My mother just called me, wondering why a week doesn't go by that she doesn’t read about yet another Fortune 100 company announcing some Blockchain initiative. She asked me "What is this chain thing, and why are some people so enamored with it?"
What is a DLT?
While I didn't (and still don't) have a clear answer for the latter, for the former I started by first trying to explain (and highlight the merits) of a system that has these “DLT" characteristics:
1. DISTRIBUTED: Because it's decentralized, there is no single point of failure; also, because there are so many copies of the database "distributed" across the internet, it's almost impossible to compromise since doing so would require one to compromise every single instance.
2. LEDGER: A record of business transactions, or a decentralized database, where everyone can see these transactions and share if they so choose.
3. TECHNOLOGIES: It is built using the same state of the art cryptographic "technologies" and techniques that have been tried, true, and trusted over a decade (PKI or Public Key Infrastructure…but that’s another blog altogether).
Now that we more or less had covered the general gist of DLTs, I explained that Blockchain is just one type of a DLT.
How is Blockchain Used?
To drive home the point (and benefits) of the DLT, I told her about real-life Blockchain implementations where:
1. A manufacturer of jet engines parts can assure customers and partners the provenance of their components
2. A seller of perishable goods lets customers and partners track their items
3. A retailer enables customers and partners view their warehousing, inventory, and logistics
Does ForgeRock Use DLTs?
"Ok... now I get why Honeywell, Walmart, and Target are using BlockChain, but why should ForgeRock?”
Each time that question comes up (usually from a customer or partner) I explain how we can, for audit purposes, transparently and unequivocally persist a timestamp in a DLT each time a person, thing, or service accesses the system. For example, suppose you work at a bank and for regulatory purposes, the bank needs to log every time you access one of their systems. By "storing on chain," this can now be done automatically using ForgeRock, alleviating risk and ensuring compliance.
We are already doing this, using Intelligent Authentication, in a number of ways by leveraging different DLTs (Ethereum, Hyperledger Fabric, CryptoWallet, JavaChain, etc). In my next blog I'll dive into details on how we configured a couple of these Authentication Journeys in the ForgeRock Identity Platform.
If you have any questions about ForgeRock and DLTs, contact us here.