Study Guide for Identity System on Blockchain Platform
Key Glossary
Term DefinitionsAttestation Service: A service running on a server that associates a user's trusted identity data with their blockchain account. Blockchain: A distributed, decentralized database that records transaction data and is tamper-proof. Blockchain Account: An account created on a blockchain platform, consisting of a pair of public and private keys. Blockchain Platform: Provides infrastructure for creating and managing blockchain accounts and running decentralized applications, such as Ethereum. Identity Claim: An assertion of a user's identity information, such as the user's employer, gender, etc. Private Key: A key associated with a blockchain account, used to sign transactions, and only owned by the account owner. Public Key: A key associated with a blockchain account that can be made public and used to verify transaction signatures. Signed Message: A user cryptographically signs a message with their private key to prove their ownership of a blockchain account. Trusted Identity Provider: A trusted third party that stores and manages user identity data, such as Microsoft Azure Active Directory, LinkedIn, Facebook, etc. User Access Tokens are generated by trusted identity providers and grant third parties access to user identity data.
Short Answer Questions
Explain the anonymity of blockchain identities and the potential risks they present.
What role does the attestation service play in connecting trusted identity providers and blockchain platforms?
How does OAuth 2.0 play a role in verifying user access to trusted identity provider accounts?
How do users prove ownership of their blockchain accounts?
What use are identity claims in blockchain identity systems?
Describe how third-party blockchain applications can leverage attestation services to verify user identity claims.
Why do identity claims need to have expiration dates?
Explain how attestation services prevent a single trusted identity from being used to prove multiple blockchain identities?
Why is it unsafe to store a user's personal identity information directly on the blockchain?
How do attestation services support users disclosing different levels of identity information in different applications?
Short Answer Questions
The anonymity of blockchain identities means that there is no direct link between a user's real identity and their blockchain account. This anonymity presents some risks, such as Sybil attacks, where attackers can create a large number of fake accounts to manipulate decentralized applications.
The attestation service acts as a bridge between trusted identity providers and blockchain platforms. It is responsible for verifying the user's control of the trusted identity provider account and associating it with the user's blockchain account.
OAuth 2.0 is a secure authorization protocol that allows users to authorize an attestation service to access the data of their trusted identity provider account without sharing their password with the attestation service.
Users can prove their ownership of a blockchain account by signing a predefined message or code with their private key. The attestation service can verify the signature using the user's public key to confirm ownership.
Identity claims are used to assert identity information associated with a user's blockchain account. For example, an identity claim can prove the user's employer, gender, or other relevant information.
Third-party blockchain applications can send requests to the attestation service's smart contract to verify the user's identity claim. The attestation service will return the relevant identity claim based on its records, allowing the application to verify the user's identity.
Identity claims need to have an expiration date set because the user's identity information may change over time. The expiration date ensures that the identity claim remains up-to-date and reflects the user's current identity information.
The attestation service can prevent a single trusted identity from being used to prove multiple blockchain identities by hashing the user's unique identifier using a hash function. This ensures that each trusted identity is associated with only one blockchain identity.
It is unsafe to store a user's personally identifiable information directly on the blockchain because the data on the blockchain is public and cannot be tampered with. Anyone can access the data on the blockchain, which puts the user's privacy at risk.
The proof service can support users to disclose different levels of identity information in different applications by creating multiple blockchain accounts for users. Each account can be mapped to a different set of identity claims, allowing users to control the level of information disclosed to each application.