None Shall Pass: A blockchain-based federated identity management system
Authentication and authorization of a user's identity are generally done by the service providers or identity providers. However, these centralized systems limit the user's control of their own identity and are prone to massive data leaks due to their centralized nature. We propose a blockchain-based identity management system to authenticate and authorize users using attribute-based access control policies and privacy-preserving algorithms and finally returning the control of a user's identity to the user. Our proposed system would use a private blockchain, which would store the re-certification events and data access and authorization requests for users' identities in a secure, verifiable manner, thus ensuring the integrity of the data. This paper suggests a mechanism to digitize documents such as passports, driving licenses, electricity bills, etc., issued by any government authority or other authority in an immutable and secure manner. The data owners are responsible for authenticating and propagating the users' identities as and when needed using the OpenID Connect protocol to enable single sign-on. We use advanced cryptographic algorithms to provide pseudonyms to the users, thus ensuring their privacy. These algorithms also ensure the auditability of transactions as and when required. Our proposed system helps in mitigating some of the issues in the recent privacy debates. The project finds its applications in citizen transfers, inter-country service providence, banks, ownership transfer, etc. The generic framework can also be extended to a consortium of banks, hospitals, etc.