[noddy1]

Im a "blockchain-for-x" skeptic, but I disagree with this article.

A timestamped, immutable blockchain would be useful for reviewing credentials from 3rd world countries where qualifications/experience/government certification are all able to be bought. It wouldn't solve fraud, but it would make it a lot harder to suddenly decide to fake a whole lot of credentials, and would make it more obvious that a particular organization is corrupt and therefore would incentivize not being corrupt.

The central question for whether blockchains are indicated for a particular use case continues to be "does this require immutability, regulation resistance, or cooperation across various regimes that don't trust each other".

An example of useful blockchain identity would be in refugee verification/processing: - people in 3rd world countries scan a fingerprint and hash an encrypted version on the blockchain when young - annually update information about themselves onto the blockchain including info about families - 10 years down the line they have an excellent record of who they are, who their family is, what their situation is, and they become far more credible when it comes to identity verification that relying on documentation from a long-toppled government

[xdeqx366]

You're basically specifiying PKI, not anything to do with Blockchain.

If you truly want the timestamps to "lock in" the time of a transaction without trusting either party, a hash-commitment could be used, akin to https://opentimestamps.org/.

[subway]

A blockchain seems like a very reasonable way to provide a distributed immutable log of actions that take place within a PKI infrastructure. It even adds the ability for 3rd party auditors to participate in the system in a real-time manner.

You might even extend it, so that instead of it being PKI with a blockchain transport, to something more akin to Kerberos with a blockchain transport -- every attempt, successful or not, to access a resource could be immutably logged, and access could be granted by the targeted resource only once the authorization message has been committed to the blockchain (and therefore approved by auditors)

[captn3m0]

Cert Transparency is an effort on that front: https://www.certificate-transparency.org/faq, and it works without a blockchain.

[subway]

Cert Transparency depends on our benevolent lord Google to maintain the integrity of the log. Using a blockchain pushes that trust model out such that it's distributed across multiple actors.

There's nothing wrong with CT -- it's a great step in the right direction. There's also nothing wrong with exploring distributed immutable logging.

[zeroxfe]

A blockchain adds trustless governance rules and a verifiable audit trail to using just PKI alone. These are hugely valuable features of an identity management systems.

[noddy1]

A blockchain could improve on this because it leaves some trail linking actions of individuals as well as authorities together.

For instance, you can make a timestamped scan of a university degree to prove it existed on some date. However, a blockchain would allow the university itself to sign the fact that it gave the person the degree at that time. It would also show how many degrees of that sort the university are giving out, so that if they start giving them to everyone that would be noticed. It would also show that the given person only got that 1 degree at that time, and it would be hard for them to then make up a bunch of other stuff. None of these are possible with simple timestamping.

[chitta]

Is there a preference for the term ‘third-world’ to ‘developing nation’

[noddy1]

:shrug: don't care

[s17n]

"Developing" (or less euphemistically, "poor") is better because "3rd world" has specific cold-war related connotations that are less and less relevant as time goes on - eg, a poor former soviet bloc country wouldn't be "3rd world" as some people understand the term.

[jjawssd]

> scan a fingerprint (to establish identity)

> annually update information about themselves onto the blockchain (how?)

What could possibly go wrong? Fingerprints alone should not be used as a key.

[yyyyip]

I don't mean using the fingerprint as a key.

I mean that if you can produce a fingerprint image corresponding to a blockchain hash and it matches your fingerprint 20 years later, and this is linked to 20 years worth of blockchain recorded credential information, I would find that very compelling evidence that you are who you say you are.

[dane-pgp]

This idea of having 20 years of linked entries in an append-only distributed log is very powerful, and is the basis for the "idchains" system discussed here:

https://www.youtube.com/watch?v=xZC98s4paYY

It controversially opts to use faces rather than fingerprints, but faces are easier for humans to verify, especially without special hardware.

I don't think the video describes a complete system, but the idea has merit and I wish it had been developed more.

[somenewacc]

Fingerprints change (sometimes radically). Relying on them may make you unable to prove you're yourself.

[jjawssd]

What you described is identical to a key