Let me start here by giving a quick background on a few concepts. There are three main things that happen when you log in to a system. They are:

1. Identification
2. Authentication
3. Authorization

Identification
Let's start with identification. Identification is you stating who you are. This is a non-secure concept and anyone can make a claim. You can walk into a bar and claim to be someone else just like you can go to a website and try to sign on with whatever username you want. The identification aspect is what happens when you state who you are. Online, this is when you type in your username to a logon.

Authentication
Authentication is where you confirm that you are who you are claiming in the identification stage. This is typically done with a password in a login form. The system takes a method of identification (in this example, something you know) and compares it to who you are claiming. This act allows the system to verify that you are who you are claiming.

Authorization
Once the system knows that you are who you say you are, it will determine what you have access to. For example, when you log in to Steemit, you don't get admin rights (unless you're the admin, duh). You are authorized to go to your profile and have the general privileges to post, comment, vote, etc...

Now, knowing these concepts, how can we apply it to the blockchain? The blockchain is a common immutable ledger. In a general sense, it's a database. One of the things that occurs with a blockchain is that the witnesses or miners are the ones who post to the blockchain and not the people authenticated and authorized to actually make the transaction that gets posted on the ledger. So this leads to the issue of making sure that authentication is verified by the people actually posting to the blockchain.

Since the blockchain is an immutable record, can't we just post and store authentication information on the blockchain? Well, the short answer is YES. The actual answer is not really. Since most blockchains build trust by being open to the public, how do we make sure that authentication information is kept private? If you say hashes or encryption I will just silently shake my head at you. Posting any info of this type is basically the same as posting the credentials in plaintext and will open the door to a TON of attacks and compromised accounts.

Currently, we rely on centralization to handle all of the authentication. However, doing this basically limits the impact and effectiveness of having a blockchain. Granted, it's a step in the right direction, but overall this doesn't completely solve the issue we see with a lot of benefits about blockchain that could limit its growth potential.

Going back to the original days of just a bitcoin wallet, we didn't need to worry about authorization. The blockchain would just post transactions made from one wallet to another. Many exchanges themselves kept authorization systems separately, but you didn't need one if you just held a wallet on your computer. This leads to a huge concern that we've been working on with blockchain. Anyone with access to your computer would be able to send an irreversible amount to any wallet and that transaction would get posted to the blockchain.

Moving forward, can we find a solution to keep track of authentication on a blockchain? Well, of course in theory it's yes. It'd be nice if we could just magically make it happen, but let's think about some options. One of the first things that pops in to my mind which is not yet possible is having a separate private blockchain integrated with the public transaction blockchain. With current methods, we can't send transactions between blockchains yet. I see this being possible in the future, but right now, we have to stick with the same blockchain.

Also on the horizon, we might be able to fabricate some new type of authorization system. Right now in the online world, we're mainly stuck with the default username and password combinations since knowledge is one of the main ways to determine if you are really who you say you are. With increased systems of authentication you also need increased systems of reset. For example, going back to the original bitcoin wallet concept, if you lost your private key and wallet file, your wallet and bitcoin are lost forever. So how can we include a system where we limit this impact and risk?

This is only the first part and I believe there's a lot of information to put out. If you have feedback, questions or comments please let me know and I'll try to include it in my second part. Identification, authentication and authorization are huge concepts in the security community and there's always ways to bypass any control. These concepts are continuously evolving and improving so we will definitely have a lot more to explore with blockchain technology in the cyber space.

Stay tuned for Part II!