IOTA: The case of Decentralized Digital Identity
The other day @BongInma1 pointed my interest towards one of IOTA’s main fields of operation besides Internet of Things (IoT; although the two are obviously linked): Decentralized Digital Identity. One has to distinguish between Identity of Things (which I have touched upon in my previous article) and Decentralized IDs (DID, mainly human beings’ identities). I shall first explain what this is actually about and second what IOTA has to do with it.
1. Decentralized Identity — what is it after all?
I will follow Outlier Ventures’ Jamie Burke in explaining what this is actually about to make it as understandable as possible.
The problem: Today, we have to trust other parties (be it companies, agencies or whatever) to secure our personal data, which they are obliged to collect. This in itself is not a problem, but the data is not safe (thefts of personal data is what happens all the time, as you know). There simply is no standard which tells companies that Joe from Germany, their customer, is really Joe and not some scammer from another part of the world. The problem gets especially apparent if we consider that today more than 1 billion people live without an officially recognized identity.
Possible solution: Blockchain / DLT (Distributed Ledger Technology): The idea is to use this new technology to get rid of third parties and let each individual store personal data in a safe which only he or she has access to: this is the digital identity. Of course, this can (and will) also include devices that are connected to the Internet of Things; in sum, this is called the Identity of Things (IDoT):
Rather than perceiving them as lifeless amalgams of metal and plastic with a specific purpose, we need to shift toward considering each device as its own identity with different attributes.(David Sonstebo, IOTA Co-founder, click)
- data is stored in a tamper-proof fashion = safe!
- no third parties involved
- Zero knowledge proofs: They are “an innovation that means an ability to prove a claim (through clever math) without revealing any of the data that makes it so, such as proving you’re over 21 without revealing your birthday or even your age. This means you can make verifiable claims without burdening the relying party with having to secure your data.” (click)
- user-tailored: other parties/agencies/companies get only access to relevant data which in turn reduces legal and compliance risks by processing such information, instead of controlling it on behalf of the user.
- it is fast (far less bureaucracy needed)
- it is convenient and can be taken wherever you go
By means of your Digital ID you could
- vote at elections (without providing evidence that you are eligible)
- get background medical record information
- use any government-related service
- buy things which need an age-verification without providing any personal information (not even your birthday!)
Cities and governments could use it for
- inter-organisation and inter-city data exchanges,
- granting access to aid programs to people who have lost their identity
- only example so far: Taipei’s partnership with IOTA
“Things” could use it for
The possibilities are endless — one great use case of Digital Identity is already running in Jordan by the UNHCR in order to help refugees:
The possibilities are endless, obviously. However, in order for it to become reality, a standard layer is needed which is accepted by all the countries worldwide in order to process all of the data; you can think of it as the http of data information: Just like you open every web page by means of the http-protocol you would store all your personal data safely on this new data layer and other parties could get access to it if you let them.
The question is how to set up this new layer; and that’s where IOTA comes into play.
2. The (possible) role of IOTA
One of IOTA’s first officially announced partnerships was the one with the Digital Identity Foundation (DIF). Moreover, IOTA has also partnered with REFUNITE to help reunite families during and after conflicts by means of the IOTA ledger called the Tangle.
I will not go into technicalities as to why IOTA is suitable for the job of digital IDs and everything connected with it (just three words: feeless-fast-scalable). However, this article seeks to explain the role of IOTA in all of this. As you will see, there are many connections in this emerging web of interoperation between big companies, governments and IOTA.
I shall first of all introduce you to some big players in this realm and then point out what IOTA’s role might be.
2.1. The DIF
The DIF was founded “to build an open source decentralized identity ecosystem for people, organizations, apps, and devices”. Members include:
Evernym develops software solutions that leverage distributed ledger technology to provide every individual, organization and connected device with secure and irrevocable identity.
The company has just announced that it is partnering with R3 (another DIF member) to apply self-sovereign identity to financial services. Essentially, this joint initiative brings together two ledgers: One for the financial service industry (Corda by R3) and one that was built for self-sovereign identity (Sovrin, originally developed by Evernym and later turned over to the international non-profit Sovrin Foundation).
At its heart, Sovrin technology facilitates the exchange of ‘verifiable claims’, which in this context refers to those provable attestations which entities make about themselves: their age, address, certifications earned, and more. Evernym builds applications upon the Sovrin network which specialize in identity-based claims, such as those which establish a user’s authority to exert control over the funds in a particular financial account. (click)
Sovrin is als the name of the self-sovereign identity ledger. It is a free and open-source project. The whitepaper can be read here.
Yesterday, Mircosoft published a blogpost about their status quo in Digital IDs which is also a good introduction to the topic as such:
Howdy folks, I hope you'll find today's post as interesting as I do. It's a bit of brain candy and outlines an exciting…cloudblogs.microsoft.com
Of course, Microsoft sees the potential of the technology quite clearly yet they also acknowledge that scalability is a major issue:
Some public blockchains (Bitcoin [BTC], Ethereum, Litecoin, to name a select few) provide a solid foundation for rooting DIDs, recording DPKI operations, and anchoring attestations. While some blockchain communities have increased on-chain transaction capacity (e.g. blocksize increases), this approach generally degrades the decentralized state of the network and cannot reach the millions of transactions per second the system would generate at world-scale. (source)
In order to overcome this they are “collaborating” on other protocols “to achieve global scale” (click). Note that in their blogpost Microsoft reveals that they have “invested in incubating a set of ideas for using Blockchain (and other distributed ledger technologies [which COULD include IOTA]) to create new types of digital identities […].” (click)
- Accelerate access to digital identity for those living without
- Set standards for a trustworthy decentralized identity framework, facilitating interoperability and creating an efficient market
- Increase the efficiency and sustainability of global financing for identity
- Enable more efficient and effective delivery of development and humanitarian aid
Another main sponsor and also partner of DIF is Accenture.
3. Connecting the dots
So the DIF is the place where all of the above-mentioned companies come together. Microsoft being among those has linked in their blogpost under point 5 (first bullet-point) the website of the World Wide Web Consortium (W3C) which is the main international standards organization for the World Wide Web according to Wikipedia. This organization is working on Decentralized Identifiers which are “a new type of identifier for verifiable, “self-sovereign” digital identity. DIDs are fully under the control of the DID subject, independent from any centralized registry, identity provider, or certificate authority.”
The main editors are closely connected to Evernym (Drummond Reed is the Chief Trust Officer at Evernym and Secretary at Sovrin Foundation), Manu Sporny and Dave Longley are members of Sovrin’s Technical Governance board (click).
To put it short: W3C is working on standardizing Decentralized Identifiers and Evernym people are (deeply) involved; this project can also be found among the above-mentioned DIF working groups . The same people that also have a partnership with the R3. Cool.
Now Evernym was recently not only chosen by the same Outlier Ventures as IOTA back in June 2017 to be backed financially, but Evernym has also officially launched a collaboration with IOTA in the field of Digital ID:
The challenge of determining identity goes far beyond simply identifying humans. If the great promise of the Internet of Things is to be fulfilled, connected devices must also be uniquely and enduringly identifiable, and the validity of what they claim to be must be quickly verifiable. This is precisely the work Evernym is pursuing. Expect significant advancements to emerge from our collaboration with IOTA. (Drummond Reed, Evernym’s Chief Trust Officer. Source)
Drummon Reed summed it up in his overview about Sovrin here and called IOTA’s approach as a “powerful new way”:
Thus, we have an apparently very good interconnection of IOTA in the realm of DIF on the one side and the co-founder of the biggest Digital ID alliance on a government scale (ID2020) aboard the IOTA Foundation (That both are somewhat linked could be seen from tweets like this).
Add to this that not only IoT, but also Identitiy of Things (IDoT) plays an integral part of the IOTA roadmap and you will recognize that big things are about to be revealed here (Taipei certainly is only the beginning).
Obviously, only the tip of the iceberg has been revealed so far, but it also is a very complex undertaking. In Dominik Schiener’s words:
Just to emphasize it: signing up a lot of companies…dedicate their best people…5 companies on board so far.
Bringing IDoT to the masses is an enormous undertaking, but the IOTA Foundation has the means (both financially and manpower-wise) to do so. Enabling this in the real world will certainly be a gamechanger.
I can only advise you to dig a bit deeper into the matter by following the links provided above or simply watch this video of Wilfried Piementa, another IOTA Foundation member, explaining it:
We are at the edge if a whole new level of this technology…
As always, I would be really happy about donations (you may also read my other articles):