The C4DT Factory works using software produced by the EPFL IC labs. Our focus is on software that increases digital trust in the era of the internet. One area where we see a lack of trust is account management, which includes the following elements:
- self-sovereign management of the account
- using the account to login to remote services
- storing account information, including sensitive data
- managing consent to access personal data
The current solutions from Google or Facebook mean that a user gives all her login information to these big companies. The user can only partially control how these companies are using her data. This is why we created a decentralized account manager using OmniLedger.
Self-Sovereignty
With a centralized service, a user can only follow what the service allows her to do. Thanks to the GDPR, it has become easier to remove an account from a service. But sometimes even removing her account is very difficult. Self-soverignty means that the user can decide himself where her account is to be used. It also means she can remove access to her account by services she doesn’t trust anymore.
Self-soverignty is implemented in OmniLedger using DARCs. A DARC defines delegation of trust by the user. This enables the user to be self-soverign with regard to:
- recovering accounts by a group chosen by the user itself
- delegating access to a service to a group that is handled independently of the service itself
- making groups of groups and add/remove groups as needed
SSO Login
Instead of using the SSO solution from Google or Facebook, an administrator can setup his service to accept CAS logins handled by OmniLedger. The administrator can then define himself who should have access to the service. Using DARCs, he can give access to groups of users. A user group doesn’t need to be administered by the service administrator, but can be handled by another entity. This frees up the administrator. Should the entity behave maliciously, the administrator can always recover the group belonging to that entity.
Storing Account Information
Because the blockchain stores the data of the user, the data needs to be encrypted. Accessing encrypted data is handled by Calypso, as described in the OmniLedger article. This allows to store some information directly on the blockchain, like the full name, phone-number, email, without having this information accessible by everybody.