What are the characteristics of the common identity in the securities pass and identity securities?

Identity is a key factor in distinguishing between securities passes and other blockchain agreements. In the current generation of securities pass platforms, identity is restricted to the use of "whitelists." Although whitelists implement identity-based functionality, they do not represent identity itself. With the development of the securities pass industry, identity should be developed as an independent agreement for cross-platform use. Achieving this goal requires a balance between securities law, the characteristics of distributed ledger projects, and decades of identity management protocol research. This article would like to explore the idea of ​​the next generation securities pass platform identity agreement.


The subject of identity is very complex, especially when we put it in a decentralized architecture. While some ideas may be oversimplified, I will try to provide a logical reasoning path to understand the characteristics of identity systems in securities passes and how these ideas can be implemented technically. Understanding the identity in the securities pass can be divided into three steps.

Avoid repeating internet errors

The author finds that when interpreting the relevance of identity in the securities pass model, we can compare it with the identity problem on the Internet. Identity has always been considered one of the "essential missing blocks" of the Internet. Architecturally, the Internet does not include an identity protocol, which means we must make second and third-tier identity solutions as the Internet evolves. The lack of general consensus on what constitutes Internet identity is the underlying cause of the increasingly fragmented ecosystem, which has translated into the vulnerability of the Internet to cybersecurity attacks.

Like the Internet, blockchains have evolved into first-class objects without identity (those that can be created during execution and passed as arguments to other functions or to a variable). The concept of identity expressed through the calculation of consensus protocols is not sufficient to simulate many user-centric business processes, such as the business processes required for securities transfers. The securities pass obviously relies on the identity representation to perform the compliance checkpoint for a particular transaction, but the author believes that the idea is short-sighted. Compliance is just one of many applications for identity in digital securities. In order to avoid Internet errors, identity should be the first type of building block in the securities pass platform architecture and a key enabler of any other agreement in the industry.

Identity rule

There are many computer science papers on identity, and the most influential of the author is the Identity Law published by Microsoft Distinguished Engineer Kim Cameron. The Identity Law, written in 2005, is a paper that affects a whole generation of identity management solutions that still dominate today's market. In his paper, Cameron explains many of the challenges facing identity in the Internet and outlines seven key criteria that should be considered when implementing a digital identity system:


7 key criteria for identity systems

1) User Control and Consent : The technical identity system must only publish the user's information if the user is identified and the user agrees.

2) Disclose as little information as possible for restricted use : The solution that exposes the least amount of identifying information and best limits its use is the most stable long-term solution.

3) Reasonable parties : The digital identity system must be designed so that the publication of identification information must be limited to parties with the necessary and reasonable status in a particular identity relationship.

4) Directed identity : The universal identity system must support the "omnidirectional" identity used by public entities and the "one-way" identity used by private entities to facilitate discovery while preventing unnecessary release of relevant information.

5) Diversification of operators and technologies : Universal identity systems must connect and support multiple identity technology systems operated by multiple identity providers.

6) Human Integration : The Universal Identity Metasystem must define human users as a component of a distributed system integrated through a clear human-machine communication mechanism, providing protection against identity attacks.

7) Consistent experience across contexts : A unified identity metasystem must ensure that its users receive a simple, consistent experience while simultaneously separating contexts through multiple operators and technologies.

The Identity Law has evolved the identity management industry from a single solution to a federated architecture (based on a new concept called claims-based identity). Fundamentally, the claims-based identity theory has four basic elements:

Identity : Identity is a set of assertions that represent assertions of real events related to a particular topic or individual.

Identity Provider : A statement based on an assertion (about a specific user) can be generated.

Relying Party : An entity that accepts and trusts the identity of a particular provider.

User : An entity abstracted from identity.


Four concepts of identity

Let us put these four concepts into practice, for example. For example, an example of a person going to a liquor store to buy an alcoholic beverage. Before completing the purchase, the user needs to provide a valid identification of the store representative, such as a driver's license. This identity includes certain claims about the user, such as age or address, which are given by a trusted identity provider (such as the automotive department in the United States). In this example, the store is the relying party in the above concept.

The laws of identity were subversive at the time, but they were created only for a centralized world. The concept of a trusted identity provider has led to an indirect dependence on a centralized authority. The emergence of blockchain and decentralization projects requires adjustments to identity rules to accommodate a world of trust provided by mathematics and encryption rather than a centralized authority.

Identity and Securities Pass: From Application to Agreement

For securities passes, the obvious benefit of identity is the enforcement of securities laws and compliance rules. However, if we limit the value of identity to these factors, we will severely limit the potential of encrypted securities. Universal identity represents many intangible benefits to the securities clearing system architecture, which is critical to the development of the industry.

User-centric identity vs. application-centric identity : In a blockchain, users should be able to have their own identity and use it to interact with different applications. This is in stark contrast to today's securities pass model, where each platform is creating its own identity representation.

Interoperability : Imagine if investors can reuse the results of a KYC process to participate in the issuance of securities passes issued by different platforms.

Portability : Investors can log in to different markets or DApps that interact with the securities pass using a single identity.

Programmable compliance : Compliance rules can be created for generic identity representations, but not specific platforms.

Consensus model : Identity should be the basis for a new form of consensus, such as avoiding the authority proof (PoA) of expensive computational logic.

For securities passes, the identity model is at the intersection of the identity agreement, the decentralized blockchain architecture, and the securities law.


Identity in the securities pass

A key challenge in identity development in a securities pass solution is the transition from an application-centric identity model (such as proprietary KYC) to a programmable identity protocol . This shift may include some centralized models at the beginning, but eventually evolved into more fragmented protocols.


Development route of identity solution in securities pass

Combined with the above proposed content, we can derive some characteristics of the general identity representation in the securities pass:

owned by the user, executed by the application : In the securities pass model, the identity should be owned by the user and executed by a different securities pass application (such as a publishing platform or exchange).

· Statementbased : The identity in a securities pass application should be a set of statements or assertions about a particular user or entity.

Reversible : In order to enforce the securities law, the identity representation should be reversible, which means that the regulator can retrieve the files used to generate user assertions.

Based on identity standards : In the past few years, the securities pass industry has produced many high quality standards, such as SAML or OpenID Connect, which have been adopted by many applications we use every day. The author believes that the securities pass agreement should use some established standards as part of its agreement, rather than establishing new standards.

Programmable : Identity should be reusable in other securities pass agreements.

With this in mind, in the next article , we will begin to consider how to design an identity agreement for Securities Pass.