Alastria is the world’s first nation-wide, multi-sectorial, enterprise grade, permissioned blockchain network. A non-profit association open to all types of companies and organizations with the mission to contribute to the creation of a diverse innovation ecosystem. Alastria is technology agnostic and offers the networks promoted by its partners as well as a user centric Digital Identity model, the Alastria ID, focused on ensuring the legal validity of the transactions on the networks.
After over a year of intense work, Alastria’s Identity Committee has completed the first reference implementation of the data exchange flows of the Alastria identity model. This first Minimum Viable Product (MVP) is available for consultation and use on the Alastria GitHub. It includes the reference or pilot implementations of all the elements and actors involved in the personal information life cycle: credential issuer, user, who receives the credentials using a wallet on her mobile phone, and the service provider.
The Identity Committee has been working since 2018 on the definition and validation of the Alastria identity model, articulating the work in three axes: functional, technical and legal-organizational. The definition process was also supported by the construction of various software elements to demonstrate the viability and validity of the conceptual model including smart contracts, governing the recording process on the blockchain, and limited use examples.
The project received a strong boost in April 2019 and was completed in February 2020, thanks to the collaborative work of a team comprised of professionals from the member partners who refined the model and addressed the development of the software pieces with an iterative and incremental approach.
Recently, the core team has completed the reference implementations of the software elements required to cover the needs of each of the actors in the process (issuer, user and service provider), with the aim of demonstrating that the model works and that it can be built easily and with available technology.
To facilitate the use of smart contracts for blockchain recording and the construction, validation and processing of Verifiable Credentials and Presentations, a comprehensive library has been created that includes an easy-to-use API that is directly used from the wallet. In addition, to build reference implementations of the issuer and service provider, a service layer (swagger) with a well-defined service API has been defined and implemented to include a set of services that facilitate the construction of many use cases.
For the MVP, the online car rental process has been used as an example. In this case, the car rental company (service provider) asks the user for three pieces of information: 1) a driver’s license, 2) a credit card, and 3) proof that the user is over 25 years old in order to apply a discount. The user must send this information to the car rental company. For this purpose, the user uses an Alastria wallet to ask the corresponding issuer to certify that he meets these conditions: 1) the traffic authority sends the user the Credential on his driving license; 2) the bank provides the credit card Credential, and 3) the police or the city council certifies that he is over 25 years old, issuing the corresponding Credential. The user then submits the credentials through a secure and private channel to the rental company. The company receives the credentials, validates them and proceeds to provide the car. This whole process can be done online and in real time without the need of prior registration user process or verification of the original documents by the rental company.
All these information flows between the actors are recorded in blockchain with different smart contracts: (i) each issuer call a smart contract to register the issuance of its Credential; (ii) the user registers the reception of every credential in blockchain, (iii) in response to the Presentation, “wraps” the required Credentials in a Presentation (the presentation is like the envelope that contains the credentials and an indicating its purpose and the validity date), signs and send it to the Rent a Car and registers in blockchain the emission of the Presentation; and (iv) the service provider then checks that the credentials are valid by consulting the record made by the issuers of the credentials, and then records the reception of the Presentation (the envelope with the credentials).
The registration in blockchain facilitates the process of tracking the validity of the credentials without the need for direct contact between the rental service provider and the issuers, improving the comfort and privacy of the user, while reducing the cost and increasing the guarantees for the rental company.
Furthermore, blockchain registration facilitates the revocation of credentials by issuers and the exercise of Personal Identifiable Information (PII) Rights at the user request. For instance, in case of loss or theft of the user’s credit card, the bank could revoke the corresponding credential, which the rental company would then not accept. On the other hand, the user can request the deletion of a Presentation information (with all the credentials) sent to the rental company, providing to the user the exclusive control of her information, in a timely manner, without the need to fill in any documentation that gives faith of this request, and without even requiring the collaboration of the car rental company, since it is registered in blockchain.
The MVP is an important achievement for Alastria digital identity project for several reasons. Firstly, all Alastria’s member partners, over 500, can now use the reference implementations for the development of commercial solutions. In fact, the Alastria identity model is already being used as a de facto standard in several commercial products launched by member partners, such as Validated ID, Kay Id (everis) and Vottun; and in some projects like Digitalis or Dalion.
Secondly, Alastria identity model is being considered for standardization purposes by several organizations at the Spanish and European level. In particular, it has been presented before UNE, Spain’s standardization organization; CENELEC, the European regional standards organization; its sister organization CEN, the European Committee for Standardization; and the ESSIF project, the European Commission decentralized identity initiative within the EBSI program. The European Commission is analyzing the MVP’s code to use it as a basis for building an implementation that will soon be available at the European level.
The Identity Committee now faces the challenge of building an MVP2 to incorporate some improvements on privacy, performance and user experience. A first analysis of the technical, functional and regulatory-organizational improvements has been presented recently in the working teams and the proposals will be refined with all the member partners who want to participate. In addition, the proposals will be contrasted with the most recent studies on GDPR, identity and European regulation on blockchain to, among other things, improve the exercise of the PII rights by users.
The MVP2 is expected to be completed in a period of 6 months. The maximum collaboration of the member partners is necessary to accomplish this goal. In this new version, we will be working on the following developments: identity governance, trust framework, privacy reinforcement through the use of pairwise or peer-to-peer DIDs, Zero Knowledge Proofs, mechanisms that guarantee non-traceability in blockchain, wallet with distributed storage, and key and identity (DID) recovery mechanisms. To achieve this, the core group aims to have more member partners collaborating in the Identity Committee. Following the scrum methodology, meetings are held virtually every week and in person (before and after Corona Virus) at the sprint stages (every 2 or 3 weeks), combined with the use of Slack and the GitHub repository for daily communication.
Last but not least, this important first MVP would not have been possible without the commitment of the member partners who have dedicated time and professional resources both to the definition and revision of the identity model and to the development of the reference implementations.
At the risk of forgetting to mention some of the contributors and apologizing in advance for any omissions, we would especially like to thank those professionals who have been most active in this project:
- On the legal side, we are especially grateful for the contributions of Andrea Ortega (Cuatrecasas), Sara Esclapés (Grant Thornton) and Sara Midori Martínez (HSF), along with Ignacio Alamillo (Astrea), Leopoldo González Echenique (HSF), Julián Inza (EAD Trust), Alvaro Bourkaib (Cuatrecasas) and Miguel Ruiz Gallardón (Notary).
- In the functional definition of the models, the design of the User Experience (UX) and the implementation of the wallet, we would like to highlight the contributions of Eva Fernández (Caixabank), Rony Demera (Tribalyte), Álvaro Gómez (Tribalyte), Samuel Sánchez (collaborator at Banco Santander) and Paula Pascual Cortes (Banco Santander), in addition to many other member partners who participated in the definition of the first use cases.
- On a technical level, the work of Eduardo Sánchez Mata (everis), Íñigo García de Mata (Grant Thornton), Marcos Serradilla (everis/ioBuilders), Juan Tavira (Banco Santander), Daniel de la Sota (collaborator at Banco Santander), Samuel Sánchez (collaborator at Banco Santander), María Salgado (IECISA), Roberto García Álvarez (IECISA) and Víctor Nieves (IECISA), deserve special mention, as well as many other individuals representing different companies who participated in the initial design meetings.
- Supporting the scrum methodology, we find Marta Pastor (everis), Delia Estebaranz (Siag), Virginia Jimenez (everis) and Juan Luis Gozalo (DevOps director of Alastria).
- Promoting the collaboration between the Identity and Standards Committees, we would like to highlight Ismael Arribas (Kunfud), Ignacio Alamillo (Astrea), Eusebio Felguera (Telefónica) and Miguel García Menéndez (Alastria), who have worked to position the Alastria identity model as a “de facto” standard, proposing it as the basis for a formal Spanish and European standards.
Moreover, we are very grateful for the collaboration and support of all the members of the Board of Directors. Special mention should be made of the first sponsor of the Identity Committee, Moisés Menéndez (everis/Iobuilders), and the current sponsor, Coty de Monteverde (Banco Santander). In addition, we are also especially grateful for the contributions of the leader of the Committee, Carlos Pastor (BME). Finally, we would like to thank all our member partners, who have supported the disinterested participation of their professionals, understanding the importance of this project for Alastria and for the massive adoption of blockchain technology and Digital Identity in Spain and Europe.
To all of you, a big THANKS! And if you are not yet participating, we invite you to join the Identity Committee to continue at the forefront in the use of blockchain technologies at a national and international level.