User trust is harder than ever to earn and even easier to lose. Data breaches are commonplace and user privacy is threatened as a result.
How can we put the ownership of users’ digital identities back in their own hands and reduce the risks businesses currently face from centrally managing identities and authentication?
In this post I will outline how we are addressing this problem for the enterprise by integrating our trustless authentication solution, NuLogin, with DAML, the smart contract language created by Digital Asset that will run on multiple blockchain platforms and cloud-native databases.
The “shared secret” problem
Authentication today is stuck in the “shared secret” paradigm: users are forced to share their authentication secrets (usually passwords, secret questions, and other information) with the services they use, and those services, in turn, take on the responsibility and liability of keeping those secrets safe. Unfortunately, because password databases are a prime target for cybercriminals, those secrets often don’t stay secret for long.
In addition, there is no way to ensure that security best practices are being implemented in the right way by these services. Nearly 40% of breaches compromise passwords, and over 80% of attacks involve the use of stolen or weak credentials.
This centralized model of password storage also leads to a frustratingly fragmented user experience. With their identities locked in proprietary silos, users end up with dozens of login credentials and tend to make things easier for themselves by choosing easy-to-remember (weak) passwords, or storing them in easy to reach locations such as text files.
Trustless authentication and decentralized identity
At NuID, we are working to solve the shared secret problem by giving enterprises a way to authenticate their users without having to store their passwords, but critically, in a way that places ownership of digital identities with users. Moreover, we want to provide the authentication foundation for a broader identity framework in which user consent and privacy are at the core of our digital economy.
The NuLogin authentication service leverages zero knowledge cryptography to enable users to prove they know their authentication secret (such as a password or a token unlocked by mobile biometrics) without ever sharing it with anyone. By removing the need for users to trust enterprises or any 3rd party to secure their credentials, this “trustless” authentication protocol allows us to break down the siloed identity model.
NuLogin takes advantage of distributed ledger technology (DLT) to anchor the public zero-knowledge proofs derived from authentication secrets. DLT takes the place of centralized silos and eliminates the need for a central authority to store and manage users’ authentication data. This decentralized identity model opens up a whole world of user-centric processes and services such as efficient, reusable KYC or privacy-preserving e-commerce.
Our work with Digital Asset will be key to bringing decentralized identity and trustless authentication to the enterprise world.
DAML + NuID
Digital Asset helps enterprises leverage the power of DLT through a business logic-driven contract language, DAML, that abstracts the persistence layer allowing it to run on platforms such as R3’s Corda, Hyperledger Fabric and Sawtooth, VMware Blockchain and AWS Aurora.
As we began to model our processes with DAML, one of the biggest benefits we realized was that we could focus on writing our workflows without having to figure out the specifics of how the business logic of the use case interacts mechanically with the underlying distributed ledger. By avoiding the tinkering with persistence layer specifics, we are able to actualize a much cleaner architecture that pushes the DLT interaction to the DAML run-time.
We look at DAML as the perfect tool for expressing our extensible zero knowledge model generically. DAML is like LLVM for smart contracts—a target-independent intermediate representation—and equally powerful in nature. We will be able to write and maintain NuID's authentication data model once, in DAML, and target environments across the use-case spectrum.
To drive adoption of our service, one of our key goals is to make as few changes as possible to the enterprise and user experience. For example, in a typical single sign-on (SSO) workflow, a user registering through one service of an enterprise can leverage the same authentication for other services configured for SSO. DAML inherently allows us to define the parties that can view and access information on the ledger to achieve the cross-domain functionality of SSO. An authentication architecture like this allows us to achieve the same functionality of single sign-on between multiple DAML parties without the traditional prerequisites of coordination and trust between them.
Additional requirements for the NuLogin service to be enterprise-ready are auditability and traceability. We found that DAML provides this capability at both the logical (language) and physical (immutable DLT) layers to our clients. By specifying parties who can be signatories, participants, or observers on DAML contracts, our clients can easily meet their audit requirements without having to engage in expensive and time-consuming customizations for storage and reporting.
Finally, technology change management is a significant factor that influences and often slows down enterprise adoption of new technology. Adopting DAML enables NuLogin to be very flexible when it comes to aligning with the existing technology infrastructures of our clients. The new DAML deployment options coming up with VMware, Hyperledger Sawtooth, R3 Corda, Hyperledger Fabric, and even Amazon Aurora, will allow our service to fully respect and integrate with our client’s underlying technology choices.
These enterprise-focused design decisions made DAML an ideal tool for NuID to extend its reach into industries such as financial services, healthcare, manufacturing, and retail.
As part of this integration, NuID will release open source Clojure bindings to DAML libraries that will make producing DAML-enabled Clojure applications more convenient. This will allow for seamless interoperability between NuID’s service, DAML’s platform, and user-facing applications.
The synergies between Digital Asset and NuID are best summed up in DA’s first intro series blog post: “Digital Asset’s vision is for value transfer to be simple, efficient and secure, driven by a new distributed ledger paradigm that unleashes web-pace innovation unrestrained by data silos.”
NuLogin’s integration with DAML will extend that silo-wrecking mission to digital identity.