OmniLedger - Pilot

This project has been retired from the C4DT Factory Incubator

We do not host this demo anymore, but you can find its code here and use the instructions to run it on your own computer! Omniledger Archive.

With the C4DT team we created a pilot using OmniLedger to create a self-sovereign identity. The identity is stored on the blockchain and controlled by the user. Instead of using passwords, the user has a private key stored in his web-browser. Using this private key, they can authenticate themselves and access their identity.

The demo can do the following:

Update the user information autonomously
Login-procedures - currently we have two logins:
- Wordpress login, to allow access to the administrative interface and the partner-page
- Matrix login, to enter the C4DT chat
Key management to allow the users to login from multiple devices and to entrust key recovery to a chosen group of accounts.

In the following paragraphs the different parts are presented in more detail. If you want to have a live demo, don't hesitate to get in contact with Linus Gasser

Self sovereign Identity

In the following two screenshots you see the data that a user can modify by themselves. Due to the way the blockchain is set up, there is no central part that can interfere with this. The downside of this complete autonomity of the user is that there is no administrator that can reset the password.

User information

Update in progress

In order to use the OmniLedger identity for a login, we use a Central Authentication Service (CAS). The central is only with regard to the login itself. So each application can have its own CAS. We implemented a CAS-plugin and tested it with Wordpress and Matrix. Wordpress is a very wide-spread website generation tool. Using the OmniLedger identity, users can login to WordPress, either for administration, or to enter secured pages.

The Matrix application is used for communication. The login-procedure allows anybody with an OmniLedger login, and who is authorized by the owner of the Matrix server, to login.

In the following there are some example screenshots of how this looks:

The "Sign in with OmniLedger" button in Wordpress

A user has to confirm the login

The login is written to the blockchain

The access to the protected area in Wordpress

Logging in to Matrix

Key Management

An often neglected part of self-sovereign identities is the key management. There are at least two problems:

Key recovery in case the key is lost
Adding and removing keys for multiple devices

The 1. item is normally solved by a central administrator who has the right to reset a password. However, in a decentralized, self-sovereign identity, this is not possible. With a blockchain, there is no central administrator who can reset passwords. Instead, the user has the possibility to delegate key recovery power to a set of trusted accounts. At any moment, the user can update the set of people who is allowed to create a new key for his account. They can even define a 3-out-of-5 scheme where three out of five chosen contacts need to collectively request a new key.

Adding new devices, as described in the 2. item, is easier. Both are done using a structure called Decentralized Access Rights Control (DARC), which allows to express relationships with regard to keys. This makes it possible to add and remove keys, or to add a new key only if a certain number of accounts work together.

An account with a number of keys and a recovery account

For more information, contact the C4DT Factory

This project has been retired from the C4DT Factory Incubator

Self sovereign Identity

Login Procedures

Key Management