Corda logo
Corda

Banking fintech consortium R3 has partnered with Evernym, a blockchain identity solution running on the Sovrin distributed ledger platform.

This opens Sovrin's blockchain-based identity technology to R3's 100-plus banks, who are all keen to avoid anything like the Equifax data breach happening to them.

This collaboration is also interesting because Sovrin, a non-profit foundation, was recently brought under the Hyperledger umbrella as "Hyperledger Indy". Enterprise blockchain watchers may have detected competition between Hyperledger's Fabric and R3 Corda – so this deal ushers in a new collaborative direction for the respective tribes.

R3 has been exploring a number of identity solutions which can plug into its Corda infrastructure. Hyperledger, meanwhile, encouraged the Sovrin Foundation to contribute its source code to Indy because identity is a horizontal capability required for all the other Hyperledger projects.

James Monaghan, VP, Product, Evernym, said: "The Indy maintainers are collaborating with the Fabric guys and an number of others to actually spin out some of the core crypto from Indy into a shared library for Hyperledger, so they can bake some of those privacy capabilities into the other projects."

The aim of Evernym and Sovrin is decentralised, self-sovereign digital identity, which allows any individual, institution or connected device to have one or more identities that are completely under their own control and hosted on this piece of shared infrastructure.

Sovrin is working on a system of standards called "verifiable claims" along with the likes of the W3C, and industry wide consortium the Decentralized Identity Foundation (DIF), of which R3 is also a member. The standards are all about how to move verifiable digital information around and obtain digitally signed copies of key identity information, and selectively share the key attributes from those credentials, such as when opening a new bank account.

Monaghan said: "R3's members have been looking at the vast investments that they have had to make in building out identity infrastructure for KYC, AML, online banking and so forth.

"They are thinking that rather than building these artificial silos, instead there could be a natural hub that exists with the customer that allows them to bring with them verifiable credentials.

"What we did in this project was prove quite a small and simple piece of that, but in many ways it's the most profound piece - this idea of interoperability.

"So you can have two distributed ledger platforms – Corda, which is built for trusted interactions between participating financial institutions, and Sovrin, a decentralised identity platform – and actually make it possible for data that's anchored in Sovrin to move via the customer and still be depended on in Corda transactions."

There are some far-reaching regulatory imperatives for a more elegant way of handling identity; within the banking world we have PSD2 and open baking, and more broadly, GDPR is about to land.

Monaghan said: "With GDPR firms need to be extra careful they have permission, that there is auditable consent for all the data they have.

"The great thing about a self-sovereign identity model is that you are getting the data directly from the individual, so you are collecting that consent at the same time. If I walk into the branch and hand you my passport, you have my consent to view that information; I'm giving it to you. This is the digital equivalent of that, so you can make very sure that you are doing everything you need to be compliant in the GDPR sense."

The digital identity space has become rather busy, especially since the advent of blockchains. Sovrin's website warns of "blockchain" identity solutions that aren't all that.

"There definitely are examples where people have taken a pretty conventional approach to identity and literally stuck a blockchain on it," said Monaghan.

"We see examples where someone will do some sort of verification; maybe it's a whole KYC process, maybe it's just verified your passport, and they will just stick a hash of that on a public network like Bitcoin or Ethereum - and say, look it's immutable.

"Well immutable is actually not so great a thing today; what you've created is a permanent point of correlation for that person forever. So if any of the places you have ever relied on that information were ever to become compromised – and it's a question of when, not if - then you've got this giant super cookie that's out there forever essentially.

"We strongly advocate against those sort of simplistic approaches and we also don't particularly approve of things where, okay there's a blockchain in the background, but actually there's a single vendor that provides the gateway for that," he said.

ATB Financial and OP Financial Group, along with two other R3 members successfully tested the interoperability of Corda and the Sovrin Network. The demo code can be requested for review purposes through the R3 Partner Team.

Abbas Ali, Identity Solutions, R3, said: "Digital identity is one of the top use-cases being developed by our members because identity is the foundation of any application.

"We strongly believe in the concept of self-sovereign identity and like the work that the Evernym team has done towards it as opposed to other solutions which claim to be self-sovereign in name but rely on centralised services. We look forward to working closely with the Sovrin foundation on the next phase of our project."