The Binding Problem for SSI and NFTs

IOTA Identity Apr 26, 2022

TL;DR:
Proving the link between a digital identity or NFT and what it represents is an important step to be aware of when using SSI or NFT technologies. This blog post explores the challenge and potential solutions.

With advancements in Self-Sovereign Identity (SSI) and the rise of NFTs, identities are increasingly becoming a central topic in distributed ledger technology (DLT). NFTs and identities create digital representations, embedded in a DLT,  that represent a person, physical object, company or digital asset. The largest challenge for both technologies is the binding between the digital identities and what it represents. This is what we call the “binding problem” and will be the topic of this article.

The binding problem is a key issue that any project using SSI, NFT and digital identities must consider. It is the quest for proof that a digital identity is linked to what it claims to represent. The way this is achieved differs depending on what the identities represent. For example, identity for people provides a completely different set of technological and legislative challenges as compared to identity for organizations, identity for things or (digital) assets. In this article, we explore the different types of identities and how they might solve the binding problem.

Identity for people

The binding problem for people exists in both directions. The first direction is a problem as old as the internet itself: how to prove ownership over a digital identity or account? As discussed in our Login with IOTA blog post, most computer systems were based on “something you know” (e.g., a password) and are slowly moving towards “something you have” (e.g. a private key, card, access to email). With the latter solution, control over identity can easily be proven by showing that you own one of the private keys associated with the identity.

The real challenge lies in proving that an identity is tied to the person it is meant to represent. With people, this question becomes even more complicated when considering privacy laws like GDPR. How much information should be revealed and what is the purpose of revealing said information? Any application that interacts with identity for people using SSI will need to ask what kind and how much evidence is needed in order to sufficiently trust the identity before providing a service. This answer differs immensely between, for example, buying something from a webshop or signing up for health insurance.

The eIDAS regulations in Europe have an excellent example of this with their Levels of Assurance scale. People may identify themselves with “low”, “substantial” or “high” levels of assurance, each level increasing the amount of data being revealed and, with it, the confidence in the certainty behind the identification. Some services require “high” while others can make do with “low”, keeping their burden of responsibility on storing customer data on a lower level.    

Source: eHAction report

The eIDAS Levels of Assurance scale is one metric for determining how much and what kind of information is required to provide a service. It is adopted by EU government agencies and the financial services industry but is not a perfect fit for everything. The requirements completely depend on the situation, which can range from barely any identifying information to significant amounts of information.

But it's not just the information itself that matters. The source of the information is important, too. To identify me, Jelle Millenaar, as a contributor in the IOTA ecosystem, my identification can be based on the “web of trust” model, where multiple other IOTA contributors recognize me by vouching for my identity with “this is Jelle”. They are the source of my identification, which is less intrusive than a government identification but also less reliable (but which is perfectly fine for such a purpose).

While SSI puts people back in charge of their own data, it also makes it easier to demand more information as a service provider. The IOTA Identity team acknowledges this and takes its responsibility very seriously. Therefore, we add protective measures in the IOTA Identity framework, such as “non-reputable” data requests, where users can prove that a service provider has asked for too much unnecessary information for the service they provide. Technology cannot be the sole solution, as that is an impossible task. Ultimately, governments need to protect their citizens against intrusive data requests by law, as is the case in Europe with GDPR. The IOTA Foundation will ensure that its technology provides the tools for data minimization through Zero-Knowledge Proofs (ZKP) and selective disclosure, and by making it possible for users to defend themselves against intrusive data requests. Even if a person can identify themselves with high assurance, that does not mean that they have to or should.

With identity for people, the binding problem can be solved. The SSI ecosystem will need a healthy set of identification credential issuers, ranging from low to high assurance, and the tools to minimize data sharing. Given a healthy ecosystem, a person can prove control over an identity and the identity can be directly linked, or bound, to the person it identifies.

Identity for organizations

The binding problem for organizations is a little less complicated. Similarly to people, an organization can prove control over an identity, either via a representative such as a director or a team member or through an API that they, for example, host on their own (cloud) servers. The ability to give multiple members of the organization control over an identity, or even only allowing changes to the identity if multiple people agree, allows organizations to effectively manage identities. However, the difficulty again lies in the opposite proof: how can an identity prove that it represents a certain organization?

Similar to identity for people, the required amount of evidence and the trust in the issuers of the identifying information differs on the situation. Often, organizations themselves act as issuers for verifiable credentials, making them a (potentially) trusted source of information in the SSI ecosystem. Reliable identification for these issuers is important to increase the weight of the credentials they issue. As an example of how levels of assurance might look like for organizations, here is an arbitrary scale to show the range of trust:

Low Assurance: Domain Name Verification is a concept that binds an identity to a domain name. This is done bi-directionally, where the DID of the organization lists the domain of the organization while the Domain Name System (DNS) records of the domain name list their DID(s). While this doesn’t provide automatable trust, a person would easily identify an identity from “iota.org” as being trustworthy, while “ioba.org” isn’t. This is essentially a self-issued proof.

Substantial Assurance: An organization can be identified through other organizations, such as an overarching organization like a collective or working group. They identify the organization and become the source of trust, or trust anchor. The weight of these identifications again depends on their own level of assurance. This becomes a recursive problem, therefore it is also necessary for a verifying party to pre-determine which identities they trust as trust anchors in the ecosystem, or actively decide if they trust the identification based on the evidence provided.

High Assurance: Any organization that does official business needs to be registered with their local government. The Chamber of Commerce or equivalent could be the perfect source for a high-assurance identification credential. The government affirms the binding between the organization and its DID(s), either through verifiable credentials, directly embedded mentions on their website, or both.  

Low Assurance Web of Trust

Small scale organizations in developing countries might not be able to rely on any such infrastructure. They could be a small farm that has the challenge of doing business with western corporations. With no governmental registration, domain name or overarching working groups, it can be tough to establish trust. However, often these companies may have worked with each other locally and perhaps worked with another western organization before. These collaborations could be added as “review” credentials and can help create credibility without any difficult infrastructure requirements, essentially creating a Web of Trust model for small-scale companies.

Identity for things

The binding problem for things probably has the most straightforward solution. A thing can prove its control over an identity by being in control of the private keys of the identity, similarly to people and organizations. You can therefore ask it to authenticate, immediately solving half of the binding problem. The other half is again challenging, but most likely has a less complicated range of assurances. For example, a device might be able to prove what device is represented by the identity by showing credentials from a manufacturer, installer, calibrator or purely based on reviews.

While not a thing, the same binding solution exists for data oracles. They can prove their trustworthiness based on similar credentials from the host, data providers and reviews from data consumers.

Identity for objects and NFTs

Solving the binding problem for the previous identity types is trivial when compared to objects or NFTs. The difference lies in the ability of the subject of the identity to respond to inquiries. A verifier can ask a person to authenticate themselves and provide sufficient evidence to bind the DID with the subject of the identification itself by presenting verifiable credentials. A verifier can make similar requests directly to an organization or a device, with an electronic circuit that has the ability to IO (Input Output) and do cryptographic operations.

An identity that represents a digital asset (often an NFT) or physical asset without an electronic circuit is unable to do that. It cannot authenticate or provide any evidence. This is why NFTs in their current form achieve nothing substantial in regards to digital identities as they conveniently ignore this problem, which has led to simple “right-click copy-paste” situations and fraud. An NFT is simply unable to prove that it is bound to an asset, nor is an asset able to prove it is bound to the NFT. So how can an NFT or object be bound to the asset it represents?

One solution for a physical asset is to digitize it. This requires introducing an electronic circuit to the physical asset through, for example, an RFID tag. In essence, this allows a non-electronic asset to become a device and respond to inquiries. However, one should consider copy protections and RFID tag removals. The trust in the system carrying the identity itself determines the trust in the identity.

For NFTs focused on profile pictures and other digital art, a similar solution is not possible as the information is too easy to copy, destroying the unique binding between the identity and what it represents. A possible improvement would be to proxy providers of evidence and trust. An NFT is always minted by an entity. This entity can act as a proxy for the trust in the NFT by providing evidence that they are, for example, the creator of the art. Similarly, an organization could provide evidence that they legally control the right to the asset and that the NFTs are legally bound to these rights. With either of these options, an NFT of a digital asset would have significantly more binding value.

This goes to show that identity for objects and NFTs remain a major challenge for the future. While both are exciting and NFTs carry a lot of hype, the technology is missing a technical or legally-backed solution for binding an asset to an identity. With the IOTA Identity framework, we remain focused on providing tooling for all forms of identity to increase trust in the binding, but also educate on the importance of evidence and risks.


This article was written in the context of IOTA Identity, a Self-Sovereign Identity framework based on the IOTA Tangle. We hope it clarifies the importance of certain decisions that have to be made by application developers and users. If you have any questions about the IOTA Identity framework or are looking for like-minded people interested in DIDs, feel free to visit us on the IOTA Discord in the #identity channel.


IOTA: Discord | Twitter | LinkedIn | Instagram | YouTube

Tags

Jelle Millenaar

Lead of Identity at the IOTA Foundation

Great! You've successfully subscribed.
Great! Next, complete checkout for full access.
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.