Case for Decentralized Identity

Over the past two decades our digital and physical lives have become increasingly more connected to applications, programs, and devices that we use to access a wide range of experiences. The transition into the digital age has enabled us to connect in ways that were previously impossible with thousands of enterprises and billions of other users. The challenge we face in this transition is bridging the gap between our physical and digital identities.

Today’s conventional structures of identification are fractured, unstable, centralized and exclusive. There are numerous providers that address these issues in the Web2.0 stack. The Web2.0 stack is great, it powers all the applications and experiences we know and love today, but it is limited in its ability to address fundamental issues like identity at a protocol layer — this is where blockchain comes in. In simple terms, the blockchain is a public database, it’s essentially the evolution of cloud computing and a new approach to cloud architecture. In practical terms, the blockchain will serve a vital role in the Web3.0 stack by facilitating the exchange, storage and management of digital identities, providing localized, interoperable and tamper-proof information.

For businesses as usual today, companies collect and store sensitive data about their customers alongside less-sensitive routine business data. In other words, all data collected and stored is treated the same despite the varying sensitivity levels of the data being collected and stored. This dynamic poses serious privacy concerns and governments are starting to catch on. With the emergence of consumer privacy-centered regulation like GDPR and the changing industry emphasis on corporate IT accountability, the landscape is beginning to shift.

A new standard of data management and exchange is being established in response to these pressures. That said, this new standard is hindered by the inherent limitations with respect to identity in the current Web stack. A reliable, universally accepted digital identity solution is required to meet this new standard. Financial institutions and other organizations alike should direct their efforts on the implementation of such a solution. With the implementation of a universal digital identity solution, frictionless exchange will be enabled making it seamless for consumers and enterprises to purchase goods and services, issue sell and trade financial assets, and uphold privacy rights in a digital world.

Each of us needs a digital identity that we own, one that stores all elements of our digital identity safely and privately.

A Case For Decentralized Digital Identity

The root problem within the current digital identity infrastructure is centralization. With centralization it may be easier to manage things but it poses serious security vulnerabilities by creating a large surface area for nefarious actors to target. This inherent challenge calls for a distributed solution. We will never be able to rid this world of bad actors, but we can make it a whole lot harder for them to succeed in their efforts.

A new form of identifier that makes verifiable, decentralized digital identity possible is Decentralized Identifiers (DIDs). A DID identifies any topic that the controller of the DID chooses to define (e.g., an individual, organization, thing, data model, abstract entity, etc.). DIDs have been developed to be decoupled from centralized registries, identity providers, and certification authorities instead of traditional federated identifiers. In particular, while other parties may help discover information related to a DID, the design allows a DID controller to demonstrate power over it without needing any other party’s permission.

The Solution

Bitcoin, a technology protocol that emerged following the U.S. financial crisis of 2008 when confidence in institutions was at an all-time low, is the most prominent blockchain application to date. Despite the boom and bust cycle that Bitcoin has experienced over the past decade, the resilience of the network and the underlying ledger validates the principles of blockchain technology- aligning incentives. Blockchain technology, especially public blockchain protocols, have many distinctive features that solve trust issues and make it an excellent match for identity solutions.

What differentiates blockchain from conventional processing methods, is the underlying immutable and/or unchangeable ledger. All exchange events and/or ‘transactions’ are validated by the nodes in a blockchain network and recorded on the underlying blockchain ledger. The computers in this network work together in a distributed fashion to prove the truth of an event and are rewarded for validating transactions. The ‘reward’ aspect incentivizes participation and good behavior in the network. With this framework in mind, we can leverage blockchain to enforce the truth and validity of any given identity with the use of DIDs.

We’ve seen an explosion in digital identities across virtually all applications this decade. As per the set rules of that application, every user has multiple identities that she creates and retains to use on different applications. This process has yielded an enormous amount of user data with third-party service providers, creating an agency problem; private user-owned data is processed and left at the disposal of such third-party applications. The ownership of the user’s data is no longer hers. Only as the digital age progresses can management of such multiple identities become more cumbersome. Rather than relying on third-party service providers for processing and storing PII data and other sensitive identity information, DIDs can be implemented to put the power and accountability back into the users hands. By building a blockchain and supporting ecosystem for such digital identities, we are trying to solve this problem. The following topics in this paper discusses how such a blockchain and its capabilities could be applied.

Identity Management for Government and Enterprise

Public-based digital identity strategies revolve around citizenship and the processes that public and private institutions’ use to communicate with them. Governments now offer various services to people that are becoming increasingly accessible online, but much improvement is needed to meet the standards called for in the information age.

For governments and other institutions alike, the dynamic of managing identity and security is an ever-evolving challenge. The challenge posed is not necessarily within organizations, identity and security are relatively manageable with current methods. Rather the challenge lies within the exchange of identity and information outside of a given organization to other institutions and their respective digital networks. DIDs powered by blockchain technology are particularly useful in solving trust and identity problems across multiple networks, laying the foundation for complex coordination.

How Services Through A Decentralized Identity Can Be Accessed

Much development needs to be done but foundation being built points to several possibilities. In a straightforward case, an individual generates a pair of private and public keys in an identity wallet. The public key (identifier) in an ITF, is hashed and stored unchanged. A trusted third party then proves and certifies the user’s identity by signing it with its own private key. In the ITF, the qualification record is also kept. It’s enough to show its identifier in the form of a QR code or inside a token if it wants to access a service — Away with endless usernames and passwords, users can now validate their identity in just one step. The service provider verifies the identity by comparing the hash values of identifiers with their corresponding hash records in the ITF. If they match, they are granted entry — all of this happens within a matter of seconds on the backend. The user can derive separate critical pairs from a master private key in more advanced scenarios to create separate identifiers for various relationships to allow privacy-friendly protocols.

With this framework, consortium digital networks can be established between multiple organizations and industries with aligned incentives. Services between organizations can be seamlessly integrated and accessed through these trusted consortium networks, fostering an organic B2B marketplace for a variety of products and services. The organic nature of these networks promotes healthy competition and invites collaboration between organizations of all shapes and sizes. By lowering the technical barriers of entry to complex business networks, services that may have previously not been made available are now within reach to a wider audience of eligible participants.

What Is Required For The Ability Of A Decentralized Identity To Be Leveraged?

We are still in the very early stages of blockchain development. The concepts of blockchain and distributed ledger networks have been around for a couple decades but they have only been in practice for a few years — keep in mind, the Bitcoin network is barely a decade old. So there is plenty of development and iterations ahead of us, but the path to commercialization is starting to become more clear.

To reach the level of commercialization and mass adoption, the blockchain industry needs to work together to establish standards of interoperability between protocols — if blockchain networks can’t communicate with each other then we are just creating further data silos. Industry incumbents should take the lead by investing in R&D and testing DID modules within their organizations and trusted business partners. On the regulatory side, governments could play a vital role in fostering growth through federal grant funding and public/private sector partnerships. The government should be inviting to entrepreneurs and startups that make the effort to present themselves and their innovative solutions. The potential for a variety of government services offered directly to citizens is possible with the implementation of DID, but innovation providers will need access to ‘look under the hood’ if a successful solution is to be implemented and adopted at scale.

The Future of DID

The complexity of the digital age sounds challenging but the underlying principle is simple- we are moving away from paper-based records. This concept is nothing new, we’ve already been on this path for the past half century. We’ve already digitized virtually all types of paper-based records, but the last set of documents that have yet to be truly digitized are cash and identification documents. Just like your driver’s license has a certain look and feel to it, so should your digital identity.

That said, it’s not enough for your digital identity to just be digital, there needs to be a way to validate your digital identity, and ensure that your digital identity is not counterfeited. This is why DIDs are so important, it’s a scalable way to facilitate verification enforcement, pointing to the implications of frictionless exchange. With frictionless exchange combined with privacy right enforcement, trust between all parties involved will be increased. With enhanced trust in exchange, exchange velocity will increase, if exchange velocity increases excess value will be generated resulting in a net gain for society. In other words, the more people trust each other in a society the richer that society will become. Blockchain and other related distributed ledger technologies provide an interoperable, transparent and scalable framework to enforce the trust required for the new global standard of data.

Global Implications

Decentralized identity enhances the experience of end-users and helps companies strengthen the privacy of data.

For commerce and social interactions, the internet is central. Both need robust identity systems to operate, but the identity aspect was not incorporated into the original design of the internet. Organizations have not established any universal services that affirm identification and power over accounts to compensate for this shortcoming. These have, sadly, generally been local in nature.

In its interactions with the online world, the digital economy has thrived on the importance of gathering, checking, and handling user identities. The need for enhanced security and better management of personal and virtual identity data has been fueled by several use cases, from ID issuance and health records to financial transactions and KYC.

Most identity data actually remains stored and maintained in centralized databases and servers, whether from government agencies or IT/telecom/financial firms. Not only does it incur high costs and transparency to have high-value data accumulated in one location, but it also exposes a greater risk of attack, data breaches, and identity theft. Both aspects of the identity management equation have now brought in the incentive to discover and introduce a better way of managing and exchanging personal data.