Amid increasing signs of convergence between blockchain-based web3 technology and biometrics, Buenos Aires is embarking on a digital ID project that could offer a compelling test case for self-sovereign identity on a civic scale.
In a newly-published white paper, city officials unveiled an ambitious plan to build a digital identity platform that will prioritize giving residents of the city a high degree of control over their personal information. The platform will be blockchain-based and decentralized, and city officials are aiming to ensure that any organization – even a non-government one – will be able to use it for identity verification purposes.
Secure, Agile Transactions
One basic use of the digital identity platform will be to enable citizens to pay some taxes using cryptocurrencies. But its ambitions are much broader, with the Spanish-language white paper laying out “a new paradigm in which secure transactions are agile; where verification of necessary documentation is fast, reliable and private.” That suggests a future in which all kinds of transactions – potentially including home sales and loan applications – could be conducted and verified using the blockchain-based digital identity system.
Speaking to CoinDesk, Buenos Aires’ Secretary of Innovation and Digital Transformation, Diego Fernández, suggested that the program’s architects are hoping to ultimately make it able to connect with other blockchain platforms.
City officials’ timeline for the project is also ambitious. They are hoping to have the blockchain platform operational in the last quarter of this year or the first quarter of 2023.
For now, though, it’s very much in the early stages. The next few months will be dedicated to planning, with the White Paper that outlines the project still incomplete. And among the details still to be determined are questions about how – and not if – biometrics will play a role in the digital identity system.
In a section of the White Paper detailing its architecture, the authors explain that the digital ID system will be based on a “Trust Over IP” model as championed by the ToIP Foundation, with some modifications. And they note that part of the ToIP model entails a “human trust” framework that complements a “cryptographic trust” framework.
The white paper explains that this “human trust” framework would take “the form of verifiable claims about entities, attributes, and relationships”.
What exactly that will look like in practice hasn’t yet been determined. The next section of the white paper, titled “Biometría”, remains unwritten, save for two notes. The first explains that “this section will include the relevant definitions and criteria for the implementation of biometrics in the creation and management of self-sovereign identities, access credentials and transaction authorization, among others that may arise.”
The second note directs the platform’s architects to “incorporate FIDO standards in this section.”
The language clearly points to the anticipated integration of biometric verification into the digital ID program, a potential opportunity for biometrics vendors specializing in remote identity verification.
Privacy in the New Web
This approach to identity verification in the evolving web3 space appears to be gaining traction. Biometrics offer a uniquely reliable form of authentication online, as biometric credentials are theoretically irrefutable – though spoofing remains a serious concern. And biometrics can also be leveraged to help protect anonymity, since authentication can be performed without requiring the subject to provide any particular personal information.
This was illustrated pretty vividly in Apple’s recent launch of its mobile ID system for iPhone users in Arizona. One of the system’s use cases – it’s only actual use case, at the moment – is to let user’s confirm their identity at the airport using a virtual version of their driver’s license or state ID card. And, remarkably, this is done without having to show even the virtual version to a security agent. The user needs only to perform biometric authentication using their device, and to tap it on a designated reader.
The biometric authentication verifies that the traveler is who they claim to be, without the need for a human agent to look at information like date of birth or home address.
This approach to privacy offers an obvious appeal to the many pioneers of web3 who point to anonymity and pseudonymity as one of the great advantages of blockchain-based systems such as Bitcoin. Indeed, there is a whole blockchain project in the works premised on the idea of using biometrics to verify that each ‘node’ supporting the platform is a unique human, a democratically-minded approach to web3.
FaceTec, the vendor providing biometric technology for that project, was also selected earlier this year as a tech partner in a project being built by Singapore-based Avarta that is aimed at establishing a trust scoring system spanning the decentralized ecosystem.
Whatever role biometrics ultimately end up playing in the Buenos Aires project, the White Paper’s reference to plans to incorporate FIDO standards pretty clearly indicates that password-based authentication will be shunned. The FIDO Alliance is the world’s most prominent advocacy group for post-password authentication – including biometric authentication – and its standards continue to steer the development of authentication systems across a number of sectors.
As with the project’s plans regarding biometrics, the specifics concerning how FIDO authentication will be implemented have yet to be hammered out. That may represent an opportunity for authentication advocates and vendors to get involved and have their say in the project’s development, but they’ll need to act soon. After the 90-day planning phase, Fernández told CoinDesk, the platform’s development should take about six months.
Sources: CoinDesk, The Paradise, GitHub
May 5, 2022 – by Alex Perala