Decentralized Identity Management.
Decentralized Identity also known as ‘Self-Sovereign Identity’ and ‘Personal Identity’ is a Identity Access Management concept where individuals keep their identity stored in a digital wallet. In this approach individuals keep and maintain this identity by themselves. They can have multiple credentials from issues and decide what to show. The difference between centralized approach and decentralized approach is that in Decentralized Identity Management all identities of individuals are stored with owners instead of a central user store.
Example with Physical Identity
This approach is very similar to having physical identities. Assume a scenario where Peter has a National identity card issued from the government. Also he has a driving license issued from the Department of Motor traffic. Further he is an university undergraduate who owns the university identity issued by the exact university. When Peter goes to get a membership from a public library he needs to present his NIC in order to prove who he is in a legal way. Then assume he is driving a car on the way to the library and he is stopped by traffic police. Now he needs to show his driving license. Again the next day when he tries to enter his university premises he needs to show his university identity to get validated. All these identities are protected in Peter’s wallet and whenever Peter wants to show them he gets the one necessary out and shows.
Example with Digital Identity
This is the same concept used for Decentralized Digital Identities. Individuals have multiple digital identities from different sources in their digital wallets and they can show relevant identity in a given situation. Assume Ben is an employee of ABC company where he owns an account in the company and has credentials verified by the ABC Company with him. Again Ben has been vaccinated from the city hospital and got some digital proof to keep with him. Also he has a digital account in the city food corner and holds digital credentials such as a QR code from the food corner with him. All these digital credentials are stored in Ben’s digital wallet in his phone. Now assume he is going to access a web application from his company and in login he needs to provide his identity using the approved credentials from the company. When he needs to access the food corner he needs to present his identity given by the food corner to the scan machine at the entrance. Again when he is admitted to a hospital he can pass his vaccination proofs to the relevant application in hospital.
Roles in Decentralized Identity Management.
There are three main roles which can be identified in decentralized identity management called issuer, user, and verifier.
Issuer
Issuer is the legal entity who provides verified information about the individual. He is the one who issues the identity. The government who issues NIC can be called as the issuer. When it comes to the digital identity scenario, the ABC Company can be considered as the issuer.
User
The User is the individual who holds the digital identity in the digital wallet of their mobile phones. He is the one who has the ownership of the digital identity and he can update attributes of digital identity accordingly. In above scenarios Peter and Ben are users of their digital identities.
Verifier
The verifier is the entity who needs to validate the identity of an individual in order to confirm his authenticity. In above scenarios the Policeman,ABC company, University and government can be considered as verifiers.
Why do we need Decentralized Identity Management?
- To allow individuals to have more control over their credentials.
In Centralized and federated Identity management, user data is under the control of a particular organization as their data is stored in a one user store of that organization. Organizations can view, update and delete data up to any level. But with the Decentralized approach, users keep, maintain their digital identities in a digital wallet on their mobile phone. Hence the user is the one who decides what data is to be shown, what attributes should be updated and deleted.
Another concern is that data stored in user stores of organizations can be used even after a particular employee is retired. But with the decentralized approach, individuals do not need to worry about situations like organizations using their data without their acknowledgement.
2. Avoid high risk of bulky data breaches.
Both centralized and federated identity management have high risk of data breaches as in both methods, identities of individuals are stored in central user stores. If the data store is hacked, all private data of individuals are exposed to unauthorized parties. For example we can consider Yahoo data breach in 2017 which affected 3 billion users, CAM4 data breach in 2020 where nearly 10 billion records are exposed and Linked in data breach in 2021 where 700 million users were affected.
But with this decentralized approach, data about digital identities of one individual are stored in the user’s mobile phone. No mass collection of data in a one store. Hence even if one individual’s mobile is stolen and identity data is leaked, the damage for other employees in the organization is avoided as their credentials are separated.
3. Have global standards for digital identity.
In centralized approach and federated approach, both of them promote separate standards for digital identities for each organization as user data of one organization is stored in their database and used only within the organization or within organizations who have trust relationship in federated approach.
But with the decentralized approach, we can promote one global standard for digital identities where one identity might be applicable for many organizations. An example is that NIC is applicable for any organization within the country. We will be able to create globally unique identities for individuals where they can use anywhere. A slight physical example of this can be the passports of individuals that they can use while traveling across countries.
4. A permanent and unique digital identifier
The most popular digital credentials we are using currently are mobile numbers and emails. The problem with them is once you stop using them or you keep them for a long time without using them, they can be suspended and reassigned to other people. Further using email as a digital identity is quite questionable as there is no guarantee about the ownership as a person can have many email accounts. Another popular method is using social media accounts credentials. Again there is a problem with fake accounts. But, Decentralized digital identities are unique and permanent. Once it is assigned to an individual it would not be reassigned due to any reason.
Digital wallets for storing Decentralized Identity
Digital identities of individuals are no longer stored in central user stores with the Decentralized Identity Management approach. Instead user credentials are kept with users. Centralized User stores are replaced with digital wallets on the mobile phone of individuals. The main reason for using mobile for this is high usage of mobile phones. Approximately 7.1 billion mobile phone users are calculated in 2021.
Public and private key for digital identities.
Each digital identity is signed with a unique private key which has an associated public key stored in a distributed ledger which can be accessed by verifiers. The private key is only with the individuals who own digital identity and organizations can use the public key from a distributed ledger in order to encrypt the credentials when they need to prove the identity of the individual.
Reasons for delay in using Decentralized Identity Management.
- Still there is no global standard to support decentralized identity.
Still the world lacks common and well-defined standards for producing unique digital identities for all like we do in our NIC. There is no legal entity to provide globally acceptable identity.
2. Still a developing trend.
People still do not have the mindset of moving from physical identities to digital identities. Especially when it comes to the adult population, as the lack of technological experience, adapting to a digital identity is difficult. Also technologies for safe digital wallets are still developing.