November 27, 2020

SLIX: A Decentralized Identification and Authorization Protocol

As the world is continuously moving towards full digitization in virtually all aspects of life, the concept of digital identity arises as the necessary means to support such a shift. While the digital economy brings huge opportunities to masses, the real divide and economic disadvantage occur for those who have no digital trail.According to a study conducted by McKinsey, nearly 3.4 billion people worldwide have limited ability to use their identification digitally with almost one billion people lacking any form of legally recognized ID.These figures only apply to people. As one can imagine, the numbers skyrocket for the digital identity in the field of IoT in which ensuring secure digital identities for IoT devices is a crucial step in risk management.However, looking at the bright side, the digital ID technology is now ready and more affordable than ever, making it possible for a shift to digital approaches.

What is a good digital identity system?

According to the research done by Omidyar Network, to design a good digital identity system, both technical design and system governance play key roles. In recent years, experience shows that technical design can be more effective than the legal framework of a certain country or region thus to achieve a wide-scale mass adoption of digital identity several key aspects must be considered:

Image for post


1. User must be in full control — a user has full understanding and control of his/her data.

2. Limited data collection and use — identity providers must not collect more data than it’s needed for the specific purpose.

3. Privacy by design — privacy protections should be embedded within the technical architecture to prevent harm rather than relying just on legal actions.

4. High security — system design must have minimal vulnerability.

5. Openness — the architecture of identity systems must be open, allowing for vendor- and technology-neutrality as well as interoperability across systems and geographies.

SLIX

SLIX is a privacy-preserving peer-to-peer identification and authorization protocol in which the user is truly at the centre of all communication between service providers and identity issuers. The open-sourced protocol was initially created by NATIX to manage device interactions in a multiparty IoT (camera) network. However, as described in this article, SLIX can be applied to many other use cases in which security and full transparency matter.

Similar to other identity and authorization systems, SLIX considers the following 3 actors:

Users: they receive identity in the system to can carry out transactions;

Identity (Information) Issuers: they store user attributes and confirm transactions that the user engages to;

Service Providers: they serve users after identity providers vouch for them.


Image for post

The 3 actors in the SLIX protocol can be represented in various constellations (see image above): for example, an insurance company requesting a patient’s health data from a healthcare provider or an industrial facility verifying employee credentials of its providers and suppliers.

Now let us talk about what distinguishes SLIX from other available solutions? In SLIX protocol, the direct interaction between service providers and identity issuers is eliminated. The user is truly at the centre of all communications along the authentication process. The following architecture results in user privacy and full control without diminishing functionality.

Image for post



To bring SLIX into a real-world example, consider a scenario of Facility Access Control (see image above) in which an employee of Company A shows up to the entrance gate of Company B and has to identify himself/herself to be able to enter the premises and perform the business activities (e.g. servicing of a ventilation system failure). In this example, the verification process will be conducted with the following steps:

Step 1: The entrance system of company B asks the employee for one (or multiple) specific proofs that he works for Company A and that he/she is allowed to enter.

Step 2: The employee provides answers to the questions and forwards them to one or more entities that can approve his identity, e.g. HR department and Business Unit of Company A.

Step 3: The HR department of Company A confirms the information, digitally signs it and send it back to the employee.

Step 4: The employee confirms the responses by signing them and sends them back to the entrance system.

As illustrated by these steps, in SLIX protocol, the user is truly at the centre of all communication between service providers (e.g. business facility entrance system) and identity issuers (e.g. HR department).

Notice that in Step 4, if the employee is not happy with the response he/she got from the HR department, he has the chance to contact them again and fix it before Company B sees the results. You see the importance of this feature when you have to prove to your new employee that you do not have a criminal record but the police system, mistakenly says so. In this case, you would like to have the chance to stop the process, call the police department and fix the issue before your future employee sees the wrong results.

Why SLIX?

User privacy and control are embedded within the technical architecture of SLIX without diminishing the functionality. As a result, the protocol has the following advantages:

1. The user has full power — the user can permit or deny the use of his/her information at all stages of the identification process.

2. Higher data integrity — the service provider receives attributes verified not only by the identity issuer but also by the user.

3. Security & full transparency — the user and the identity issuer know which attributes have been shared and with whom, therefore making the system highly auditable.

4. Transfer of User’s representation — in SLIX, the user can set up caching and predefined rules so that another node can act on behalf of the user for a predefined scope and time. This makes the solution highly scalable.

5. Enabling automation of processes — possibility for policy management to automate the identification process for a given set of service providers, identity issuers, and attributes.

Exemplary use cases

Data monetization platforms

Data monetization platforms can use SLIX protocol to monetize users’ data while preserving their privacy. By placing the user (data owner) at the centre of all communication between data holders and data consumers, the protocol enables the data owner to regain full control over his/her data and stop the sharing process at any time desired. Additional benefits brought by SLIX are higher system integrity, transparency, and audibility.

Image for post
Data Monetization Platforms

B2B ride-sharing delivery services

B2B ride-sharing delivery services are emerging in crowded cities. A car, aided by route optimization algorithms, is cruising through the city and delivering goods picked up from various suppliers to different businesses and/or consumers. SLIX can help such services with the verification of the right end-user for the package to conclude a successful delivery while requiring minimum to none fixed IT infrastructure.

Image for post
B2B ride-sharing delivery services

Facility access control

SLIX enables complex B2B ecosystems to securely connect and verify employee credentials. With SLIX, highly visited construction sites or production facilities can easily verify their own staff or the employees of their providers and suppliers for facility access control. With reduced administrative costs and increased security of their facilities, businesses have more time to focus on their core activities.



Image for post
Facility Access Control

How do we use SLIX at NATIX?

Multiparty IoT (camera) network

If you’re new to NATIX, start with the article that covers what we do and why our technology is so crucial.

NATIX is creating the next generation computer vision platform in which cameras and edge devices can collaborate in the form of data, application and computation power exchange. This results in better utilization of the entire camera and edge network to deliver better detection, prediction and planning.

However, achieving such a level of collaboration is more complex than one might think. In the scenario of the city, the cameras and edge devices do not belong to the same entity. Some are owned by the police, some by the traffic department, and some are owned privately by businesses and citizens. An example of such multiparty owned (camera) infrastructure is the Project Green Light Detroit. Such a multiparty network introduces complexity and challenges for infrastructure and data sharing.

Image for post
Multiparty IoT (camera) network

To build a collaborative environment for such a network, there are few aspects to consider. To begin with, the owners of these devices have a limited overview of what is happening in the field. Therefore ensuring control and safety to the device owner is of high importance. This is why owners create networks to be working in a streaked and isolated way. Secondly, the owners will not accept indefinite and limitless access for resource sharing, mainly due to the sensitivity of the infrastructure and/or privacy concerns. The third aspect to consider is the audibility. If a device fails to do the job or in case something goes wrong, the IoT devices cannot be held accountable.

The challenges raised above require an adequate identification and authorization protocol which governs the interactions amongst the devices. With SLIX, given that both the owner and the IoT device commit to every transaction that the device takes part in, the access management (controlling) and accountability issues are resolved. This is the crucial step needed to break the silos and enable more striking infrastructure sharing.

Therefore, NATIX is using SLIX as the fundamental identification and authorization protocol for its Edge Vision Solution. With NATIX, different entities can cross-share the Edge and camera infrastructure for event recognition without requiring to providing direct access to the device.

At NATIX, we promote the use of such a protocol that focuses on the technical side rather than relying on the legal reinforcement. As discussed above, SLIX protocol is open-source and can be applied to various use cases beyond the multiparty camera network.

Interested in applying SLIX protocol to your business? Drop us an email at slix@natix.io and our team will get back to you in no time.

DISCLAIMER: This post only reflects the author’s personal opinion, not any other organization’s. This is not official advice. The author is not responsible for any decisions that readers choose to make.