the Ultimate Beginners Guide to Self-Sovereign Identity.

Tykn’s 2019: Year In Review

2019 was a great and intense year for us. Here’s a highlight of our favourite moments.

Seed Investment

We were extremely happy to announce that we received an investment of 1.2 million euros from Dutch IT entrepreneur Johan Mastenbroek. With him on board, Tykn gained not only a financial partner but also an experienced business mentor.

In Johan Mastenbroek‘s own words: “I strongly believe in the principles and ideas of Tykn. They work together with international organisations, with whom they can provide a solution to a global problem and create a future of opportunities instead of a future of problems.”

121

One of our main focuses throughout 2018 and 2019 was 121. A source of great pride for us.

In February it was finally announced: In October and December 2018, Dorcas led the 121 Direct Cash Aid on Blockchain Pilot in Ukraine with Tykn’s Digital Identity backend & 510 Data Team of The Netherlands Red Cross‘ frontend & system.

The Chivas Venture

Tykn placed Top 5 in the world, over a 1000 companies, in The Chivas Venture Global Competition. Winning us $50,000, exposure, and equally important: the recognition of the urgency to tackle the United Nations Sustainable Development Goals 16.9.

Tykn digital identity management

The jury was composed of Zoe Saldana (actress, entrepreneur and philanthropist), Alexandre Ricard (Chairman and CEO of Pernod Ricard), Cemal Ezel (founder of Change Please) and Sonal Shah (economist and founding Executive Director of the Beeck Center for Social Impact + Innovation at Georgetown University).

It was a thrill standing on The Next Web‘s stage and presenting our solution to this jury and thousands of people.

Turkey

We spent some emotional weeks in the SDG Impact Accelerator (SDGia). The first of its kind in Turkey to address the issues of the refugee crisis. Turkey houses approx. 3.6 million refugees and spends nearly 37 billion dollars on it.

tykn digital identity refugees

We have had the opportunity to engage directly with refugees and organisations such as the United Nations Development Programme – UNDP, UNHCR, the UN Refugee Agency, International Labour Organization, Food and Agriculture Organization of the United Nations (FAO), IMO – UN Migration, Turkey Red Crescent, Republic of Turkey’s Ministry of Foreign Affairs, Internal Affairs, Agriculture and the Directorate General of Migration Management.

Putting ourselves in the shoes of people affected by displacement and ID-related problems is key in our journey to craft a solution inclusive for all.

One of the challenges presented by the Accelerator was on how to provide refugees with livelihood opportunities through digital ID solutions.

Tykn’s participation in this challenge became part of an ongoing dialogue with stakeholders all over the country. Where we have become actively involved in designing, testing and implementing digital identity solutions over the next few years that can serve the refugee population in Turkey.

tykn digital identity refugees

This accelerator was led by the Turkish Ministry of Foreign Affairs and the United Nations Development Programme. Supported by the Bill and Melinda Gates Foundation, Eczacıbaşı Holding, Limak Holding and the World Food Programme – WFP.

It was great to have been part of it!

New Office and Brand Identity

We started the year moving offices to The Hague, the city of peace and justice. It made sense not only because of the symbolic value of The Hague but also because of the strong NGO and social impact startup ecosystem. We became proud members of ImpactCity, a community of companies focused on doing business and doing good.

Our office-warming party was also the perfect opportunity to launch our new brand identity. One that reflected the humanity in our vision and mission. That accurately portrayed why we are doing what we are doing and showed that we are more than a tech company.

2020

Our work is far from done though. We have been working hard behind the scenes to launch our digital identity platform in 2020: Ana, making the refugee integration journey easy and safe. Creating a future of opportunity. Because people matter.

We hope you have a great 2020!

Team Tykn


Feel like reading more? Check out our Ultimate Beginners Guide to Self-Sovereign Identity and the Definitive Guide to Identity Management with Blockchain.

Interview with Daniel Hardman (Chief Architect at Evernym and Technical Ambassador at Hyperledger)

Photo: Hyperledger Global Forum

Daniel Hardman is one of those inevitable names that come up whenever Self-Sovereign Identity is mentioned. He is the Chief Architect at Evernym, one of the world’s leading companies in Digital Identity

Evernym was the catalyst behind the creation of Sovrin, a Self-Sovereign Identity network based on a public permissioned blockchain. The Sovrin Network is run by a Federation of Stewards who are responsible for validating identity transactions to ensure consistency about what is written on the ledger and in what order. We are proudly one of those Stewards who are allowed to run a validator node. Along with IBM, Cisco, T-labs and 68 others (with the aim of having up to 300 Stewards within the network in the long run for optimal decentralised governance).

In an identity management scenario, a blockchain, like Sovrin, enables everyone in the network to have the same source of truth about which credentials are valid and who attested to the validity of the data inside the credential, without necessarily revealing the actual data. This brings privacy and security to Digital Identity as each person holds their identity credentials in their own devices and controls the digital relationships those credentials are used in and for. The user decides who gets to “see” them and how much of them they get to “see”.

But if one stores their digital identity credentials on a digital identity wallet on his devices (like a mobile phone), it begs the question: what if my phone is lost or stolen?

To answer this question we always draw from Daniel Hardman’s excellent paper.

According to him there are two steps to be taken

The first one is to revoke the device’s authorization to use credentials. Digital Identity credentials are only valid if used from a device that was authorized to do so. If a user’s phone is lost or stolen, that user could use another authorized device, like his laptop, to write on the blockchain that his mobile phone’s authorization is now revoked. 

This would take immediate effect and stop anyone from using the digital identity credentials on the phone. The thief would not be able to impersonate the user even if he has her passwords, biometrics or phone because the blockchain, immutable and secure, would contain a revocation registry for the phone.

Revocation of the device’s authorization impedes the thief to impersonate the user to create new relationships. The second step impedes the thief to explore the existing relationships between the device and other people or organisations. The second step thus is to revoke the existing relationship keys (pairwise connections where each of them has a unique key).

These two steps stop an identity thief to use digital identity credentials to access new services or explore relationships with existing ones. While conveniently letting the user still use his credentials on another device.

We had a chance to ask Daniel a few questions:

What are, in your opinion, the riskiest assumptions when writing an Software Development Kit?

SDKs have a very broad set of uses. It’s easy to assume that everyone using the SDK will be doing mobile, or servers. It’s much harder to build an SDK that also works for embedded or for SaaS. So I think platform assumptions are one of the most risky areas.

Another risky area is the threading model. Some people will want something simple. Others will want something that is very scalable or performant. It is hard to do both–so assumptions about this area are risky.

For you, what are the most promising SSI projects or repos?

I think hyperledger/aries-rfcs is super important. Also the peer did spec at openssi/peer-did-method-spec. And hyperledger/aries-cloudagent-python, hyperledger/aries-framework-dotnet, hyperledger/aries-framework-go, hyperledger/aries-protocol-test-suite.

What do you believe are the bottlenecks for the cross-ledger SSI? How soon can we see cross-ledger credentials exchanges?

I think the number one bottleneck right now is not related that strongly to ledgers, but rather to credential format. There are 3 credential formats that are in harmony with the VC spec, that are not mutually interoperable. Until we solve that problem, cross-ledger SSI will probably not happen.

I predict that this problem to be solved in the next 1-2 years, with Sovrin announcing support for other ledgers and other credential formats. That’s because it’s going to be easier for Sovrin to support the simple crypto of the other formats, than for the other formats to upgrade their crypto to support Sovrin-style credentials.

What are the upsides of using Zero MQ over a common HTTP Rest connection?

ZMQ trust is not based on certificates, but rather on possession of keys. We need these keys anyway, so the transactions from individual validators can be signed and verified by one another. So, ZMQ allows us to secure the conversation using keys we already had. If we were using HTTP/Rest, we would still have those keys and would still need to sign things, but then we would redundantly be encrypting. We would also have to make sure every validator node accepted the certificates from every other validator node, and certificate expiration would be a constant headache.

How hard would it be to replace the current Transport Layer Security architecture with SSI?

Very hard. I don’t expect this to happen any time in the next 5 years. It may never happen. TLS is good for trust between computers, not between humans–but since we will always need trust between computers, it may be here to stay…

Why was Rust chosen to write Indy-SDK?

We needed a language that could cross-compile for many different platforms, and that produced a C-callable API so lots of other languages could benefit from the artifacts it builds; if we didn’t have that, we’d have to write the same low-level crypto and wallet operations multiple times. Rust, Go, and C++ were the only serious candidates, and Rust had the nicest compiler options for cross-platform. Go’s C-callable support is harder to adapt when you are using Go routines. Rust is growing and is very popular with its developers.

Specific roadblocks other people in this space should look out for?

The biggest roadblock right now is the learning curve. The mental model is different from that of familiar web programming in important ways, and understanding how and why is hard.

I am encouraged because we now have agent frameworks that are becoming available, that allow a developer to be productive without knowing so many of the low-level details. This should help a lot with this challenge.

What are the books you have recommended most to others?

Two that have been relevant to me in recent years are Refactoring, by Kent Beck and Martin Fowler, and Working Effectively with Legacy Code, by Michael Feathers.


We, at Tykn, would like to thank Daniel Hardman for his time and for sharing his ideas and knowledge with us. Thank you, Daniel! Be sure to follow his Twitter.

Tykn is a digital identity company. We just launched Ana, a digital identity management platform that allows organisations to issue tamper-proof digital credentials which are verifiable anywhere, at any time. If you’re keen on reading more we suggest you check out our Blog. There are interviews with Darrell O’Donnell, Elizabeth M. Renieris, Kim Hamilton Duffy and many more. There’s also our Definitive Guide to Identity Management with Blockchain and the Ultimate Beginners Guide to Self-Sovereign Identity.