A cautionary tale of reinventing the wheel and history repeating itself in the name of blockchain
Recently, at the European Identity & Cloud Conference (EIC) 2018, I delivered a talk titled ‘Lessons Learned from Integrating with Blockchain Identity Providers”. It’s probably the only time I’m going to give this talk, and it seemed to go down well if only as a cautionary tale, and as an example of past mistakes and failed technologies repeating themselves.
Recently I’ve been looking into blockchain for decentralised identity and authentication. I’m not sure how I feel about blockchain for authentication yet, but I can definitely see the befits of having some sort of decentralised identity system. It turns out there are a lot of identity blockchain projects out there already, some even have released products (and yes, others already gone bust).
I like learning by doing, and from my initial research I’ve found Civic to be one of the more popular platforms. So, what I’m going to do is dig into the technical aspects of the Civic platform and, in a separate article, integrate with it using ASP.NET Core.
This article pairs with another article: “Technical Review of Civic’s Secure Identity Platform”. The verdict of which is that the current implementation has some bizarre design decisions that do not add anything to the overall security. Instead, a standardized approach should have been taken using OAuth or OpenID Connect, as opposed to the current self-rolled authentication protocol. I would not recommend you use Civic.
You can find the completed proof of concept on GitHub.