Bitcoin and the cloud

posted 9 May 2016, 01:46 by Paul Simmonds

The media circus that has been Craig Wright trying to prove he’s the inventor of digi-currency bitcoin has been occupying both the main-stream media and tech-media in the past week.

Back some five years ago, the Jericho Forum was looking at the problems with Cloud and defined two problems that the industry should tackle, in the form of two questions that anyone should ask themselves when implementing cloud;

  1. How do you manage your data in an environment you do not control
  2.  How do you manage identities that you do not control

Bitcoin uses blockchain, distributed ledger technology, where the data is distributed across many computing platforms, none of which “you” own, and where the data is public; and highlights the same problems with identities that you have in a cloud environment.

So when you come to try and prove that you are Satoshi Nakamoto, the secretive creator of the currency, as there is no root of your identity, that proof becomes very difficult (as we have seen).

While blockchain is not cloud per-se, the challenges (and maybe even solutions) here are very similar.

The work the Jericho Forum performed on Identity, and then worked with CSA to expand for cloud in the CSA’s “Guidance” document 3.0 (Domain 12), defines the need for anonymity at the root of an entity’s identity [this is what we call “Sameness” – I am the entity that created this cryptographic root, still am today, and will be tomorrow] based on a known level if (immutability) between the entity and the cryptography. Using that root, then a series of persona can be built on top of that common root.  [If you want to understand more then there are a series on five short tutorial videos linked below].

This may seem counter-intuitive to anyone who has been doing identity in a traditional corporate environment where the corporation proofs all its own “staff”; but then rapidly breaks down with kludges when it comes to people (entities) that you do not “own” [contract staff, cleaners, temps, JV staff, auditors, visitors etc.] need access on your systems.

The work from the Jericho Forum concluded that a single anonymous cryptographic root (proof that “I am me” – or “sameness”) with cryptographically linked persona not only enables you to better protect your current corporation, but also solves the identity in the cloud space by moving to an entitlement model; here the signed assertions an entity makes can be used to define the level of access the entity is granted. This also enables BYOId (Bring Your Own Identity).

Such an solution would have simply have allowed Craig Wright to prove “I am me” and therefore I am the persona “Satoshi Nakamoto”; assuming of course that he really is.

Paul Simmonds

Paul is a member of the board for CSA UK, one of the co-editor of CSA Guidance 3.0 and CEO of the global Identity Foundation.

https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf
https://www.opengroup.org/jericho/Jericho%20Forum%20Identity%20Commandments%20v1.0.pdf
https://en.wikipedia.org/wiki/Identity_3.0
http://www.globalidentityfoundation.org/index.html
http://www.globalidentityfoundation.org/videos.html

Comments