Okta Inc.

01/13/2021 | News release | Distributed by Public on 01/13/2021 15:19

What is Decentralized Identity?

Decentralized identity, often used interchangeably with 'self-sovereign identity' (SSI), is gaining ground as an alternative to today's centralized and federated infrastructures. In short, it allows individuals to manage their own identities. In a decentralized framework, the user receives credentials from a number of issuers (e.g., government, education, employer) and stores them in a digital wallet. The user presents those credentials to the relevant issuing authority, who then verifies their identity through a blockchain-based ledger that does not store the user's data. That's what decentralized identity is, so why do we need it?

For many, today's personal identity model (how businesses create identities based on the information they gather from their users) doesn't always work in their favour. Organizations need to collect sensitive and personal data from their users to authenticate their identities-but as long as companies continue to experience data breaches or mishandle information, this is not a model that represents their users' best interests.

Most of us have a fragmented identity experience online, authenticating separately with a sprawl of service providers; but some are openly disenfranchised. Around 1 billion people worldwide are unable to claim physical or digital ownership of their identity, leaving them unable to actively participate in public services and society's most basic technical advances.

While still in its nascent stages, the decentralized approach to identity promises to give users much more independence, enhance privacy, and inspire digital transformation across organizations. In this post, we'll explore how decentralized identity works in detail, who benefits from it, and where things stand with its development.

What we're talking about when we talk about decentralized identity

As an emerging field within identity and access management (IAM), decentralized identity has its own set of particular terms that help define the roles and interactions within this model.

  • Credentials: Information that distinguishes each subject.
  • Holder/Wallet: A software repository that manages credentials on behalf of a subject and protects their privacy.
  • Issuer: A party that issues access credentials, similar to an identity or OpenID provider.
  • Subject: The user or individual who authenticates their identity.
  • Verifier: The party or service provider that verifies the validity of a credential. The verifier issues a presentation request to the wallet, which, after gathering user consent, presents the credential to the verifier.

Like with any IAM structure, these components come together to securely facilitate access to critical information while helping to verify a user's identity.

Decentralization democratizes data and access

More often than not, documented proof of existence is a prerequisite for people to engage in financial, political, social, and cultural activities. In fact, proof of identity determines our ability to exercise citizen's rights and access essential services, including education, healthcare, banking, housing, and state support. Meanwhile, displacement, poverty, bureaucracy, and lack of education are all factors that get in the way of people obtaining state-issued identity documents that act as a bedrock for access.

Removing the barriers to access

Decentralized identity systems make it significantly easier for users to access this information. By using online, blockchain-based cryptography systems to establish digital wallets, anyone can access this sort of digital identity. Effectively, the only material requirements are an internet connection and use of a smart device-both of which are rising in emerging economies as we continue to bridge the digital divide. As a result, decentralization projects are a promising philanthropic means of providing widespread digital identities and access to services.

Enhancing user independence

User autonomy is another area where decentralized identity promotes democratization. When registering for new online services, users traditionally have to provide an array of personal data, which organizations may process, share, or sell to third parties. In a decentralized system, users instead receive decentralized identifiers (DIDs) to verify their identities with each service provider. These credentials are secured via private encryption, known only by the user and verifiable with each service provider.

This model accomplishes two things:

  • It lets users share only the information that's relevant and necessary to access each service, and
  • It helps to ensure that organizations can access a person's data only for the purpose of authentication.

As a bonus, users have access to a greater degree of privacy and control over their personal data. But what does this look like in practice? Here's an example:

  1. Jane has just migrated to the U.S. without a physical copy of her university diploma. She needs to prove her field of study to receive a confirmed job offer.
  2. The university issues her a DID credential-in this case, Jane's diploma-which she then stores in her digital wallet.
  3. Using the DID credential, Jane presents her diploma to potential employers, who can independently verify its authenticity with the issuing university.

Potential benefits of decentralized identity

We've spoken to how decentralized identity offers everyone greater access to services and more control over their data. Beyond that, decentralization reengineers how data is stored and secured, to the benefit of users, organizations, and developers alike.

Benefits to users

In a decentralized system, the wallet acts as a secure repository for user credentials. It protects credentials using encryption and biometrics, requests informed consent from the user each time credentials are requested, and conceals any metadata that could lead to credential tracking. Encrypted, decentralized storage systems like blockchain are impenetrable by design, reducing the risk of an entity gaining unauthorized access in order to steal or monetize user data.

Benefits to organizations

While this improves privacy and security for users, it also helps organizations reduce security risks. Many global organizations are subject to regulations based on how they collect, process, store, and transact upon user data-and they face sanctions and penalties even for unknowingly breaking the rules or experiencing data breaches. By collecting and storing less data, organizations simplify their compliance responsibilities and reduce the risks of misusing information and being targeted in opportunistic cyber attacks.

Furthermore, requesting only the necessary credentials for users to prove their identities, in a system where users consent to sharing credentials, encourages a new depth of trust and transparency between organizations and users.

Benefits to developers

For developers, decentralized identity opens the gates to better standards of app design, effectively eliminating the need for passwords or stringent authentication processes. This could allow developers to create more convenient and engaging user experiences, further enriched by participation in an open, standards-based ecosystem. This way, decentralized identity lets organizations form new alliances, which partners can use to securely communicate approved information and provide more efficient user services.

Players in the decentralized identity space

While decentralized identity is still an emerging field, some of the world's leading organizations are showing the potential it has to increase trust and democratization. These include big names like Microsoft, IBM, and SecureKey, as well as startups like Evernym.

In the background, numerous organizations are working to standardize and shape decentralized identity. The key players here include:

  • Decentralized Identity Foundation (DIF): The hub for all development, discussion, and management of initiatives that go towards creating an open, standards-based decentralized identity ecosystem.
  • World Wide Web Consortium (W3C): A provider of open standards since the early 2000s, focused on browser development and interoperability.
  • Internet Engineering Task Force (IETF): The organization responsible for standardizing core internet technologies, including the main Internet protocol suite.
  • Hyperledger: The Linux Foundation's community dedicated to developing frameworks, tools, and libraries for deployments of decentralized ledgers and blockchains.

The future of decentralized identity is still being defined

The decentralized identity space is still in its inception, as organizations are attempting to figure out how to deploy this technology at scale, and factor in regulatory requirements. Identity is at the core of how decentralized architectures will develop.

New use cases are continually emerging-let's explore a few.

Workforce

Within workforce environments, decentralized identity presents an opportunity for organizations to fully go passwordless, by connecting to federated identity infrastructures. This way, organizations could issue digital credentials around a person's role and department, for instance, which are saved in the employee's digital wallet, and identity providers verify that information to grant single sign-on to the tools they need. As another workforce use case, DIDs could also be used to inform digital badges to grant appropriate access to physical locations. These intra-organizational scenarios present an easy entry point to experiment with this new technology.

Customer logins

Using decentralized identity within customer settings is still further in the future-we have yet to see many proofs of concept in this area. To date, the largest obstacle would be to enable applications to connect to decentralized identity providers, which would require a significant overhaul of our current consumer landscape. That said, we may see an entry point through social logins, as social media platforms are already supporting their large consumer bases by federating identities and simplifying logins to other applications.

As the industry continues to develop proofs of concept for decentralized identity in government, healthcare, finance, and more, the opportunities for decentralized identity continue to grow. While in its infancy, it's an exciting area to watch.