Machine Economy Deep Dives: Digital Identity Part I

Unscrambling identity, digital identity and self-sovereign identity

Published in

Future Energy Ventures

9 min readFeb 12, 2018

written and researched by Carolina Soto and Franziska Heintel

On the internet, identities blur, are trapped in information silos or may be “untrusted”. We are in need of (new?) digital identity solutions that don’t rely on third parties, but instead are user-managed and trustless by design. Is blockchain technology the solution and what is a “self-sovereign identity”?

“Reflection of a person in hooded through a pay phone mirror” by Liam Seskis on Unsplash

Since “identity” is one of the Machine Economy team’s current investment focus areas, we would like to take the opportunity to walk you through some of the basics in this “deep dive” series. We will briefly touch upon the history of identity, define the different terms often used in this context and explain how decentralization technologies like blockchain can enable “self-sovereign identities”.

So, to start of with, what does one generally mean when talking about “identities”?

The Oxford English Dictionary defines an identity as:

“The fact of being who or what a person or thing is;
the characteristics determining who or what a person or thing is;
serving to establish who the holder, owner, or wearer is by bearing their name
and often other details such as a signature or photograph.”

and as

“the sameness of a person or thing at all times or in all circumstances;
the condition or fact that a person or thing is itself and not something else;
individuality, personality.”

Summarizing the above, one can simplify the definition of identity as a differentiating or characterizing aspect of a person or object which makes it possible to indicate who or what (someone or something) is and/or which attributes it carries.

These definitions will help us to later translate the classical understanding of identity to digital identity and determine the different levels and uses cases following the vision of a user-centric “self-sovereign” identity future.

How do you identify people or things and who is the issuing institution?

The traditional way of proving someone’s - or something’s - identity for day-to-day interactions used to be done through paper-based identification (and mostly still is!). Take for instance passports, national ID cards, driving licenses, serial numbers for goods, or health insurance cards. Sometimes, university or company IDs might also serve as identification documents. All these documents help proving a human’s or thing’s identity in a specific situation.

These identity documents must be widely recognized, and as such, are issued by a trust entity like the national government or a private institution like a health insurance company. On the plus side, traditional identity issuers have built an identification scheme that is mostly trusted amongst users through the “good” reputation and reliability of the issuing institutions (mainly federal/governmental institutions). However, its centralized approach has made users dependent on the issuing institution and identities can be lost if the institution fails (e.g. citizens of failed states who lose their IDs in conflict zones and need to get new ones), or are not recognized cross-border/ cross-company-wide.

What is a decentralized identity?

Probably everything you have heard until now was no big news. But what about the lately often used but rarely explained “decentralized identity”?

You cannot really “decentralize” your identity or the identity of an object. Hence, when talking about a “decentralized identity” one usually refers to the management of identity which is handled in a decentralized manner (for example using blockchain technology). Decentralized identity management can come in many different forms, however it usually deals with the attestation of claims and attributes around (parts of) a human or non-human digital identity, how this information is stored and who owns it.

There are various ways how to conduct “decentralized identity management”. You can read more about startups and use cases around this topic in our upcoming article covering Blockchain and decentralized identity.

What are digital identities?

As outlined above, in order to conduct decentralized identity management a digital identity is required.

Wikipedia defines a digital identity as

“information on an entity used by computer systems to represent an external agent. That agent may be a person, organisation, application, or device. The information contained in a digital identity allows assessment and authentication of a user interacting with a business system on the web without the involvement of human operators. Digital identities allow our access to computers and the services they provide to be automated, and make it possible for computers to mediate relationships.”

Derived from the above, one can say that a digital identity is a set of electronically captured and stored attributes and credentials that can uniquely identify a person or object. The digital identity is a digital version of a person’s or object’s real identity (so to say a “digital twin” of the real world’s information about yourself or a thing).

The paradigm shift to digital identities has created new opportunities for technological development and has shifted control to the user. Digital identities represent a user in any online transaction, hence, as we digitize many of our social and economic activities, the importance of digital identities increases.

The evolution of the digital identity can broadly be described in four pillars, as outlined in the Sovrin whitepaper.

In a perfect world, self-sovereignity describes identity management with the highest degree of interoperability between vendors and the highest degree of data ownership and control by the user. But let’s have a look at all four stages that have been identified briefly.

The “four stages of online identity” by Christopher Allen (sorted by vendor dependance and control)

Phase I - Centralized identity: Certificate authorities and centralized institutions create an identification scheme to build trust among users. To date, most internet identities are centralized, think about your Google, Facebook, or bank account.
Phase II - Federated Identity: A federated identity describes the means of linking a person’s electronic identity and various attributes to each other, stored across multiple distinct identity management systems. A federated identity allows users to sign into one service using credentials of another, thus giving a degree of portability to a centralized identity. Examples of this kind of identity are Facebook/LinkedIn/Google accounts to log into other sites or apps.
Phase III - User-centric identity: The user is in control of his own data and decides what he wants to share with third parties himself. In this sense, the flow of information from claim providers to relying parties only happens when the user gives consent, thus remaining in control of his data. The user fills his own data store with information using an individual identity provider like Civic, where the user and the identity requestor voluntarily exchange information stored in the Civic App.
Phase IV - Self-sovereign identity: This is the last step in the identity evolution where users have full autonomy of their identity. It removes the centralized aspect of identity where an external party can claim to provide the identity for the user. The user’s digital identity is independent of any institution or organization as it is intrinsically theirs, and thus can’t be taken away. A self-sovereign identity is as a digital record of identity transactions that users control, and it can be updated with data that users add themselves or as a third party to do so. Privacy of this digital identity is also controlled by users, it can be partially public or totally private whenever they wants it to be. Claims made about the user in identity transactions can be self-asserted, or asserted by a third party whose authenticity can be independently verified by a relying party.

How do you identify somebody with a digital identity?

*“On the internet, nobody knows you are a dog” —* Cartoon in the New Yorker in 1993

With an increasingly complex digital identity ecosystem that includes a wide range of identity models and stakeholders, there is no universally recognized authority where people can register themselves and “get their digital identities issued”.

It still remains a grey area, considering nobody really “controls” the internet. So, as it stands now, every website is free to allow users to register themselves and create their digital identity that can be exclusively used on a particular website (centralized identity) e.g. nobody logs into a Gmail account with a Yahoo identity. These created digital identities can also have a federated approach e.g. using a Facebook account to log into Spotify, thus, creating multiple silo-ed identities linked to one user. In the non-digital world, one could compare this scenario to one person holding multiple passports.

Additionally, online services have different approaches when it comes to verification of users. Of course, Facebook advices you to sign up with your “real” name, but nobody might ever find out if you just used a nickname or even the name of your grandma instead. Online banking institutions, however, have more strict “know-your-customer (KYC)” requirements for creating a digital identity.

„The internet was built without an identity layer.“ Kim Cameron, Chief Architect of Identity at Microsoft

Is our (digital) identity system broken? (photo by Chris Barbalis on Unsplash)

Guaranteeing that a system is dealing with the right person behind the computer is a basic requirement in a diverse set of transactions, like online banking, e-commerce, or registration to governmental services. Hence, service providers who require user authentication have been pushing for a secure digital identity. For example, online commerce sites have their own set of requirements in trying to tell a dog from a genuine buyer. User authentication has evolved from a paper-based approach of showing a physical passport or an ID card, to more complex authentication techniques that use biometrics, passwords or one-time tokens, just to name a few.

Furthermore, with the introduction of big data analytics and machine learning to the identity ecosystem, companies can now verify a user’s identity against government and private databases like Trulioo, or by using a photo-based ID document, a selfie and artificial intelligence algorithms like Onfido. Other companies, like Authenteq, go one step ahead and extract data from the user’s scanned government ID, and create a digital biometric electronic ID stored on the blockchain.

As you can see, there is lots of stuff happening in the identity space. Many of the initiatives are working towards a more secure, more trusted and more independent, interoperable digital identity, which might even evolve into a “self-sovereign” identity at some point.

If you want to learn more about self-sovereign identities and which challenges those could solve in both developed and developing countries, make sure to read Part II of our Digital Identity Deep Dive series in the upcoming week!

💐 Last but not least, thanks for great thoughts, inspiration, content and data go to… (aka sources — check these out for further reading, too!):

Christopher Allen: Allen, C. (2016, April 25). The Path to Self-Sovereign Identity. Retrieved from http://www.lifewithalacrity.com/2016/04/the-path-to-self-soverereign-identity.html
Arun, J. (2017, May 12). It’s all about trust: Blockchain for identity management — Blockchain Unleashed: IBM Blockchain Blog. Retrieved from https://www.ibm.com/blogs/blockchain/2017/05/its-all-about-trust-blockchain-for-identity-management/
Arun, J. (2017, May 23). Reimagining the Future of Identity Management With Blockchain. Retrieved from https://securityintelligence.com/reimagining-the-future-of-identity-management-with-blockchain/
Deloitte Digital: Deloitte. (2016). Picture perfect: a blueprint for digital identity. Retrieved from https://www2.deloitte.com/content/dam/Deloitte/global/Documents/Financial-Services/gx-fsi-digital-identity-online.pdf
D-cent. (2013). Research on Identity Ecosystem. Retrieved from https://dcentproject.eu/wp-content/uploads/2015/08/D3.3-Research-on-Identity-Ecosystem_part1.pdf
Sovrin Foundation: Tobin, Andres, and Drummond Reed. “The Inevitable Rise of Self-Sovereign Identity.”Sovrin.org, sovrin.org/wp-content/uploads/2017/07/The-Inevitable-Rise-of-Self-Sovereign-Identity.pdf
Shermin Voshmgir: Voshmgir, Shermin. “Identity as a Bottleneck for Blockchain.” Blockchainhub.net, 17 Oct. 2017, blockchainhub.net/blog/blog/decentralized-identity-blockchain/

👏🏼 If you enjoyed reading this piece leave us a clap or comment below. We are curious to hear your thoughts!

🤖 We are the machine economy team of the innogy Innovation Hub and believe in a future that is decentralized and enabled by machine-to-machine transactions.

💌 This is only the beginning! There will be more “deep dives” in future, so make sure to follow our Medium channel to stay updated. See you soon!

💡If you are a startup working in the field of digital self-sovereign identities or are just curious about the topic, feel free to contact us!

andreacarolina.soto@innogy.com & franziska.heintel@innogy.com