Blockchain for Decentralized Identity — Experiences

Anita Rao
BLOCK6
Published in
9 min readMay 30, 2022

In 1993, Mark Weiser from Xerox Parc said, “A good tool is an invisible tool. By invisible, we mean that the tool does not intrude on your consciousness; you focus on the task, not the tool”.

Globally, 68.1% of all website visits in 2020 came from mobile device1. Desktops drove 28.9% of visits, while 3.1% of visitors came from tablets. Convenience, usability, access, trust, privacy, and security are ever more critical. Most of us use so many apps that it is becoming difficult to navigate and manage one’s life. In most daily transactions, we need some elements of our identity. The ability to scale and keep up with the complexity is essential. A simple experience is a game-changer to aid the adoption of applications. It results in viral consumer behavior.

Self-sovereign identity (SSI, explained in the first blog) is about the customer first. It is not about technology (presented in the second blog) or industry standards (described in the seventh blog). Instead, it is about keeping the customer secure, protecting their data, and only sharing what is necessary to complete a business transaction (zero-knowledge proof explained in the fifth blog). The customer or entity can be a person, organization, or thing in this context.

Hence, it is about the convenience, value, and organization of one’s life. Getting a human’s attention is expensive. It is essential to keep the experiences simple; technology is just the enabler. The individual most likely will access the experiences over mobile devices. Therefore, the form factor on mobile needs superb craftsmanship to create a positive habit for the user. It is all about the “human experience.” According to Amber Case, the author of Calm Technology2, “A person’s primary task should not be computing, but being human.”

Her eight principles for creating great human experiences are:

1. Technology should require the smallest possible amount of attention

2. Technology should inform and create calm

3. Technology should make use of the periphery

4. Technology should amplify the best of technology and the best of humanity

5. Technology can communicate but doesn’t need to speak

6. Technology should work even when it fails

7. The right amount of technology is the minimum required to solve the problem

8. Technology should respect social norms

SSI has a tremendous opportunity to solve friction in business processes, including identity. It empowers further automation. The seamless orchestration of user experiences across transactions with embedded digital trust is enabled. For example, we use data from a verifiable credential (explained in the fifth blog) when we need to enter our data, like name and address, in forms. With SSI, the user can complete it in seconds on mobile. That is magic!

The experience starts with the digital wallet (described in the fourth blog) provided by the public or private sector. Within SSI, the digital wallet stores verifiable credentials for identity proofing and financial instruments for payments, just like a physical wallet. It begins with an installation, setup, and storage. The wallet setup includes creating the private and public keys.

Next, the wallet holder reaches out to issuers and requests VCs or verifiable credentials (described in the fifth blog). For example, a request made to the government agency for a government id like a passport or driver’s license. The experiences for the holder include the management of verifiable credentials by category. It is essential as the number of verifiable credentials over time will become significant. Organizing the VCs for speedy access will influence the experience handled by a digital smart agent in the digital wallet. The verifier reaches out to the holder with a request for proof. The holder accepts the request and delivers the proof. The verifier uses the proof to complete the business transaction. While responding to a verification request, the holder needs to quickly find the claims it wishes to present, create an attestation proof, and submit it. If the claims are from multiple verifiable credentials, the holder will select them and make one compound attestation proof. The holder also checks the integrity of the verifier from a governance registry if available. All instantaneously. Pre-approval for these steps reduces the friction of seeking the holder’s consent. The holder also has peer-to-peer DIDs (decentralized identifiers explained in the third blog) for private communications. These can be in the thousands. Here, management of DIDs is vital — the setup, access, use, store, update, and delete. Either one of the above could have error conditions that require attention. However, these should be clear messages that don’t need any user guide and are easy to navigate on mobile.

A person or organization can have multiple roles in the ecosystem. For example, a holder of a credential can also ask for verification of a credential. Organizations also play various roles as the issuer, holder, and verifier. For example, a University can issue diplomas as an issuer, store its business license as a holder and ask for verification of credentials from its students as a verifier. The experience considers the role while rendering proactive content for actions by the user.

A person needs to use their identity numerous times a day for various transactions. SSI experiences enable BYOI (Bring Your Own Identity). Business logic embedded in the process improves the automation of creating an attestation proof. Additionally, an entity (person, organization, or thing) may need identity proofing within a business process. These are flexible and dynamic authentication flows made easy with verifiable credentials helping with proofs. For example, when a user travels and reaches the airport, the workflow knows with the help of a location app. It creates a compound attestation proof at security, and the user sails through — no looking in wallets for IDs. The travel application offers a seamless experience with the digital wallet’s smart agent (refer to the twelfth blog on travel).

The end-user can use multiple applications tied to a mobile user experience requiring identity, some with business processes. Some examples for an individual include travel, healthcare, education, notarization, identity proof, financial services, payments, driving license, passport, organizational identity

Examples for a business entity include the management of licenses, bank accounts, and business documents for regulatory requirements in organizational wallets.

Some business transactions may require orchestrating processes with other apps for an end-to-end experience. For example, no username passwords for logging into systems as you go from one system to another between partners, vendors, and suppliers. It accelerates services delivered with ease.

Some other feature that impacts experience is the ability to access services on the go across devices. A user can have multiple devices, smartphones, tablets, etc., that are in sync, and the user executes processes on anyone of them. What if the user has numerous wallets? There too, the experience is seamless since portability is an SSI principle. An Omni-channel experience like the one offered by Bonifii3 in partnership with Entersekt for Memberpass customers enables members to authenticate using biometrics at a branch while calling a contact center or doing web online or mobile banking; all with a consistent experience. It also uses context-aware passwordless authentication leveraging artificial intelligence to protect members from fraud and reduce friction in the user experience.

For an enterprise, customer service takes a new meaning with SSI. First, the enterprise builds a unique DID (decentralized identifier explained in the third blog) for each customer. Then, it interacts with them with personalized experiences and continuous exchanges to improve the service experience for customers. These are secure communications via private messages. If either party wants to discontinue the engagement, they delete the DID. As a result, banks, telecoms, and utilities can benefit from new customer relationship management experiences to improve cross-selling and retention.

Since the mobile interface is the most likely one for use in the digital wallet, access to identity aspects on the go will drive adoption on mobile. Hence, creating a responsible, thoughtful mobile ecosystem to manage one’s life is crucial. Safe, reliable, economical, and compliant with regulatory, legal, moral, and cultural norms. The navigation of business processes between domains is seamless. Given the importance, using design thinking principles with continuous customer engagement helps build memorable experiences. Keeping it simple so that the user can move on only by answering a “yes/no” to a question is desirable.

Verifiable credentials (explained in the fifth blog) and all the holder’s smartphone data are robust. It will give rise to innovation and business processes. Information related to one’s identity was in silos and challenging to integrate and provide proof. The digital wallet and verifiable credentials make it easier to knock down the barriers and simplify processes with improved experiences.

While designing these experiences, keep in mind the accessibility needs of the elderly and other special needs. Onboarding the elderly and providing access to their online self requires empathy. Being inclusive requires justice by design. Designing the services around oneself for every human being is no small feat. Since we are creating for identity, we cannot afford to be exclusive.

Building digital trust with simple experiences enables adoption by all. Users avoid the complexity of underlying technologies. A “key moment of truth” in the experience is the catalyst to drive engagement with success in completing the task. The efficiencies over time save costs.

“The most profound technologies are those that disappear. Instead, they weave themselves into the fabric of everyday life until they are indistinguishable from it” — Marc Weiser.

Managing our identities should weave into effortless everyday simple experiences.

In the next post, I will cover Education.

To reference previous posts refer to this link. Again, I would suggest reading the posts in succession.

Glossary:

Credential:

A credential is an attestation of qualification or authority issued by an entity. It can contain multiple claims. For example, a driver’s license is a credential that has various claims such as name, date of birth, and address

DID (Decentralized Identifier)

Like a Uniform Resource Name, a globally unique identifier that somebody can universally discover a DID on a blockchain using a method. A DID is an interoperable, open-sourced web standard delivered by the W3C2. Each DID is associated with only one DID document.

DDO (A DID Document)

The DID document holds the description of the DID, the public key for verification, a set of authentication protocols, service endpoints, a timestamp, and a signature.

Digital Wallet

A digital wallet is software used to digitally store (usually in a smartphone) the contents of a wallet, like IDs, loyalty cards, and financial instruments used for payments. In essence, it is a digital version of a physical wallet.

Entity

A person, organization, or thing

Holder

An identity owner is a user of a Digital Wallet where their credentials are accepted, stored, and controlled using verifiable credentials. The holder approves attestation requests from verifiers and delivers the same.

Issuer

An issuer is a credible provider of identification documents; their signature (key) attests to the credentials’ validity. Governed by Governing Bodies or Trusted Anchors, issuers can belong to an ecosystem of trusted entities that issue documents/credentials with claims data. Issuers have the infrastructure to access a public blockchain to issue and revoke credentials. The schema and their definition of credentials are on the blockchain.

Private Key

A private key is stored cryptographically in the digital wallet of the entity (holder) in the decentralized identity ecosystem. As the name implies, it is personal for the identity owner.

Presentation or Proof

The proof attests a claim or compound claims from the holder to the verifier to prove some form of identification to complete a transaction. All are achieved without making contact with the issuer.

Public Key

A public key is a cryptographic key stored on the blockchain visible to others. It identifies the identity of an entity. Along with the private key, the public key can read encrypted messages for the entity.

Self-Sovereign Identity (SSI):

A decentralized way to manage the identity of an entity is built on the principles of transparency, interoperability, portability, and consent from the owner who controls what they own, know, and have.

Zero-Knowledge Proof

Contains claims or attributes that prove something about an entity without exposing co-relateable information about them.

References

1. https://www.perficient.com/

2. https://calmtech.com/

3. Bonifii.com

Contact

Linkedin https://www.linkedin.com/in/anitarao/,

Twitter @anitaprao,

Blog https://rao-anita.medium.com/

#SSI; #decentralizedidentity; #blockchain; #digitalidentity; #selfsovereignidentity; #identity; #dlt; #web3; #web3.0; #dApps; #digitalwallets; #distributedledger

Contents distributed by Learn.Block6.tech

👉 Telegram — Fresh ideas

👉 Twitter — Latest articles

👉 LinkTr.ee

--

--

Anita Rao
BLOCK6
Writer for

Passionate about Self-Sovereign Identity delivered decentralized via Blockchain. Member of Trust Over IP Foundation, W3C, and Decentralized Identity Foundation.