The Story of Decentralized Identity
Three years ago I was moving from my Jersey City apartment to a new apartment in midtown Manhattan. The real estate agent seeing me through the process explained all the necessary documentation I will need to present to the landlord to prove I’m eligible and worthy of renting a place in the middle of the island.
This was not an ordinary rental application — I had to provide proof of employment, rental background check, bank statements with steady income, savings and investment statements to make sure I had the proper buffer should anything go wrong, even my marriage certificate for reasons I can’t remember now.
And then I got the place! I moved in and all was good. Until the bank called me few days later to inform me that someone wanted to cash in a pretty big check drawn on my account. I asked the bank rep how can they cash it when I don’t even have that much cash in my checking account. They told me “I” had just transferred it from my savings account on the phone with another bank rep.
Luckily, the theft didn’t happen, but it was a masterfully crafted plan:
1. Call the bank in my name; 2. change my phone number to be able to confirm large withdrawal; 3. transfer all my savings to my checking account; 4. make a fake check with my account number and go cash it in.
They were able to do this because they had all my information to prove they are me: access to my balances, my recent deposits, my SSN. Thankfully, the phone number update didn’t happen immediately with the bank, so when they called to verify the large withdrawal they called my real number, instead the updated one. We were able to prevent the fraud, but didn’t catch the person who did it.
Most of the time we don’t realize how much our private data is exposed and shared. Often we don’t even question how much information about us we should share to get something. Do you really need all those sensitive details about me to go through even a simple process as a rental application for a tiny apartment? Why do you need to see my bank history to verify I have sufficient income, or see my name and address on my ID to verify I’m over 21? Why do we still rely on physical documents to prove something about us in this age of technological advancement?
Maybe there’s a solution to this. Blockchain technologies and decentralization is opening up a whole world of possibilities that we’re now beginning to explore. We learn new ways how to work with data, ways that put information privacy and integrity at the core of the solution. Ways that alter the points of trust and move the control closer to us. There has never been a better time to finally make identities and data exchange the right way.
What is a decentralized identity?
To put it simply, it’s a publicly discoverable identity information. It uses blockchain technology to provide tamper-evident information about an entity or a subject. Using crypto technology, identities can be defined as a set of keys used in proving the source and validity of information. This solution allows a model of truth to be established between parties that rely on communication and exchange of data. Because these keys are controlled directly by the subject who owns this identity, they are called self-sovereign identities.
Imagine this system as a public registry of information that maps each identity to a person or a thing. Whenever we need a certain information, we can use these decentralized identities to provide cryptographically signed proofs that can be trusted to be authentic because they were signed by the owner of that identity.
How do we exchange data in a decentralized identity system?
One of the ways information can be exchanged is using a concept called verifiable claims. Verifiable claims is a set of information that the owner of the identity wants to assert about themselves. The owner signs the verifiable claim with their identity information and presents this information to the requesting party (a verifier). The verifier can be sure the information is true and valid because of the cryptographic signature attached to the claim.
One of the benfits of verifiable claims is the ability to do selective disclosure. This is a method of disclosing a proof of information without revealing the actual piece of data. For example, we can prove that we are over age 21, without revealing our date of birth. This is a unique way to protect sharing of unnecessary data and only providing proof what the requesting party is interested in.
Decentralized identities and verifiable claims can provide an ecosystem where data is secure, authentic and controlled by each identity.
There are a number of decentralized identity solutions and organizations today that are working towards this goal.
Sovrin Foundation — decentralized, global public utility for self-sovereign identity. Sovrin initially developed Indy distributed ledger and library which donated to Linux Foundation under the umbrella of the Hyperledger project.
uPort — decentralized identity platform built for the Ethereum blockchain
Authenteq — automatic identity verification and privacy platform which enables users to verify their identity and create their own sovereign digital IDs which are stored encrypted in a blockchain.
Decentralized identity platforms will change the current broken identity system that relies on numerous online services requiring us to remember passwords for each of them. They can help us protect our personal information and allow us to control how this data is shared.