01/13/2021 | News release | Distributed by Public on 01/13/2021 15:19
Decentralized identity, often used interchangeably with 'self-sovereign identity' (SSI), is gaining ground as an alternative to today's centralized and federated infrastructures. In short, it allows individuals to manage their own identities. In a decentralized framework, the user receives credentials from a number of issuers (e.g., government, education, employer) and stores them in a digital wallet. The user presents those credentials to the relevant issuing authority, who then verifies their identity through a blockchain-based ledger that does not store the user's data. That's what decentralized identity is, so why do we need it?
For many, today's personal identity model (how businesses create identities based on the information they gather from their users) doesn't always work in their favour. Organizations need to collect sensitive and personal data from their users to authenticate their identities-but as long as companies continue to experience data breaches or mishandle information, this is not a model that represents their users' best interests.
Most of us have a fragmented identity experience online, authenticating separately with a sprawl of service providers; but some are openly disenfranchised. Around 1 billion people worldwide are unable to claim physical or digital ownership of their identity, leaving them unable to actively participate in public services and society's most basic technical advances.
While still in its nascent stages, the decentralized approach to identity promises to give users much more independence, enhance privacy, and inspire digital transformation across organizations. In this post, we'll explore how decentralized identity works in detail, who benefits from it, and where things stand with its development.
As an emerging field within identity and access management (IAM), decentralized identity has its own set of particular terms that help define the roles and interactions within this model.
Like with any IAM structure, these components come together to securely facilitate access to critical information while helping to verify a user's identity.
More often than not, documented proof of existence is a prerequisite for people to engage in financial, political, social, and cultural activities. In fact, proof of identity determines our ability to exercise citizen's rights and access essential services, including education, healthcare, banking, housing, and state support. Meanwhile, displacement, poverty, bureaucracy, and lack of education are all factors that get in the way of people obtaining state-issued identity documents that act as a bedrock for access.
Decentralized identity systems make it significantly easier for users to access this information. By using online, blockchain-based cryptography systems to establish digital wallets, anyone can access this sort of digital identity. Effectively, the only material requirements are an internet connection and use of a smart device-both of which are rising in emerging economies as we continue to bridge the digital divide. As a result, decentralization projects are a promising philanthropic means of providing widespread digital identities and access to services.
User autonomy is another area where decentralized identity promotes democratization. When registering for new online services, users traditionally have to provide an array of personal data, which organizations may process, share, or sell to third parties. In a decentralized system, users instead receive decentralized identifiers (DIDs) to verify their identities with each service provider. These credentials are secured via private encryption, known only by the user and verifiable with each service provider.
This model accomplishes two things:
As a bonus, users have access to a greater degree of privacy and control over their personal data. But what does this look like in practice? Here's an example:
We've spoken to how decentralized identity offers everyone greater access to services and more control over their data. Beyond that, decentralization reengineers how data is stored and secured, to the benefit of users, organizations, and developers alike.
In a decentralized system, the wallet acts as a secure repository for user credentials. It protects credentials using encryption and biometrics, requests informed consent from the user each time credentials are requested, and conceals any metadata that could lead to credential tracking. Encrypted, decentralized storage systems like blockchain are impenetrable by design, reducing the risk of an entity gaining unauthorized access in order to steal or monetize user data.
While this improves privacy and security for users, it also helps organizations reduce security risks. Many global organizations are subject to regulations based on how they collect, process, store, and transact upon user data-and they face sanctions and penalties even for unknowingly breaking the rules or experiencing data breaches. By collecting and storing less data, organizations simplify their compliance responsibilities and reduce the risks of misusing information and being targeted in opportunistic cyber attacks.
Furthermore, requesting only the necessary credentials for users to prove their identities, in a system where users consent to sharing credentials, encourages a new depth of trust and transparency between organizations and users.
For developers, decentralized identity opens the gates to better standards of app design, effectively eliminating the need for passwords or stringent authentication processes. This could allow developers to create more convenient and engaging user experiences, further enriched by participation in an open, standards-based ecosystem. This way, decentralized identity lets organizations form new alliances, which partners can use to securely communicate approved information and provide more efficient user services.
While decentralized identity is still an emerging field, some of the world's leading organizations are showing the potential it has to increase trust and democratization. These include big names like Microsoft, IBM, and SecureKey, as well as startups like Evernym.
In the background, numerous organizations are working to standardize and shape decentralized identity. The key players here include:
The decentralized identity space is still in its inception, as organizations are attempting to figure out how to deploy this technology at scale, and factor in regulatory requirements. Identity is at the core of how decentralized architectures will develop.
New use cases are continually emerging-let's explore a few.
Within workforce environments, decentralized identity presents an opportunity for organizations to fully go passwordless, by connecting to federated identity infrastructures. This way, organizations could issue digital credentials around a person's role and department, for instance, which are saved in the employee's digital wallet, and identity providers verify that information to grant single sign-on to the tools they need. As another workforce use case, DIDs could also be used to inform digital badges to grant appropriate access to physical locations. These intra-organizational scenarios present an easy entry point to experiment with this new technology.
Using decentralized identity within customer settings is still further in the future-we have yet to see many proofs of concept in this area. To date, the largest obstacle would be to enable applications to connect to decentralized identity providers, which would require a significant overhaul of our current consumer landscape. That said, we may see an entry point through social logins, as social media platforms are already supporting their large consumer bases by federating identities and simplifying logins to other applications.
As the industry continues to develop proofs of concept for decentralized identity in government, healthcare, finance, and more, the opportunities for decentralized identity continue to grow. While in its infancy, it's an exciting area to watch.