Digital Identity’s models
“Organizations require these digital identities before they can offer their services or allow any access to their resources. It is common for people to lose track of their siloed digital identities or not even have the ability to control their identity profile in many of these organizations. Both people and organizations increasingly feel the pain, and learn that this model is neither scalable nor sustainable as the use of digital services become more pervasive.”
December 2017 Gartner report, Blockchain: Evolving Decentralized Identity Design
1. What is Digital Identity
In the web 2.0 as the applications became more complex and e-commerce and social media became prevalent, the question of identity became more pressing and various solutions for these questions were implemented on the application layer. Those solutions fell in the identity schema of centralized and federated Identity that are explained in the following paragraphs.
Internet has not been designed for identity. On internet, no one knows who you are: “on internet no one knows if you are a dog”.
In the physical world, identity emerges from relationships. Over time, humans have developed interaction patterns around how we identify ourselves to each other. In other words, identity in the physical world is a protocol. As part of day by day life, entities (people, organizations) need to make many claims that are mostly moving to internet. For example about their location, accomplishment, payments. The next generation of web applications will authorize entities to perform actions based on the set of the credential issued by trusted parties.
To explain what digital Identity is, you can think about the identity as it was split into several dimensions: issuer, attributes, relationships, agents and validators. In the first part of the document are explained in the first three (issuers, attribute, validators), and the last two (relationships and agents) are described in part three.
· Identity issuer or identity provider is the person, or entity, that assign the identity
· Identity attributes is a piece of information, qualification, associated with an individual, or entity. A claim is an attribute, it is an assertion about anything as an identifier. A claim describes a quality, a property of an entity which establishes its existence and uniqueness
· Identity validators are the person, or entity, that verify the identity. Identity verification is a process by which, an organization, or system, attempt to confirm the authenticity of an individual’s claim. A typical method of identity verification includes one or more form of government-issued identification like passport, driver license. Or for example proof of residency at the individual’s home (utility bills, bank statement…)
2. Types of Digital Identity
2.1 Centralized identity
Still today, lots of internet identities are centralized. A centralized Identity is the “account” that you create in a website, owned and controlled by a single entity. For example a bank, when you create an account to access online banking.
Note: Image from Hyperledger webinar Decentralized Identity distilled
Each “.org” is a silo. It centralizes the user data in a “honeypot” that can be easily hacked because it creates a single point of failure. Hence, centralized identities are not compliant anymore with the regulations, in particular, GDPR, since they do not preserve user data privacy either security. The user experience is also affected by this type of identity model. From the customer point of view, to create an account is not a smooth experience and centralized identities are frequently victims of phishing attacks.
Statistics said that we have around 100 to 500 accounts spread all over, that we do not even remember to have created, without knowing where our data are, and who is using them and for which purpose. Secure communication protocols are used by this identity schema are SSL; TLS; HTTPS. SSL and TLS are two standards for encrypting the data exchanged between the client (browser) and the server. SSL is Security Socket layer, and TLS is Transport layer security, which is the version updated of the SSL. When you are buying the SSL certification from Symantec you actually buy the most updated one, TLS. HTTPS, HyperText transfer protocol Secure, appears in the URL when a website is secured by an SSL certificate.
2.2 Federated identity
Note: Image from Hyperledger webinar Decentralized Identity distilled
In federated identity systems, users can use identity information established in one security domain, to access another. Federated identity systems are single sign-on (SSO) schemes that allow a user to access multiple separate services, such as Facebook Connect. The goal of federation is to allow security principal identities and attributes to be shared across trust boundaries and between organizations. It gives a degree of data portability (between the boundaries of those organizations) to a centralized identity, for example enabling users to login into one service, using the credentials of another. It is concerned with where the user’s credentials are actually stored, and how trusted third-parties can authenticate against those credentials without actually seeing them. Sharing identities is not transparent to the identity owner.
Federation can take many forms. Within an organization, for example, several service providers (SPs) trusting a single identity provider (IdP). Identity providers are the one that accomplishes the relationship between the different service providers (SPs) through the use of protocols, that can be standard, or proprietary. When discussing today’s identity solutions, is common to hear these standards SAML, OAuth2, OpenID, FIDO Alliance. On many websites, you can use your Facebook or oAuth-xAuth enabled SSO login to authenticate.
Right now we don’t have a commonly accepted SSO that works at all sites. In order to minimize the risks that the identity can be compromised at IdP level, and been used in all the other places that belong to the same SSO, some authentication providers are leveraging stronger 2FA (second-factor authentication) and MFA (multi-factors authentication) solutions. In case a hacker will get your password, he won’t get ( at least immediately) also the second factor, or the mobile, or the physical device required to authenticate.
3. ISSUES with current Identities models
As we have seen, the current centralized and federated digital identity models do not allow for full independence or control by the user. The initiatives are predominantly silo solutions that address very specific use cases and that are vendor lock-in. This limitation in the design of the architecture of identity models like centralized and federated brings the following issues:
1.The general problem of missing a native identity layer and centralized DB. Because the Internet currently misses a native identity layer, companies and public institutions have implemented ad hoc systems/application whit internal databases where they manage the identities of people and things in their data ecosystem. Unfortunately, central databases are incompatible data silos that produce a lot of problems. They are a single point of failure and a massive security risk to a large number of people. As the recent fact from the news has proved, like Cambridge Analytica, they are a honeypot for attacks and data fraud. A data breach is a security incident in which sensitive, protected, or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized. They lead to identity fraud, reputation damage and, of course, loose of privacy.
2. Missing standardization of digital claims. There’s no standard format for exchanging user data. A claim is an attribute of digital identities. Technologies make it possible for many stakeholders to issue, earn, and trust these essential records about their counterparties, without being locked into proprietary platforms. Verifiable claims are a standard way of defining exchanging, and verifying digital credentials, and a W3C Working Group, W3C Verifiable Claims, formed in April 2017, that is working on that.
3. IT Cost. Databases are expensive to maintain in terms of security and privacy (theft, loss of data, human faults).
4. No portability. No data compatibility. Data are locked into proprietary platforms. This implies that data compatibility with other institutions comes at a high cost and create a barrier for portability.
5. No control over their own data. The user doesn’t have a consolidated digital identity, but tens or hundreds of fragments of themselves scattered across different organizations. The user doesn’t have the ability to control, update, or secure these fragmented identities effectively, and do not know when it is passed on to other organizations.
6. No efficiency, lack of UX. A poor overall user experience. Users waste a lot of time creating and managing multiple usernames for single apps, or new service they register for.
7. Low privacy in the federated identity, due to correlation across accounts, and indirect relationship since to log in on X you must create an account on Y. Ultimately, IDP is still a hacking target.
8. It doesn’t scale: federation doesn’t scale since it doesn’t exist yet an SSO accepted everywhere.
4. Alternative Identity schemas
Note: image was taken from Sovrin whitepaper. In the picture are represented the four stages of online identity against at the axes of portability and control.
4.1 User-centric identity
User-centric identity management places administration and control of identity information directly into the hands of individuals. Examples include password managers (e.g., 1Password, Less-Pass) that securely keep track of different website credentials. User-centric identity means that the user has individual control across multiple authorities without federation. Individual fill their own data store with information. This information is then provided to other organizations with the permission of the individual, and a record is kept of these provisions. User-centric methodologies tend to focus on these three elements: User Consent, Interoperability, Full control. The user-centric schema is possible to achieve if the identity information is referenced in a ledger that no single central authority owns or control. In a centralized DB, a user will never have the full control, simply because there is an administrator that has full control of the DB and the users have more restricted grants.
4.2 Decentralized Identity
The decentralized identities rely on two main capabilities of blockchain that are: the distributed ledger and the cryptography.
The Distributed ledger enables trust in the network, without the control of one central authority. Through the consensus mechanism (the agreements between parties on the status of the ledger), the information is replicated, shared and synchronized geographically, spread across multiple countries, or organizations. No central administrator or centralized data storage exists since the network is formed by peers that have the same grants and transact freely with each other. The ledger is immutable, which means that data can be updated through consensus, gained among the participant, but can never be erased or rewritten.
The Cryptography allows an appropriate level of security in authorization and sharing of information. It provides data integrity since the data in the transaction are verified, along with the ownership of the transactions themselves.
Excluding a central administrator of the ledger, allows the users to manage information about themselves, and make decisions on when, and with whom, they share them. The degree to which a digital identity concept is vendor-agnostic depicts the degree to which gaining, a) access to the information, b) the verification of the identity does not rely on any specific vendor, c) or use of that vendor’s technologies. Enabling the individual, when requested and at their own discretion, to share their personal information with selected entities, enhance the potential of new services and business models.
The tendency in the Identity framework demonstrates a shift toward self-control and vendor independence and the implementation of Self Sovereign Identities (SSI) that will be explained in the following paragraph.
4.3 Self-Sovereign Identity
SSI identity is an agnostic concept that does not rely on any specific company even though there are different representations of SSI based on the providers.
The SSI is a portable identity owned by any person, organization, or thing that does not depend on any centralized authority. It does not rely on any external administrative authority, without the possibility that this identity can be taken away. SSI is a censorship-resistant Identity that nobody can take away from you. At the contrary, in the federated identity model, the identity register can stop giving access to the user's identity without consulting the identity owner. The move to self-sovereign identity is from a silo dimension to a layer level dimension.
According to the Sovrin foundation (an international non-profit organization where Sovrin Network is an instance of Hyperledger Indy project), the following are the principal goals of sovereign identities:
· Security — The identity information must be protected from unintentional disclosure
· Controllability — The identity owner must be in control of who can see and access their data and for what purposes
· Portability — Users must be able to expose their identity wherever they want and not be tied to a single provider
The above principal goals are achieved by maintaining the following properties:
· Existence — Users must have an independent existence
· Control — Users must control their identities
· Access — Users must have access to their own data
· Transparency — Systems and algorithms must be transparent
· Persistence — Identities must be long-lived
· Portability — Information and services about identity must be transportable
· Interoperability — Identities should be as widely usable as possible
· Consent — Users must agree to the use of their identity
· Minimization — Disclosure of claims must be minimized
· Protection — The rights of users must be protected
These principal goals and properties can give an accurate idea of what SSI identity is about, although are not standard and the implementation of SSI identity can differ based on the vendor. Some of the players in the SSI market are: uPort, Microsoft, Evrin, Sovrin (Hyperledger Indy), CivicKey, SecureKey.