We are proud to announce the upcoming Signata integration with market-leading decentralized oracle network Chainlink. This integration will build the necessary linkage between blockchain identity management systems and the off-chain identification of risk for real-world applications. Signata is building risk analysis systems off-chain for service providers, who will then in turn report dynamic risk levels of identities on-chain using Chainlink-powered decentralized oracle networks, ultimately helping protect sensitive on-chain smart contract operations using identity data.
When it comes to the way we use identities in the real world, we realized the true value is not just with authentication and authorization, it’s the ongoing management of those identities as they interact with systems over time. Since the publication of this interactivity data into the blockchain has value to anyone writing smart contracts that interact with identities, we selected Chainlink’s time-tested and blockchain agnostic decentralized oracle infrastructure to make it available across a variety of blockchains. Additionally, the Chainlink ecosystem is well established and growing, meaning our solution can maximize its uptake and value through it. Chainlink is highly flexible oracle infrastructure that makes use of External Adapters, which allow any API to be connected to any blockchain. Once an External Adapter is created, a decentralized network of security reviewed and Sybil resistant node operators run by leading DevOps can relay this data across various connected blockchains in a highly available and tamper-proof manner. Chainlink’s decentralized oracle infrastructure already secures billions in value in DeFi, NFTs, gaming, insurance and more, making it the obvious oracle solution to bring our identity data on-chain.
Technical Details/Use Cases
As the capabilities of smart contracts grow alongside emerging technologies, so does the need to make dynamic decisions about external events. Let’s consider a couple of use cases for how our risk information may be utilised:
Use Case: Collecting large payments
Consuming decentralized oracle data involves the execution of smart contracts based on external data, such as the successful delivery of some particular shipment, and in-turn the release of some form of payment for the delivery. The accuracy of shipment data events is crucial to the execution of a smart contract, but the resultant payment for the service may also be of significant monetary value. The inclusion of Signata’s risk feed information can ensure that the payment of the services only occurs if the identity associated with the smart contract has not been detected as compromised, thus, ensuring the payment can be held and redirected to an alternative identity if needed.
Use Case: Transferring Rights
Authorization is the crux of the identity management world, but in order to authorize individuals the rights to access systems, those rights need to be delegated first to the individuals. Rights delegation is an important event within a system, as delegation of privileged access to a system can grant individuals access to sensitive information. By consuming Signata’s risk feed information, delegation events in smart contracts can be restricted for high-risk identities that attempt them. System owners can be certain that a potentially stolen or compromised identity is quickly detected and prevented from causing any damage within their system.
How it works
Risk itself is a difficult concept to measure, but for service providers and identity providers there are a number of factors that can be easily monitored to determine risk. These can be grouped into two major categories:
- Behavioural – as identities interact with systems, they usually establish a pattern of typical behaviour, such as using systems at particular times of the day, using systems from particular locations, and using systems to perform similar tasks each time. Any time a user suddenly changes location, accesses a system at an unusual time of the day, or starts trying to access new areas, it may trigger a behavioural shift in risk level for that identity.
- Technological – when we use technology, such as smartphones, tablets, and computers, we usually use the same machines over and over. Suddenly switching to an unknown device is an atypical event for most users, and can be a factor in determining a technological shift in risk level for that identity.
The factors discussed above are captured by identity providers naturally, often as a means to track session state for simplified logon. We often encounter it ourselves too with existing online services such as Single Sign-On with Google. So for our Chainlink integration this will still be the case — identity providers will monitor and manage the interactions with identities, but that data is then aggregated, calculated, and ultimately fed into the network for consumption on the blockchain itself.
Since Signata itself is designed to be a privacy-preserving solution, Signata’s dynamically generated identities users will still be able to control what information is actually passed to the identity providers, and the providers will only be able to track the randomly generated identifier information provided by the user, not their identity information itself.
“We’re excited to be part of the growing Chainlink Network, bringing our identity management solution to projects that need it to create strong security guarantees for high-value and/or sensitive on-chain operations. Chainlink not only provides a highly secure and proven decentralized architecture for bridging our data on-chain, but it can make our data accessible across many different blockchains, ultimately serving as a future proof oracle solution.” said Signata Technical Lead and Co-founder Tim Quinn.
Chainlink is the most widely used and secure way to power universally connected smart contracts. With Chainlink, developers can connect any blockchain with high-quality data sources from other blockchains as well as real-world data. Managed by a global, decentralized community of hundreds of thousands of people, Chainlink is introducing a fairer model for contracts. Its network currently secures billions of dollars in value for smart contracts across the decentralized finance (DeFi), insurance and gaming ecosystems, among others.
Chainlink is trusted by hundreds of organizations to deliver definitive truth via secure, reliable data feeds. To learn more, visit chain.link, subscribe to the Chainlink newsletter, and follow @chainlink on Twitter.
Congruent Labs is the company building Signata and the Identity Guard and Anonymity Framework. Signata is a privacy-focused and “full-stack” identity and access solution for the future, building private authentication solutions, delegated rights management, and integrating strong hardware key storage for the protection of everyone’s online lives. The Signata Crypto service is a zero-knowledge crypto wallet solution and will be the first service that integrates our Identity framework into the real world.