Today I get an invitation to an online conversation. I think the supplements which I take daily made a boom in my mind, and suddenly I got a vision.
Currently, we are using JWT in several sites for authentication. The problem with these authentications they only belong to one website, and not usable as self-sovereign identity. We need to define a next-generation identity management system. I continuously searching sites, so I can tell I’m well informed, but I didn’t see any similar concept before my vision.
So let’s start brainstorming!
I expect JWT’s will evolve to something similar to public-key cryptography. Tokens will have a private-key part, which used for authentication, and a public-token, which can be used as proof of identity.
We need to create a service that issues the token refresh in the background. Tokens, in most of the cases, need an update every day. But for good user experience, it must be handled in the background, without any user interaction.
For PKI, we must use PQC (Post Quantum Cryptography), which is a straight forward method if we want to create a future proof service.
We can record all public identities which can be validated at the service providers in a Blockchain. With this service, we can show the quality of our identity. As many identities we currently able to provide, we show how much percentage we can be sure about the validity of the identity.
What do you think about this concept?
I’m waiting for the tech giants to accomplish this mission. Now I have another MTP to accomplish!