On May 14th at the Consensus 2019 event in New York, NEO developer Peter Lin delivered a presentation on NeoID, NEO’s digital identity solution.
Lin began his talk by discussing the evolution of identity, which was also described in Swisscom’s presentation at NEO DevCon in February 2019. Lin described how identities can be centralized with low portability and user control, and compared them to self-sovereign identities which have high portability and user control.
In the self-sovereign model, individuals acquire, store, and present their own data. Users can verify their credentials with issuers which can then be presented to verifiers upon request. Currently, there is no SSI standard, however groups such as W3C and DIF are working on the design of SSI-related standards and protocols.
Lin went on to posit, “15 or 20 projects are working on self-sovereign identity. What’s unique and new about NeoID?” Lin stated that the first principle thinking method was used for NeoID to re-examine the issues of identity. “The real world is very complicated – just look at the people around you. There are billions of people. More than that, we also have Things, like IoT devices.” For this reason, NeoID needs to go beyond identity alone and describe the relationships between entities.
Three Models in NeoID
The design of NeoID will be comprised of three models: trust model, game model, and privacy model. Lin said by “using these models, [developers] can describe all of the relationships between entities and the entity itself.”
The trust model establishes itself by a set of three metrics: trust value, trust function, and trust network. Trust value is the level of trust between two entities or people, and the trust function defines the relationship between the two entities. A combination of these metrics creates the trust network, which is concerned with how entities are related within a system. For example, two entities that do not have a direct relationship are much more likely to have lower trust than entities that fall within the same network.
The game model seeks to describe the interactions between entities. Within a network there will be three roles: trustor, trustee, and recommender. As in real-world use cases, Lin stated, “there will be a lot of interactions and relationships between all these entities.” Therefore, NeoID will incorporate an “incentive and punishment mechanism [for] this dynamic model” to ensure that the behaviour of entities is accurately represented and honest behaviour incentivised.
Lastly, Lin briefly touched upon the privacy model. He said, “NEO uses zero-knowledge proofs technology to solve the privacy model. But, it is still developing.”
NeoID and the NEO 3.0 Roadmap
The NeoID presentation also included a few slides dedicated to the NEO 3.0 roadmap. While NEO 3.0 is tentatively planned to launch in Q2 of 2020, NeoID is expected to be released in Q1 2020. The NeoID solution seeks to incorporate a “trust model, certificate parsing and verification, decentralized identifiers, verifiable claims and credentials, and a universal resolver.”
Swisscom Blockchain’s SSI solution for data control is entitled SERAPH ID, which offers a verifiable claims process utilizing the NEO blockchain. Lin expects Swisscom Blockchain will release a proof-of-concept in June or July 2019.
CertLedger’s implementation is based on certificates and is a “hierarchical system,” according to Lin. CertLedger aims to develop a “new [public key infrastructure (PKI)] architecture with certificate transparency based on blockchain, to eliminate the split-world attacks and to provide an ideal certificate/revocation transparency.”
Lin concluded his presentation by stating “I hope NeoID can be the very basic foundation of the NEO 3.0 vision. And, [that] all these ID solutions can be built on NeoID.”