Blockchain Identity

Lessons Learned from Integrating with Blockchain Identity Providers

12 June 2018 Blockchain Identity

A cautionary tale of reinventing the wheel and history repeating itself in the name of blockchain

Recently, at the European Identity & Cloud Conference (EIC) 2018, I delivered a talk titled ‘Lessons Learned from Integrating with Blockchain Identity Providers”. It’s probably the only time I’m going to give this talk, and it seemed to go down well if only as a cautionary tale, and as an example of past mistakes and failed technologies repeating themselves.

Continue reading...

Technical Review of Civic's Secure Identity Platform

05 February 2018 Blockchain Identity

Recently I’ve been looking into blockchain for decentralised identity and authentication. I’m not sure how I feel about blockchain for authentication yet, but I can definitely see the befits of having some sort of decentralised identity system. It turns out there are a lot of identity blockchain projects out there already, some even have released products (and yes, others already gone bust).

I like learning by doing, and from my initial research I’ve found Civic to be one of the more popular platforms. So, what I’m going to do is dig into the technical aspects of the Civic platform and, in a separate article, integrate with it using ASP.NET Core.

Continue reading...

Integrating with Civic SIP using ASP.NET Core

05 February 2018 Blockchain Identity

This article pairs with another article: “Technical Review of Civic’s Secure Identity Platform”. The verdict of which is that the current implementation has some bizarre design decisions that do not add anything to the overall security. Instead, a standardized approach should have been taken using OAuth or OpenID Connect, as opposed to the current self-rolled authentication protocol. I would not recommend you use Civic.

To get started with civic, I’m going to use it as an authentication method in an ASP.NET Core application. This will use the ASP.NET Core MVC Visual Studio template, with no authentication. Authentication is going to be triggered manually using a login button in the sites header.

You can find the completed proof of concept on GitHub.

Continue reading...