Evaluate Digital Identity Services using Blockchain Technology
Abstract
With the explosion in popularity of cryptocurrencies, Bitcoin for example, Blockchain has jumped to the forefront of Computer Science research. With this new technology, now digital identity has a path. As blockchain is meant to solve the following problems: security, privacy, and centralization; an incredible amount of blockchains and decentralized applications (DApps) have been created. Some of these can be applied to the digital identity use case.
With a huge amount of options, it is hard to make a decision, both for the user and for the institution that will implement that service. We focused in analyzing what is the best service from the point of view of an institution. It is important to create a guideline that can help institutions to know what mechanisms of identity management they should implement in their business. In order to assess the different options, we used a multi-criteria decision analysis (MCDA) approach based on the MACBETH method. MACBETH permits the evaluation of options against multiple criteria.
Keywords: Blockchain, cryptocurrencies, self-sovereign identity, MCDA, MACBETH.
1. Introduction
Since the beginning of the Internet, anonymity is a problem that has never been solved. With the advent of Blockchains, and their capabilities that allow identity etc. The possibility of validating your own identity online creates an all-new world of possibilities. There are two main reasons that drive companies to implement mechanisms to accept digital identities, it reduces time and costs.
The idea of having a digital identity is that a person doesn’t need physical cards, citizen card, for example, to prove his identity. It can be stored digitally and certified by the same entities that emitted the physical cards, making it completely legit.
Blockchain, not only provides a way to have a digital identity but also paves a way towards a self-sovereign identity (SSI). A digital identity can be divided into four major phases of evolution: centralized, federated, user-centric and self-sovereign. They are explained in detail in Section 3. Today, most digital identities are centralized and federated. They centralize the power to grant and deny an identity in big organizations or companies. Facebook, Amazon, and Google are three great example. They have complete access to the personal information of their users. They sell it and make profits out of it.
In both user-centric and self-sovereign identity, the user’s identity data is in the user’s domain. The latest model, SSI, the user owns and controls his own data.
Blockchain is a great technology to solve this problem. With it, it is possible to achieve decentralization and have a network where institutions and users can interact with each other and request information on one another. Because it can be such a good solution to achieve a self-sovereign identity, there are at the moment more than 30 companies taking similar approaches. It’s possible to evaluate a digital identity service from two different points of view: from one side, we could analyze what are the benefits from the point of view of the user. On the other side, to decide what the benefits for an organization to accept that digital identity service. Therefore, this paper addresses the difficulties to evaluate and choose the service that fits best in the context of a banking institution.
To address this problem, a Multiple Criteria Decision Analysis (MCDA) approach is proposed. Based on MACBETH method we built a multi-criteria value model, to evaluate a Self-Sovereign Identity Service using Blockchain Technology.
For our demonstration, we choose the most suitable criteria for a banking institution.
2. Problem
This section presents the research problem and justifies the value of its solution.
Since the appearance of blockchain technology, its use to create identity applications has become more and more popular. At the moment there are more than thirty applications and services for very similar purposes. It’s important for an institution to know how many of those applications are trustworthy and can be integrated with their systems to facilitate implementing features such as logins and registrations. There isn’t yet, a proper form to evaluate these type of services.
The potential of blockchain technology is unquestionable, there is a huge amount of companies doing similar things, vying for mass adoption. Institutions can’t implement thirty different mechanisms of authentication.
TODO
3. Theoretical Background
This section covers the definition of the objectives of a solution of DSRM, in which we infer the goals of the solution from the problem definition and related work. We are going to start with an overview about Self-Sovereign Identity. Then, we are going to give an overview of the existing work comparing and analyzing some of the services. Afterwards, we are going to give a brief description about MCDA approaches. Finally, we are going to explain the objectives of the solution.
3.1 Self-Sovereign Identity
3.1.1 Evolution of digital identity
The idea of digital identity has been evolving over time. The evolution is characterized for four main phases [1].
Centralized Identity
Authorities always had the power to grant or deny an identity to a person or even worst, create false statements. With the appearance of the Internet, that wasn’t an exception. Centralized and powerful authorities became the issuers and authenticators of digital identity. This means that they are in control of the users’ identities, giving the power to those organizations and authorities.
Federated Identity
A Federated Identity was the next step in the digital identity evolution. The goal was to create a single digital identity that could be used across different websites. Two of the best examples of its success are Facebook and Google. Nowadays it possible to login in an incredible amount of websites using facebook and google’s personal information.
That was without question a big step forward in this evolution, but the major problem still remains: those companies are in the center of the federation making them in control of the users’ identity.
User-Centric Identity
TODO
Self-Sovereign Identity
TODO
3.2 Evaluation Models
TODO
3.3 Multiple Criteria Decision Analysis (MCDA)
TODO
4. Proposal
This section corresponds to the design and development phase of DSRM. in which the desired functionality of the artefact that aims to solve the problem is determined followed by its creation.
Taking into account the multiple criteria that must be considered when addressing the problem stated in Section 2, the proposal uses the MACBETH method to evaluate the options against those criteria.
The proposed method consists in five main steps:
Identify the problem. In the first step, the goal is to identify the problem. It is important that the decision maker has a clear idea of the problem, and the features that a service may and must have to solve it.
Identify the criteria. This step consists on identifying the criteria to evaluate the identity services. Here, a decision maker must create a criteria based on the problem identified in the first step. Although most of the services are similar to each other, they may have important details that can make the difference. Hence, a detailed criteria is essential to choose the most appropriate service. Each criterion should be associated with a (qualitative or quantitative) descriptor of performance, to measure the extent to which the criterion can be satisfied. Also, a criterion can exclude automatically a service from the avalliation if the criterion isn’t fulfilled. We created a template with a possible criteria presented in the next section. In any case, a DM may always select other evaluation criteria or descriptors of performance in order to meet specific organization’s needs.
Weight the criteria. In this step, a value function is built for each criterion from the preferences of the DM. For each criterion, two reference performance levels are defined (“neutral” and “good”). Then, using MACBETH semantic categories: very weak, weak, moderate, strong, very strong, or extreme, the DM judges the differences in attractiveness between each two levels of performance, choosing one or more of those categories. Finally, M-MACBETH, the decision support system, uses a linear programming problem to generate a numerical value scale, representative of the DM’s judgments.
Each criterion is also weighted according to ranks attributed by the DM. First, their neutral-good swings are ranked, then, just like happens with performance levels, the DM uses the MACBETH semantic categories to judge the difference in attractiveness between each two neutral-good swings, which M-MACBETH uses to create a weighing scale for all criteria. In the end, the DM can validate the proposed weights, adjusting them if necessary.
This is a step that needs a lot of human interaction, turning it both manual and automatic (supported by a calculating system). Contrary to the first step that can be totally automated using standard criteria and performance levels, this is a step that translates the company’s preferences, making human interaction a crucial element. By making their judgments, companies specify which criteria and performances best match their needs according to what was defined in the previous step.
Analyze their documentation and whitepaper. This step is crucial to make a good judgment of the service. It is important to read both the documentation and the whitepaper to understand what the service can and cannot do. This area is constantly improving but at the moment, there isn’t a single product that is completely ready, it is essential to see the roadmap and check if the team is developing on time and also, what features are already available to use. For example, a service can only do a secure authentication, however, the company needs a registration using KYC and that feature isn’t ready to use yet.
Analyze the results In this step the performances of the alternatives (factual data) are converted into value scores, using the value functions previously built for each criterion, and an overall value score is calculated for each alternative by weighted summation of its value scores. A final ranking of the alternatives is then achieved using their overall scores. Before giving a selection recommendation it is wise to perform sensitivity and robustness analyses, to know how sensitive or robust is the ranking obtained to “small” changes in the parameters of the model. The application of the proposal is shown in the next section, where we are going to present a stepwise view of the method in real case.
5. Demonstration
This section corresponds to the demonstration step of DSRM, in which we demonstrate that the proposal can be used to solve one or more instances of the problem.
The main objective of this proposal is constructing some mechanism that enables any organization the evaluation of identity management services. For the demonstration, we used a Portuguese bank called Banco de Investimento Global, BiG. They had doubts about what identity management service they should implement, which fits in the research problem. In this case, the DM is one of the administrators of the bank. From the thirty different services found, only five were worth to evaluate. Most of this companies are in a very early stage, they aren’t ready for production yet.
Identify the problem. In this first step, meetings with the bank’s DM were made to identify the problem. We came to the conclusion that the goal was to facilitate also to create an alternative to create a new bank account and to login into the bank’s dashboard.
Identify the criteria. After having a clear vision of the problem, the next step is to create or choose the criteria that feets the in the context of the problem. In our first approach we created our own criteria. We came to the conclusion that the criteria that we had created was too technical and wasn’t going to give the results that the DM pretended. We decided that it was better to use ISO 9126-1 standard [2] as criteria. ISO/IEC 9126 is an ISO standard for software product quality. It defines a set of parameters in order to standardize software quality assessment. It fits into the quality model of the 9000 family standards [3].
Criteria
Good
Neutral
Usability
Maintainability
Efficiency
Portability
Reliability
Functionality
Weight the criteria. During the second step we acted as a decision analyst guiding the decision process in order to help the DM. We used the M-MACBETH decision support system to display on the spot the model being developed.
The DM was asked to validate a neutral reference level on each criterion, which means to define a performance that would be neither positive nor negative in the linked objective, and a good reference level, which means a performance level considered significantly attractive in the light of the criterion.
TODO
Analyze their documentation and whitepaper. To test grade the different services based on the criteria, we tested and read the documentation and whitepapers of the different services.
(TABLE)
Analyze the results.
6. Evaluation
In this section, the adequacy of the artefact to a solution to the problem is observed and measured, corresponding to the evaluation step of DSRM. For that purpose, it was used the Moody and Shanks Quality Framework [4].
Proposing eight quality factors, the Moody and Shanks Quality Framework uses the perspective of stakeholders to evaluate and improve the quality of data models [4]. This framework was applied to the demonstration, using the DM’s answers for the eight quality factors. These were the results:
• Completeness: The proposal is complete since the used criteria contain all the DM’s requirements, and each DM can include or remove criteria and change their performance levels to customize the model to his/her needs.
• Simplicity: The proposal is simple since it is easy to follow and apply.
• Flexibility: The proposal is flexible since the DM adjust it to his/her organization’s strategies.
• Integration: The proposal helps organizations make the best decision, being consistent with the problem.
• Understandability: The proposal uses concepts of the ITIL language, which turns it easier to understand, but the DM lacks knowledge of the used decision analysis process. Guidance is needed to overcome this difficulty.
• Implementability: The proposal implementability is dependent on factors such as organization’s policies and laws. The company on which this proposal was demonstrated used this as a decision auxiliary tool,
• Correctness: According to DM’s intentions, the proposal is valid and correct.
• Integrity: The proposal combines interviews and observation with literature review to define criteria and their performance levels. This way, a basis composed by some constraints is introduced upon which the specific organization’s needs are taken into account to mitigate possible errors without losing flexibility
TODO
7. Conclusion
TODO
References
[1]http://www.lifewithalacrity.com/2016/04/the-path-to-self-soverereign-identity.html[2] Integrating fuzzy theory and hierarchy concepts to evaluate software quality.
[3] https://www.iso.org/standard/22749.html
[4] Moody, D.L., Shanks, G.G.: Improving the Quality of Data Models: Empirical Validation of a Quality Management Framework. Inf. Syst. 28, 619-650 (2003)