“The problem with federated and centralized identity models,” says Reza Soltani, one of the newest engineers to join the Equibit Group team minutes after we start talking about his role, “is that your data, your first name, your last name, your address, are not in your control. It’s a honeypot for hackers. Everything anyone would ever want to know about you. It’s right there.”
Soltani is passionate about identity management, that’s for sure. In the short time since joining Equibit Group he has become one of the company’s resident identity experts. His interests lie in this particular field, and though he won’t say it, he is one of about 50 people worldwide studying the relationship between blockchain and self sovereign identity models - or SSI - who possess a similar level of subject matter expertise.
We talk with Reza about his first 90 days with Equibit Group, the perils of current identity models and how, amazingly, he still finds time to unwind on the weekends.
What were you doing prior to working at Equibit Group?
I used to work for a company called 2keys, an identity management firm, which helps authenticate digital transactions for its customers. I was there for almost five years, focused on ID solutions for the company’s government and banking clients. This was a really critical service that 2keys provided. Without identity, you have no security, so making sure we deployed a secure authentication environment for our clients was a big part of my focus.
You’re working on a PhD, too, right?
Correct. I’m a student at York University in Toronto, doing research on ID security topics, identity management and blockchain. Identity management is a critical component of IT security and certainly a new but growing field of study. You have to be able to identify the individuals you interact with online otherwise there is no trust and no ability to transact or do many of the things we take for granted today. In my research, I’m looking at how SSI can evolve current authentication practices specifically on blockchains.
There’s a lot of overlap between this research and my professional life. Certain identity protocols can be set up on blockchain, using the SSI model in particular, that can provide next-level authentication and are far beyond what most sites - FaceBook, Amazon, and others - are using today. Most of these sites are using federated models to authenticate someone’s identity. As I mentioned, these models centralize a lot of personal user data, which is why they are such a popular target for hackers.
The way most sites are set up, users aren’t safe of secure. I believe SSI will change that.
What’s been the biggest challenge you’ve faced since joining the company?
"...it’s a chance to shape the software development culture and leverage our combined expertise to transform the equity and debt markets and put them on blockchain - to create something that is truly unique."
This is a start-up like so many of the companies and individuals operating in this space. We don’t have all the processes and procedures in place, which is both a challenge and a massive opportunity. I say opportunity because it’s a chance to shape the software development culture and leverage our combined expertise to transform the equity and debt markets and put them on blockchain - to create something that is truly unique.
This team is very focused on how to correctly modify bitcoin’s open source code, so that when the Equibit Core product is released, future iterations of the bitcoin platform are accounted for and that we’re positioned for long-term success.
Why is SSI so critical, in your opinion?
Centralized and federated identity models are flawed. They are being managed by others, not the user. SSI is different. It puts the user in complete control of their identity attributes. You take back the identity attributes held by banks and government, for example, and store them somewhere that’s controlled by you. A mobile or your browser, for example.
Because these attributes are digitally signed, you can then choose who to grant access to your identity keys, but you still control them. This is the authentication model Equibit Group is pursuing. Everything is decentralized, you choose with whom to share those identity attributes, and perhaps most critically, you can revoke those identity details at any time so that nothing about you is stored long-term.
How do you find time to sleep, doing both a PhD and working full-time?
Not easy, no, but I still manage to play hockey now and then and unwind with a couple podcasts.
Sign up for the most recent news and, join our Telegram community for daily communication with the team.