Identity at Stake - What is this really?


#1

One of the big selling points for me on this network, validators staking their identities. This really got me thinking and excited. A novel construct and when I first read about it in Polkadot - I was totally jazzed about what one could potentially do with this in terms of finality and performance (basically a permissioned but still fully public Blockchain - whoa).

But then there’s a question about what exactly does it mean to stake one’s identity? Does this mean we have our Name, an email, some government attestation (e.g.: a notary commission number), bio perhaps, and a mailing address that we can be (maybe) reached at?

I’d like to focus on the address. I was, might be wrong, that our address needed to be completely under our control. i.e. Our home address. Sure, you could say that one’s state does not require this - but I’m more wondering what do token holders expect? What does the “network” expect? What is meant by “address”- what’s the spirit of the ‘law’ if you will; whereby ‘law’ is what the entire network feels in necessary.

Granted, I understand that we need to be aware of potentially nomadic validators in the future - without a physical address. I know many friends that live out of their backpack - going from one programming gig to another.

This is a complex topic - one that I’d like to unpack and put to rest. What does the ‘network’ understand is meant by the idea of “address” and I realize that we probably are not hitting the entire network via this channel - nonetheless, I think we need to start to analyze this.


Nathalie Salami - CA Lawyer, Notary Wannabe
#2

This is an excellent topic Jeff! I have some more questions for the network below:

The value genuinely depends on the public and what they deem as the most high security for their value exchanges (totally talking about POA Network here though haha). Some similar questions one may ask to dissect this question into concrete definable terms is: “What do you value in your bank, financial exchange, or banker? What bank do you trust most, and why? What bank, or financial exchange have you stayed with the longest and why? What defines trust to you? What defines security to you?”.

This is a great topic, and knowing what is the most valuable to the POA Network’s public will only help the POA Team serve them better.


#3

For me a Validator’s address MUST satisfy the following requirements:

  1. It is a physical address in the real world.

  2. The address must be a deliverable mailing address and adhere to Country of address mailing address specification.
    For US see: ( https://pe.usps.com/text/pub28/28c2_001.htm#ep526238 )

  3. The address (1) is a container for one’s physical being and there should be a reasonable likelihood that accessing that address will result in the physical person associated with that address being there and further, from the Network’s perspective, willing and able to interact in a meaningful way.
    From a programmer’s perspective, your address is a reference to your physical being, when accessing a reference it should result in the object itself, here a person, not nothing or null …
    From a Blockchain perspective when you access your Core payout address, what is one’s expectation? Should the POA be there always or is sometimes good enough? … since Validators are humans, the address accessibility SLA is denigrated down to “reasonable likelihood”.


#4

Consensus model with Identity at Stake is described in the article below:


#5

So I’m hearing that a PO Box would be acceptable. As one has personal (and exclusive) control over this.

As for a “corporate” address - I understand that some companies offer as a HR benefit educational reimbursement (skills upgrade reimbursement - whatever you would like to call it)… Or they would like for you to perform as your daily duties notary services. As such, the address on record for many states would be the corporation’s as they are ‘sponsoring’ (even though the commission is still held by the actual individual).

Sure there are some attack surfaces with this route. I’ve worked in large companies, government, and now academia. In many of these places, there is internal handling of the mail - all packages and most letters are automatically opened before being dispatched.

I’m actually ok with the loss of personal control in these cases for POA Network. The validator has their notary commission via the company that represents their ‘day’ job - but does not have exclusive control over their mail. Sure, there are trade offs… for example:

We cannot send a thumb-drive with super duper secrets because there is the real potential of this object being seen by others (in addition to the intended user.) Unless everyone’s PGP keys are up to date and on multiple key servers…

With that said, I wouldn’t be ok with a shell company (the actual structure is unimportant to me) created by a validator to act as a front.

Eg: Sally Fields creates a company called Sally Fields and the mail is routed through this company. The difference between this and the other case of a ‘big’ company is one of transparency for me.

If Sally Fields works at BigCo Inc and BigCo Inc pays for her notary commission and is therefore the address on record - that’s just being pragmatic. The other seems like a slippery slope.


#6

Wouldn’t there be a potential conflict of interest with the company sponsored Notary License? Especially if the company name is listed on one’s notary commission record. While not described by the law there might be an internal agreement between the employee and employer about the use of Notary License sponsored by the company especially during the business hours.


#7

This is something that does happen, I don’t think there’s a problem/conflict of interest as the individual holds the commission (and not the company). I’m actually not concerned about the issue you brought up, because the commission ultimately rests with the individual.

I’m just wanting us all to be in agreement with definitions.

Also, I want us to all understand that we need to be consistent, clear, and transparent


#8

A Notary is a state licensed and bonded Individual, like a CPA or an MD, and as such holds personal responsibility for the decisions and actions. While such professionals may be employed by various entities or may themselves own or control such, the identification and duties remain with the individual.

With a Notary “sponsored” by the employer, they may pay for the related costs but do not control the stamp or the book.


#9

You are absolutely right. However the law doesn’t prohibit an agreement made by the employer with the employee related to the use of notary license during the business hours. (which happens often in case of the company sponsored license) If such an agreement exists, a notary must follow any agreement made with their employer while at work (i.e. use or representation of other interested parties, etc.). That is something that could have been withheld by the notary and might be a problem in the future. Also a company might be liable for any losses or misrepresentation related to their employee use of the notary license during the business hours.

Sources:
One
Two


#10

What about the example of “Sally Fields” incorporating herself to limit personal liabilities.

Is this person still staking their identity? Is this route acceptable? I’m of the opinion that this would not be in keeping with the intent of the network’s goals.


#11

I don’t think that a PO Box is an acceptable address for our network, it should be either the business or residential address of the Validator.

I don’t believe “corporations” are permissible as Validators as they are not unique and non-fungible.

From: ( https://medium.com/poa-network/proof-of-authority-consensus-model-with-identity-at-stake-d5bd15463256 )

Just like in PoS, in PoA consensus, identity as a form of stake is also scarce. But unlike PoS, there’s only one identity per person. Unless we dive into criminal affairs or psychological complications, the majority of people only have one true identity.

Staking identity means voluntarily disclosing who you are in exchange for the right to validate the blocks.

My opinion is that If one is not wiling to voluntarily disclose “who you are” including a business or residential address, one should not be a Validator.


#12

Should this all be formalized? That each validator signs a binding agreement (the form - I do not know, that’s a lawyer question potentially) as to their relationship with the network. So that each validator’s liability is identical? ( I like consistency. )

I just don’t want a situation in which there is one set of validators are personally exposed (liability-wise) whilst another set are behind a corporate identity*.

*Again - I understand that a company can sponsor one’s commission and yet be personally responsible. I’m more concerned about the potential of shells. Not the case that BigCo inc. paid for your commission and therefore is on record - because if you leave BigCo Inc. you will take your commission with you…


#13

With the network growth and success there will be interested third parties that will try to find the ways to mess with it. Potential conflicts of interests due to the use of the notary license during the official business hours of the interested corporate institution rise a red flag to me. Having a third corporate name associated with the notary license (even though the person holds the license) used by a validator might spark a legal concern. If that doesn’t bother you and others, well, perhaps I am too paranoid.

Talking about the second part. Have you considered the privacy and security of the individual and their family? What value does sharing too much personal info have and at what risk costs? Can you guarantee the exposure of that info wouldn’t be misused and abused by the criminal minds?


#14

I’m ok with the person having their license via their job - provided they have not created a corporate shell for the sole goal of personal liability protections - unless we all do this (which I do not believe we can - as that would be in violation of what has been promised to token holders).

As for the PO Box - I don’t know how I feel about this…

If we are staking our identity, what exactly does this mean? I realize that we are going to have more dapps coming online shortly - but right now we (the Core validators) only know one another via the one thread. The whole staking identity is meant to have multiple control points exposed (name, email, commission number, address).

Right now - I think the high value ID pieces are commission number -> address -> email/name

That’s really it. So address is rather high priority (at the moment). With that said, I understand the security aspect. But then we are only using the one ‘high value’ ID piece - our commission number. Is this enough?

My concerns: Consistency - everyone should be doing the same thing, and in the clear.

I would like all Core Validators to state publicly if they are using their personal or non-personal addresses (biz/PO Box). That might be something that would assuage my larger concerns of potential obscuring of information (whether intentional or not.) I don’t want there to be two groups of validators.


#15

Hi, to chime in with regards to the address piece, personal service is sometimes legally required. PO boxes do not often provide this, so physical addresses are necessary. That being said, if one’s commission number is known, this information is most often required by and available through the notary commission.


#16

Speaking as someone who lives in a rural area where we do not have a postman who delivers mail to the door, we are sensitive to when someone asks for the “mailing” address. We are required to have a PO Box if we want to receive mail. We frequently have a tough time receiving key pieces of mail because some businesses will not allow a PO Box in the address, but it is key to receiving mail. However, jlegassic provided a very handy definition from the USPS that states the physical PLUS the Zip+4 is a full address; this then satisfies the PO Box quandary, thus guaranteeing delivery. I personally believe the physical address lends credence to credibility but then again our state requires utility proof of the physical address. Where does proof stop?


#17

Hello @suzon, completely agree on the value add (as it pertains to stake holders in POA Network) of a physical address wrt to identity staking. And you are on point with regard to the pragmatic issues as well… it is a complex issue.

I believe that as long as the information provided by validators is provided in good faith and guided by the goal of radical transparency/sunshine, then the PO Box Vs. Physical address may be less of a concern (at least for me). But… all information needs to be well communicated and clear.

As for ‘where does it stop?’ - great question. I should preface - I realize that one ought to always take into account: security, practicality, and actual need.

At the moment, identity comes through multiple “proofs”. There’s the whole license (for government attestation) and also becoming known to the community. What does becoming known to the community mean? I feel that it is up the the current validators to get to know the person, and for me this means researching the individual - asking questions.

In some cases, determining phone numbers (not using those given but those found elsewhere) and then having a genuine and friendly conversation. Unsurprisingly many people in the Blockchain space love to talk to others that share in this passion - so these are not meant to be intrusive but educational for both parties.

Also reaching out and visiting people - coffee/lunch/dinner/etc. I know that a number of validators have been able to be seen by trusted members and share in a meal or drink. This is, for me at least, probably the gold standard and makes me recall the days of physically forming a “web of trust”… And probably not at all scalable (in all honestly). So perhaps a logical move would be towards having conversations using video…

A moving target to be sure…


#18

I second the point on consistency and transparency. Regardless of the minutiae of types of address, these points are key.

I have to agree that the majority of people I encounter in the blockchain space are very open, friendly, smart and engaging. I learn best through communicating and speaking with others open to jump on a call with anyone to discuss blockchain. Always something new to learn. Hoping to be a validator and open to join in/plan any community events or meet-ups future. It would only make sense that validators build trust in their fellow validators.


#19

It’s not recommended to meet validators in person. Especially to meet 51% of validators together :sweat_smile:


#20

Good to know. In that case, just kidding :slight_smile: