Digital Identity — Part 1: Can the concept of identity be transferred to the digital world? And if, in which way?
In an increasingly digital society, more and more devices are connected to the internet. This number already grew over the last years, and during the last months this development accelerated even more. To reach the full potential of growing opportunities that this digital environment provides, there are several open questions that need to be addressed.
The main reason for these open questions is that we cannot simply apply all principles from the physical world to the digital world, but instead have to build new concepts to create a scalable digital environment.
One of the most central building blocks to find the answers is the question of how the concept of identity can be transferred to the digital world.
In a physical world, there are numerous proven methods to identify a person. But the Internet is currently missing scalable functionalities to identify persons. To deal with this problem, password credentials were introduced to create at least one form of verifiable digital identity. But dealing with the question in this way has the following problems:
• Isolated: Identity data cannot be shared between services in an easy way without the user losing control of its data.
• Complex: Managing a secure environment to store credentials is hard and takes a lot of effort.
• Vulnerable: Identifying a user just by a single password and also storing the passwords of all users on a centralized place, makes the structure vulnerable for leaks and security breaches.
• Time-consuming: From a user perspective, managing all different sorts of credentials for an uncountable number of websites takes a lot of time.
• Frustrating: All in all, managing identities in today’s world can be a frustrating task for both, users and companies, because it does not feel like a natural solution. But why don’t we have an equivalent of the physical identity solutions like an ID card in the digital world?
To be able to create a digital equivalent of the physical ID card which can be “shown” to enter a website , we need to be able to secure and verify this “document”. A physical ID card can only exist once. It is provided by the government and secured with several optical security mechanisms. So, it is a unique document that cannot be copied easily. And if somebody tries to copy it, it can be detected. This uniqueness is not included in the Internet as we know it today. Digital files can be copied several times, without the receiving person knowing that the file is just a duplicate.
How does Blockchain solve this problem and what is ERC 725?
One of the most promising approaches to tackle this problem is to use Blockchain technology. Blockchains can break the current compromise between control and comfort that exists in the current internet. Either I have full control over my data and don’t share it with any other party but can’t use internet services that offer personalized services. Or I share my data with all these services but, as a user, have nearly no control over my data, including where it is stored or with whom it is shared with. Blockchain technology can decentralize the trust and give users back the control of their data.
But let’s bring it down to a more concrete level. In the Ethereum world, ERC 725 is one approach to tackle the problem of digital identities. It was created by Fabian Vogelsteller in 2017 and describes itself as a “proxy contract for key management and execution, to establish a Blockchain identity”.
What might sound very cryptic the first time you hear it, is actually a description of standard functions that should be used to create an identity in the Ethereum blockchain. This standard or definition is needed to create a common language that different projects can agree on and in such create interoperability between the projects that are built upon this standard.
However, the important thing to notice is that it is not something carved in stone. It is an open and community-driven standard where everybody can participate and suggest changes and additions. Also, this standard does not try to solve all problems that could ever arise, but it focuses on a very specific topic: managing identity.
According to the ERC 725 standard, an identity can have attached keys. These keys are public addresses of wallets or smart contracts. Depending on the purpose of the key, these wallets or smart contracts can do different things. The purpose of the key includes e.g. management or claim. The key with the purpose “management” is basically the owner of the identity and can manage it. A key that is added as a claim key, can be used to do claims on other identities.
This structure allows it to have for example several claim keys for several use cases attached to an identity, which makes it very flexible.
