The Trouble With Software Estimation
Originally published 2011-01-21 The Trouble With Software Estimation In an effort to become more consistent with the way our company delivers estimates to clients and to each other, we decided to t...
Your browser is unable to display this site correctly. Please try an up-to-date version of Chrome or Firefox instead.
"Who are you?"
Most people get a perplexed look on their face while they come up with a one-word answer to that question. While there is obviously no one answer to the question, there are limitations set by external entities on what an individual can claim as their identity. For instance, Canada will finally include a third gender option in the 2021 census. On the internet, the story is even more bewildering: a person's username/password combination and IP address essentially determine who they are. This is the case even though their username/password combination and IP address might change when their self-definition does not.
This post aims to declare a decentralized and self-sovereign system as the optimal solution to declaring one's identity online. This is achieved by employing an identity-focused blockchain that stores non-correlated information pairs. The idea behind this is that when people online are asked "Who are you?", they can provide the right answer or credential, without any doubts or concerns.
The following is a hypothetical scenario from the healthcare industry that showcases the inconveniences of using a disconnected identity from a patient's perspective.
Waldo, a hypothetical male in his late 20's living in Chicago, wakes up one day with chest pain. This has never happened before, and this symptom does not disappear after a few days. Concerned, Waldo sets up an appointment with his family doctor to discuss this. At the clinic, the nurse collects his vitals and asks the same questions about his smoking, drinking, and general health habits that he has answered previously. During the appointment, the doctor recommends a few tests based on her initial diagnostics.
Waldo goes to the closest laboratory and asks for these tests. The lab administrator calls the physician's office to verify the request validity, and then administers the tests. Waldo is told that he will have the results in about a week, so he schedules a follow-up with his family doctor for the next week. However, when Waldo shows up for his appointment, he finds out that the results have not yet been shared with the doctor. It turns out that the lab has not yet uploaded the test results. Waldo reschedules the follow-up for the next week, at which time the test results are finally available on both the physician and the lab systems.
After Waldo's family doctor looks at the results, she recommends that he see a pulmonologist at the earliest opportunity. When Waldo schedules his visit with the pulmonologist, his data is visible right away because the doctors work at the same clinic. The pulmonologist writes Waldo a prescription, which he then takes to the nearest pharmacy. The pharmacy opens his account and gets in touch with the clinic to verify the prescription. This process takes anywhere from 5 to 60 minutes, depending on the clinic's availability. Every time the prescription runs out, the pharmacy must call the doctor's office to renew it. Waldo may be notified a few days before the prescription is scheduled to be refilled that the doctor has requested a follow-up appointment before renewing the prescription. If there is any miscommunication or if the doctor is not available, Waldo will not get the medicine on time.
Although this is a contrived example, the problems highlighted in it are faced by all patients. Moreover, these problems are the status quo in healthcare. As medical practices, information, and the industry at large inches closer to a digital future, the lack of a trustworthy medical identity and data ownership solution remains a major bottleneck to providing a seamless experience to its constituents. In the case of managing sensitive patient data, a centralized solution is vulnerable to trust and security issues. One possible solution to this is a decentralized identity solution such as a permissioned blockchain (on which information storage is dispersed and easily auditable). It provides an opportunity to share personal data while a) providing options to limit sharing only what is necessary, b) helping optimize healthcare processes by allowing healthcare teams to collaborate across organizational boundaries, c) promoting self-sovereignty by providing the owner control over who to share data with, and d) maintaining the inability of any one entity to modify all the information. Although we are using the healthcare industry as an example, the identity management blockchain solution is just as applicable to other industries such as (but not limited to) education, recruitment, government services, and peer-to-peer marketplaces.
In this post, we will:
On July 5, 1993, Peter Steiner published a cartoon in the New Yorker that would characterize anonymity on the internet. The picture showed a dog sitting on a chair in front of a computer, telling another dog who was sitting on the floor that "On the Internet, nobody knows you're a dog." Twenty-five years later, in an age when tracking cookies remind you to buy the new headphones and the corn peeler in your cart, this is still somewhat relevant.
The Chair of Sovrin Foundation described the five problems with today's internet identity in a post on the company's blog as follows:
In addition to the above, one of the hallmark questions that comes up with managing identity information today is:
It is unwise to expect any solution to the digital identity problem to come without tradeoffs. However, due the dynamic nature of blockchain technology and the pace of technological change, the list below will evolve as some of the limitations are mitigated and give rise to new ones.
Even if all these criteria are met, they are held back by the limitations of the device we access this solution on. In today's world, our cellphones are the device we access majority of our services on. As ubiquitous and capable as these devices are, users are limited by the battery life of these devices. For example, if a person decides to travel internationally with only a digital proof of identity, they will have to trade off between listening to downloaded music through the trip and using it as proof of citizenship to preserve battery life. Additionally, this will also raise the stakes of losing a device.
Another – probably more critical – limitation is the nascent stage of the blockchain platform today. Even though the use cases for the technology that have been described and proposed are both ambitious and plenty in number, the technology remains in its early stages and financially infeasible for large scale projects to be undertaken with.
Despite the challenges noted above, the concept of decentralizing digital identity management using blockchain has several major benefits, some of which have been mentioned above. However, before going into the benefits of such a solution, let's go through how such a solution would work.
Figure 1 - How an entity can claim a fact about their identity
For this solution to work, the following pieces need to be present:
Once a claim has been attested, it can be used on the appropriate forum to prove one's identity. Once a physician has attested that Waldo is a non-smoker, Waldo is able to prove this claim on his identity-focused wallet with any party that has a stake in knowing this information.
The benefits of an identity solution based on the above process are:
In the end, this solution benefits customers of companies a) with stringent KYC requirements or governance, b) in e-commerce or retail industries, and c) that offer content personalization.
At a presentation in which he detailed a digital citizenship pilot being conducted with the city of Zug in Switzerland, Paul Kohlhaas suggested a number of applications of decentralized identity management. These are listed below with examples based on the use case:
To close out the discussion of a decentralized identity management scenario using blockchain, we would like to provide examples of successful pilot projects across the globe.
Digital iD – Australia Post is using digital identification to complete KYC processes for Bitcoin Exchange users. This system will also allow users to claim their age when entering 18+ venues in certain states.
Zug ID – The city of Zug, Switzerland has worked with uPort, a Consensys affiliate project, to offer their citizens with a digital identity to provide government services such as conducting public surveys and tax form submission in a reliable and self-sufficient way.
Brazilian Ministry of Planning, Budget, and Management – This branch of the Brazilian government is working with uPort and Microsoft to develop a Proof-of-Concept for employing blockchain technology for the authentication of notarized documents.
e-Estonia – Estonia is the first country to use the blockchain technology to enhance its citizens' lives. It uses a proprietary blockchain (KSI Blockchain) and is currently testing the technology to maintain medical records and other government data (e-Police, e-Law, e-Land Registry, and e-Prescription, among others).
To conclude, let's reimagine the scenario we started this post with. Imagine instead: Waldo has a blockchain-enabled Medical Records wallet. Since he has already been to a doctor in the past, it contains the basic information about him (non-smoker, has an occasional alcoholic drink, etc.). He can modify that information at his discretion (for example, if he starts smoking or stops drinking). When he starts feeling pain in his chest one morning, he sends an alert to his family doctor, enables her to see his medical history, and sets up an appointment. When they meet, the visit is very focused on his chest pain as the nurse does not have to spend time collecting basic information all over again. The doctor recommends some tests which are recorded on the permissioned blockchain. Waldo shares this with the lab he will go to. When he completes the tests and the lab uploads the results, his doctor is notified via a smart contract and reviews the results. A follow-up visit is not needed, as the doctor is able to securely communicate a recommendation to see a pulmonologist. Waldo goes to a pulmonologist who is on the permissioned blockchain and has already reviewed the test results before Waldo goes to see him. During the visit, only incremental information is discussed, so the specialist is making an informed decision because he knows all the facts from the MR as well as fills in the gaps with information that was not in MR previously. The prescription is put on the blockchain-enabled MR, so that it can be shared with the pharmacy securely by Waldo. Waldo can also see how many refills are left on the prescription. When the refills are almost up, a smart contract can be triggered to allow the specialist to either refill Waldo's prescription or request a follow-up visit. In this case, the relevant parties can access the basic information that is required to complete the process, without hindering any of the parties from providing the care that is needed.
Blockchain: Chronological record of transactions
Jonah Group is a digital consultancy the designs and builds high-performance software applications for the enterprise. Our industry is constantly changing, so we help our clients keep pace by making them aware of the possibilities of digital technology as it relates to their business.