Skip to toolbar

Community & Business Groups

User Identity on the Web Community Group

Currently, more and more services are created on the web and require information about you, me, all of us. Therefore, users have to give away a lot of information about themselves to many different services. The point is that the users lose control of their identity on the web, by filling a lot of forms (e.g., through subscriptions).

Privacy on the Internet is extremely important and must remain. Personal information is used by services we, sometimes, don't even know about, and it is a real problem.

The aim of this group would be to think about new ways to identify individuals over the internet using trusted web based identities embedded directly into the core protocols of the web. At the same time it is important to maintain equilibrium between total privacy and providing information when needed, which means, when the user wants to.

Group's public email, repo and wiki activity over time

Note: Community Groups are proposed and run by the community. Although W3C hosts these conversations, the groups do not necessarily represent the views of the W3C Membership or staff.

Self-registered globally unique human-readable usernames via blockchain

Drawbacks of current identity-management/authentication systems:

– Providers can go out of business/identity bound to service provider
– Servers can fail by technical failures or Denial-of-Service attacks
– Different service providers mean different identities/no globally unique identities
– Service providers can (be forced to) forge identities

The Namecoin project has extended the Bitcoin blockchain-concept to self-register globally unique human-readable names and publish a data set for each globaly unique name (https://wiki.namecoin.info/index.php?title=Identity, https://en.wikipedia.org/wiki/Namecoin). As storage and signing of a blockchain are done decentralized the registrations and the content of the data set cannot be forged. So I suggest to implement an authentication blockchain into browsers to register globally unique usernames and authenticate with services.

The Blockchain would just publish the tupel (<self-registered globally unique human-readable username>;<asymmetric public key>). When a user logs in at a service with his username the service queries the blockchain for the corresponding asymmetric public key and does a Challenge-response-authentication.

Benefits:
– No providers -> no manipulation/discontinue of service
– No servers -> no outtages/DoS-vulnerability
– Globally unique identity per user
– Unlimited number of pseudonyms per user by additonal identities
– Secure login with asymmetric keys -> no password reuse/social engineering

– Any user/company/group/service/application can use ONE global authentication system with globally unique usernames

The NameID-Project (https://nameid.org/) uses the Namecoin blockchain as database-backend for the OpenID protocol. That way all Namecoin user-IDs are available via OpenID. Instead browsers should be able to access the blockchain directly.

If RTCweb is used as blockchain transport protocol browsers can participate as blockchain nodes without additional bridges/connectors/servers.

What do you think?