51% Attack for Cryptocurrencies
Cryptocurrencies using proof-of-work for the creation of consensus are vulnerable to the double-spending attack (51% attack), because an entity with more than 50% of the computing power can produce more work (longer blockchains) than anyone else and thus propagate its version of the transaction order.
The 51% attack does not enable the forgery of transaction since they are all signed, thus Alice can not forge a transaction which transfers cryptocurrency from Bob to Alice. Alice can only change the order of Bob created a transaction himself.
51% Attack in the Context of Identity and Access Management
Consider a proof-of-work based system similar to Bitcoin or Ethereum. It is used for an identity and access management system, thus an example transaction would be "Administrator Alice gives user Bob the authorization to access system X until time T" or "Administrator Alice gives the user Chris administrative privileges".
What potential vulnerabilities would be introduced by the 51% attack in this context?
The transaction order does not seem to be important. All I can think of, is that revocation could be maliciously overridden by putting it before the provisioning of the account, thus the provisioning becoming the last and therefore valid state. But this could be solved easily by having the revocation reference the provisioning transaction and enforcing a "hard-coded" reference order in the protocol, i.e. no matter the proof-of-work order, if a revocation references a provisioning, the revocation is always the decisive factor.
Am I missing something?
