There exists a concept of user digital identity, some set of data, representing a person online. The key idea is that we have a number of qualities that might have significance for various online services in different contexts. For example, my age is important in the context when I'm interested in buying something intended only for adults, like alcohol. Similarly, the job boards might be interested in data, confirming my education, previous work experience, or, for example, whether I own driver's license. At the same time, they don't need any kind of personal information. Even considering this example with age, it would be more reasonable to provide the service with the confirmed fact that I crossed a certain legally important age limit rather than to give it my birth date, which reveals much more information than it's necessary in that context.
Another problem is that this information isn't officially confirmed in any way. If I place on job board information that I have a diploma of certain University, this is just what I say. If I work with my clients and employers distantly, they will never have a chance to find out whether what I've written about my education is true. Of course, it can be solved by background checks or document scan requests, but it's a hassle and very inconvenient, and it just better illustrates my point.
Also, there is another pitfall. For example, I can use identification system of large services such as Facebook or Google. And here comes an interesting hypothetical situation. For example, I can use one of those services, say Facebook, to confirm my identity on multiple critically important for me sites and services. Then one day Facebook suddenly goes bust and disappears together with its identification mechanisms and user data. In this scenario, it will have catastrophic consequences for me, because I'll be immediately shut off from the services and resources that are indispensable and necessary for my survival. The essence of this problem is that in this situation: I don't own my online identity.
This is a very important point. To illustrate it, here's an example. I have a passport that identifies me as a citizen and resident of certain country. It goes without saying that I own that passport; it's stored somewhere in my drawer and not at some third-party company. The latter sounds a bit scary and absurd, but this is exactly the situation with our digital identities. They are in possession of third-party commercial companies, and this can lead to a number of consequences:
First, the company can just disappear, and this information will be lost. It will lead to numerous users losing their identities. This situation I described above.
Also, this can lead to dangerous information leaks. Nobody has any idea how those companies protect sensitive information. Plus, as I mentioned above, they store much more information than it's necessary for specific purposes. It's basically an extended online dossier that under normal circumstances shouldn't have been on the Internet in the first place. But we live in a crazy world. The important thing about that is if such information falls into the hackers' hands, it can be effectively used to break into users' accounts, social engineering based attacks, and so on. Personal information related to birth date, personal phone, and address combined with some observations of user's preferences and activities can become a toolkit for stalkers and blackmailers. In other words, it's serious, or it can become quite serious at any moment for anybody who has personal enemies.
Another inconvenient and problematic aspect is that identifying me information is scattered across multiple sites, and there's no convenient method to aggregate it if I need to provide that information to some interested party. For example, my University probably keeps a digital record, confirming that I graduated it. Online freelance job boards store information about all the projects I took on and accomplished, as well as my ratings and clients' references. Ok, now I need to put all that information together and send it to another potential customer as a dossier, confirming my qualification and work ethics. Well, ok, it's just technically impossible or at least very problematic.
Plus, there's still a problem that apart from possible document scans I cannot confirm the validity of that information. Ideally, it should've been something as ironclad as official signature and stamp. But there's nothing like that, even close.
Plus, once again, there's a problem that I share much more information than necessary. For example, I want to order some liquor at the online store. They want to be sure that I'm not a minor and offer me to authorize using a Facebook account to confirm my birth date. The problem is, first of all, they receive much more information than my age, and I'm not sure that I'm willing to share those details with every online merchant. Plus, even the birth date itself in this situation is much more information than necessary. The online store only needs the confirmation that I reached a certain age. The birth date can be used for other purposes. For example, it can be used, and it's used to guess passwords and secret questions.
All that, and thoughts how to solve those problems led IT researchers and engineers to an idea of self-Sovereign Identity.
The Safein project's paradigm is related to the concept of self-sovereign identity. Self-sovereign identity is a principle, according to which identifying us information is not scattered among various sites but aggregated at one particular place. Another part of this protocol describes how we share that information with interested parties. The key thing is that we provide only what's absolutely necessary. For example, if some company needs to know if I have a driver's license, I don't send it a scan of my driver's license; this would reveal a lot about my identity. Instead, I send a zero-knowledge proof that I have one. Zero-knowledge proofs and their applications is another interesting topic for discussion, but for the sake of brevity, I'll just say that they give mathematically backed guarantee that what I claim is true without revealing much information about the subject of my claim. For example, if I successfully solved a puzzle, I can use zero-knowledge proof to confirm that I indeed solved a puzzle without the need to demonstrate how I actually did that. So, essentially, self-sovereign identity is a principle and protocol allowing to store maximum identity information and at the same time revealing minimum to the third parties.
Safein has already developed a Minimal Viable Product (MVP). Plus, It has an agreement with a leading ID verification service provider, specializing in recognition of scanned documents. In short, they can distinguish between genuine scan and artfully manufactured fake. The project’s platform will facilitate the storage of user document scans, attached to user profiles. According to self-sovereign identity principle, the platform will share only the minimum amount of user information with interested third parties.
In addition, Safin is a combination of user authorization provider and a digital wallet. In other words, the platform will also enforce the protocols and procedures determining how the payment process will be organized technically when I'll be purchasing something on the sites that use this platform as authorization service.
Speaking of all the numerous problems Safein project is going to solve: It's going to eliminate the need to fill multiple registration and login forms on multiple sites, replacing them with a single sign-on. It's going to help to pass KYC requirements. It's also going to solve the problems many online platforms and services are going to face due to the ratification of GDPR in EU. In short, this law establishes the rules and limitations for how personal data should be collected and stored, within the EU at least. Definitely, it's going to be a headache for many.
To sum things up, Safein offers a working implementation of the idea of integrated and secure digital user identity. Considering how essential is the problem of our online representation in the world where most of the things we do online, the project's concept has a good potential.
Starting from May 31, 2018, Safein will conduct an ICO aiming to distribute 30% of total supply of 1,000,000,000 SFN tokens. The hard cap of the sale is $21,000,000
Useful links
Website | ANN | Whitepaper | Telegram | Twitter | Facebook | Medium | Reddit | LinkedIn
This is my @originalworks
This post has received a 0.45 % upvote from @drotto thanks to: @cryptotaofficial.