LAS VEGAS – VMWorld 2018 – One of the more interesting applications of blockchain is identity management, delivered by distributed systems in the cloud. This was a topic of discussion here this week at VMworld, as a number of projects and startups emerge in the space.
Why blockchain? Blockchain is a trustless system. The term “trustless” can be confusing, because it actually means the opposite. A trustless system means that a distributed system based on consensus could deliver trust without requiring a single third party. For example, a blockchain system uses concepts such as “proof of work” and “Proof of stake” to verify and encrypt transactions in an immutable form, without requiring laywers or bankers. For identity applications, this type of approach could be very useful for authenticating identity in the cloud or on a network.
VMware CEO Pat Gelsinger pointed this out in a Q&A session with analysts here. Blockchains are distributed ledgers that can authenticate identity with a new form of public-private key encryption, he pointed out.
“The core idea of a distributed ledger is very powerful,” he said. “It’s distributed technology which is good for us.”
Blockchain: The Internet Times the Internet?
Even Michael Dell, Founder and DEO of Dell Technologies, which owns VMware, chimed in. “We think the blockchain or something like the blockchain will have [a place ] on many systems,” Dell told a group of industry analyts. “We’re not betting the company on blockchain. If the hype is correct it’s the Internet times the Internet.”
That doesn’t mean Gelsinger or Dell find blockchain and cryptocurrencies a slam dunk. Gelsinger says he finds the use of energy in cryptocurrency mining “unconscionable.” VMware has introduced Project Concord, an open-source blockchain system which he believes is a more efficient way to run a distributed ledger and is more energy efficient by “an order of magnitude.”
Project Concord is described by VMware as a decentralized trust infrastructure. The technical details of the approach are complex. For example, VMware describes Concord as “a generic state machine replication library that can handle malicious (Byzantine) replicas.”
Okay. For the purposes of this blog, let’s just say it’s a distributed ledger, or blockchain-based system, that has introduced its own protocol for speeding up transactions and connections on the network. VMware believes that Project Concord is streamlining communication between nodes, enabling greater scalability while increasing the network throughput. It’s also designed to deliver distributed trust. And in the future, it plans to add an Ethereum Virtual Machine (EVM) that can be used to develop smart contracts.
Another startup project on display here was Cognida, operated by a company known as Windmill Enterprise. Cognida uses a blockchain approach to establish identities, permissions and security policies. This distributed “trustless” system can be used to identity whenever digital assets connect to a network.
Think of Cognida as a identity cloud secured by public-private key encryption, such as that used with cryptocurrencies to secure wallets. CEO Michael Hathaway says Cognida can use a blockchain-based identity system to sign and secure your digital assets and data distributed over cloud services. For example, if you had applications running on a cloud service, you could control your own data by authenticating using Cognida’s blockchain-style public and private key encryption. If you coupled this type of secure authentication with the biometrics of a smart phone, you have a very secure way of controlling access to data and applications in the cloud. This moves the game well beyond passwords.
Eliminating Central Authentication
The most promising applications of blockchain-style systems are cases in which a business or a system would become more efficient eliminating the need for centrally administered third-party verification. In the financial world, the obvious example is payment systems, where cryptocurrency systems are essentially set up to eliminate the need for banks or merchant systems.
In other industries, there is a similar need. For example, I recently spoke to Israel-based Clear Blockchain Technologies, which wants to use blockchain and smart contracts to automate the settlement of inter-carrier contracts. This is another case in which blockchain can be used to manage identity and settlement.
“With blockchain on a network, you get the guaranteed payment, people acting the way they said,” Clear Founder Gal Hochberg told me. “You keep the control and privacy. You get all the benefits of the in house solution. without having a third party. We think that’s the best of most worlds.”
Of course, it’s just the tip of the iceberg. There are blockchain companies everywhere, and many of them are focused on identity. There are even identity systems to stop Internet trolls. One startup, Iceland-based Authenteq, has launched Trollteq, an identity management solution based on blockchain. The goal? Stop online trolling. The idea is that a content or community could use Authenteq to track trolls and vote them out of the community.
It’s clear that the distributed ledger approach of blockchain, and its capability to delivery trust and encrypted authentication, could have a huge impact on identity management and authentication. Given the success of players in the Identity-as-as Service (IDaaS) market, has produced fast-growing cloud-based security management companies such as Okta and Centrify, there is a large market for creating better identity management systems that can work in the cloud. Added a distributed blockchain to the mix could take it to the next level.