Unlocking Identity: A Deep Dive into Decentralized Identifiers (DIDs)

A closer look on the terminologies connected to the process of authentication of a user on websites and applications.

What is an Identity and Why Should We Care About It?

Identity refers to the sense of who we are as individuals and who we stand for in social groups. It is a fact of who and what a person is. In the context of digital systems and the online world, it refers to the characteristics, attributes, and information that distinguish a person, entity, or thing from others. Identity is crucial for various reasons, and there are many reasons why we should care about it: It enables secure access, personalized experiences, trust, and privacy in digital interactions. It reflects who we are and gives us control over our online presence

We, as individuals over internet, maintain a lot of different identities. We don’t have one common identity card or a common account that has the same details over multiple websites. This is because every website has very specific requirements or details of your data. As a result, there are many different types of identities an individual possesses in the digital age.

Types of Indentities

As there are many identities they can be categorized into the following types :

1) Centralized Identity : This type of identity is managed by a central authority like the government or an organisation. This authority controls and verifies the authenticity of the identity.

2) Distributed Identity : Distributed identities are managed across multiple entities without a controlling authority. The data attached with this identity is in complete control of the holder.

3) Federated Identity : This identity is shared across multple platforms and organisations for the purpose of uniformity and eliminating the hassle of creating a new identity for different organisations/websites. An example would be SSO(Single Sign-On) Systems.

4) Self Sovereign Identity : This type of identity is used in distributed technologies like the blockchain systems. The users manage and selectively share information without the control of any central authority.

5) Biometric Identity : This identity is based on physical traits such as fingerprints, iris patterns or facial features. It is diffcult to forge or replicate this identity.

6) Anonymous Identity : This type of identity protects the user privacy by concealing personal information. It allows interaction without revealing true identity. Examples include private online forums, incognito mode, etc.

Illustration of biometric identities

Fallacies of Central Identities

Centralization of identities may seem like a very logical thing because it has been inplace for so many years and has helped large companies and organizations to manage the identitites of their employees.

Intuitively, when we think of central identities, we think about the aggregation of all identities in a centralized data store. It can be attempted , however, The data in itself may not be uniform as it has distributed origins and attempting to aggregate the data itself leads to an insoluble set of problems and side effects as it a data of the scale of the internet, in other words, limitless.

The goal of distributed management is to give the power of holding the information and managing it in the hands of the individuals which only has to be issued by an issuer and verified using verified credentials(VC) by the service or organization demanding verification. The VC’s act as a shared foundation of trust between the holder, the issuer and the verifier. Thus, this eliminates the need for a large centralized data store and also the gives the power of sharing of information in the hands of the holder.

Importance of Distributed Identities

Identity serves as the foundational pillar of the contemporary digital economy, enabling individuals to engage with online services, governments, and organizations effectively.

Central identity relies on personal identifiable information(PII) that, if breached and misused can lead to identity theft. Decentralized identity can potentially be more resistant to identity theft attempts. It offers a highly resilient approach because of the distributed nature of blockchain.

The 3 pillars of Self-Sovereign Identity (SSI) are Verifiable Credentials, blockchain, and decentralized identifiers

How Will The System of DIDs Work?

Let us take an example of a college student say Ryan. His new digital wallet empowers him to own and control credentials. Since it’s not tied to any one organization, authoritative sources can confidently issue standards-based credentials to Ryan .When he presents these credentials, websites and apps can check whether they are valid or not. For example, by confirming with a university that he’s a student there and then grant access accordingly. While this process may be easier, how do we know it’s trustworthy?

Decentralized identifiers leverage proven cryptographic systems. When Ryan presents his credentials, his digital wallet generates a unique identifierand signs it using a private keysecured by a biometric proof or pin that only he knows. The uniquely paired public key is published to a distributed ledger. Ryan can present his digital student ID card to a bookstore, and before granting a discount the bookstore can confirm that the university issued the card to him. This experience mimics what Ryan does today. He can digitally present and authenticate a set of verifiable credentials just as he would present a physical card.

From the above example we can see that DIDs, if implemented correctly can ease the process of identification process at the same time making the system more secure.

The 3 parties involved in the use of Decentralized Identities

Creating and Authenticating Digital Identities

Decentralized Identifiers (DIDs) are created using a method that involves generating a unique identifier and associating it with cryptographic keys. This process is similar to the ones used by the block-chain technologies today. So here are the steps that go into creation of digital identifiers :

1. Generate a unique identifier
2. Create a DID document : A DID document basically a JSON-LD (JavaScript Object Notation for Linked Data) document.
3. Generate a pair of cryptographic keys : A Public key to verify the data and the private key to sign the data.
4. Associate the keys with the DID document
5. Publish the DID : Publish the DID document at a location that is accessible by other people and services, for example a distributed ledger or a DID managing application.

Authenticating a Decentralized Identifier (DID) involves verifying the ownership and authenticity of the DID itself and the associated attributes or data. The process of authentication can vary based on the context and use case of the DID. Some of the techniques used in the process is :

1. Biometric Authetication : One technique like the one used in the above example is the use of biometric authentication as it is really difficult to forge a fake biometic credentials.
2. Blockchain-Based Proof : Some DID methods use blockchain technology to provide proof of ownership.
3. Verifiable Credentials : Verifiable credentials issued by trusted entities can also be used for authentication. If a DID holder presents a verifiable credential issued by a reputable source, it verifies their identity and can be used for authentication purposes.\
4. Multi-Factor Authentication : Combining different authentication methods, such as something the user knows (a password), something the user has (a private key), and something the user is (biometrics), can enhance the security of DID authentication.

Benefits

DIDs capitalise on the flaws of the centralized identity sytems. The benefits of choosing to adopt DIDs over centralised identities include :

1. Privacy and Control : The biggest weakness of centralized identities is that the holder does not have control over the sharing of their identity within organizations. This is resolved by the DIDs as the control of information is with themselves. Users have granular control over what identity attributes they disclose and to whom, reducing the risk of oversharing personal data.
2. Decentralization : DIDs operate in a decentralized manner, removing the need for a central authority to manage identities. This reduces the risk of single points of failure, data breaches, and unauthorized access to sensitive information.
3. Reduced Data Silos : Traditional identity systems often result in data silos where each service provider stores its own copy of user data. With DIDs, individuals can control and share their identity attributes without the need for duplicating data in multiple databases.
4. Future-Proof : DIDs are designed with flexibility in mind. They are not tied to specific technologies, platforms, or protocols, making them adaptable to future advancements in decentralized identity and related technologies.
5. Auditability : Unlike centralized identities where the information is quite difficult to track the usage and transactions, DIDs provide a means for tracking the history of changes and interactions associated with an identity. This auditability can be valuable for compliance, legal, and accountability purposes.
6. User-Centric Empowerment : The concept of DIDs can shift the power dynamics of identity management from the central organizations to users themselves. It gives them the power to participate in digital transactions themselves.

Disadvantages

While DIDs offer numerous advantages, it’s important to consider the specific context and use cases in which they are being applied. Like any technology, DIDs have their limitations and challenges :

1. Comlpexity : Having centralised identities make it easier to manage the different identities. The decentralized nature of the DIDs can make it difficult ot operate and manage.
2. Scalability : As the usage of DIDs grows, scalability becomes a concern. Blockchain-based DIDs can face performance limitations as the number of DIDs and associated transactions increases, potentially leading to slower processing times and higher fees. This can also lead to significant impact on the environment.
3. Interoperability : Since there is a lack of standardised protocols and frameworks of DIDs, different platforms and blockchain services may choose to operate DIDs differently. This may hinder the use of DIDs against different services and devices.
4. Cost Efficiency : Since this technology is closely related to blockchain technology there are some problems faced by both of them, one of them being the cost of running these networks. Implementing and maintaining DIDs, especially on blockchain networks, can come with associated costs such as transaction fees, gas fees, and infrastructure expenses.
5. Regulatory Issues : Self-sovereign identity models, including DIDs, can sometimes clash with existing regulations and legal frameworks related to identity verification, data protection, and privacy. Achieving compliance while maintaining the benefits of decentralized identity can be a complex task.

Conclusion — A nascent technology

The goal of DIDs is to provide a standardized way to achieve self-sovereign identity while allowing flexibility in the choice of underlying technologies and protocols.

Also, a technology being decentralized, in and of itself, does not mean that there is no centralized control. While a decentralized network can be designed to have no centralized control, an entirely centralized authority can use decentralized technology to enforce it’s centralized control. So, it is not entirely a completely de-centralised concept since that is difficult to achieve and regulate. The entire concpet of DIDs work on one important factor that is ‘trust’. Without trust, the implementation of Decentralized Self-Sovereign Identities is not useful.

While there are many pros and cons of implementing decentralized identity, it’s important to understand that it is still a new technology, and more research is being conducted to resolve the problems associated with this concept.