What’s Next for Blockchain? Decentralized Identity

An innovative approach to identity management, decentralized identity provides a blockchain-based mechanism for expressing personal credentials in a cryptographically secure, private, and machine-verifiable way. The decentralized identity mechanism relies on a trust network in which identifiers (such as usernames) are replaced with self-owned and independent IDs. This way, it facilitates information flow through blockchain technology which ensures privacy and security.

This mechanism provides an identity wallet where consumers can store verified information about themselves from certified issuers. These issuers are the source of credentials and include various government bodies (e.g. issuing passports), corporations (e.g. employment credentials) national agencies, educational institutions (e.g. diplomas), and certification bodies. Holders, who request their verifiable credentials from these issuers, hold their credentials in their digital wallets. When verifiers request them, holders present proofs of claims from one or more credentials.

The World Wide Web Consortium (W3C)’s Decentralized Identifier Working Group has recommended a data model for verifiable credentials as a key building block for decentralized identity which will provide more autonomy and privacy to the holders. Under this model, the information represented by a verifiable credential parallels that of a physical credential. Empowering verifiable credentials with technologies such as digital signatures makes them more tamper-evident and trustworthy than physical credentials.

Holders of verifiable credentials can generate verifiable presentations and share them with specific verifiers as proof they own verifiable credentials with certain characteristics. Some types of verifiable presentations can include data that is synthesized from but does not include the original verifiable credentials, such as zero-knowledge proofs. Unlike their physical counterparts, verifiable credentials and verifiable presentations can be transmitted quickly, which makes them more convenient for establishing trust at a distance.

To enable verifiable, decentralized digital identity and allow individuals and organizations to create their own identifiers using trusted systems, a new type of identifier is used - decentralized identifiers (DIDs). They refer to any subject (a person, organization, item, abstract entity, data model, etc.), as determined by the DID controller (an entity that can modify a DID document). These identifiers are used within verifiable credentials to create a link between them.

DIDs are a type of Uniform Resource Identifiers (URIs), which is the standard identifier format for all resources on the Internet. This URI type couples a DID subject with a DID document, allowing trustable interactions associated with that subject. Every DID document can express cryptographic material, verification methods, or services, which provide a collection of mechanisms allowing a DID controller to prove control of the DID. Services facilitate trusted interactions related to the DID subject. 

To advance the interests of the decentralized identity community, give control to entities over their identities, and allow trusted interactions, the Decentralized Identity Foundation (DIF) was born. Its main purpose is to perform research, cultivate and advance ideas and solutions, as well as enable industry-wide discussions, experimentation, and demonstration of interoperability. Additionally, this foundation works closely with standardization bodies to ensure the formalization of the more matured concepts or solutions in the most suitable organizations.

One of the corporations recognizing the importance of decentralized identity is Microsoft, which is advancing it through its in-house solutions. Microsoft holds the belief that everyone has the right to own their digital identity, which is secure and private. It also believes that this identity must be able to seamlessly integrate into daily life and grant full control over data access and use.

With this in mind, the corporation has designed its Azure Active Directory (Azure AD) to enable the use of decentralized identifiers and verifiable credentials, to validate and share information digitally. Azure AD enterprise identity service provides single sign-on, multi-factor authentication, and conditional access to shield the workforce and other users from cyber attacks. Microsoft isn’t the only company advancing decentralized identity. IBM has launched the alpha version of its Verify Credentials, to show how it’s creating a decentralized approach to identity management. To achieve this, IBM is building on top of open standards in combination with the DIF, W3C, and other standards groups.

Under the influence of the Covid pandemic, early implementations of decentralized identity management systems have begun enrolling elsewhere around the world. For example, South Korea’s Jeju Island launched a blockchain-based contact tracing system for tourists, allowing them to identify themselves when visiting tourist destinations. Thoughtworks China has come up with TWallet, a blockchain-based mobile digital wallet that validates users’ identities and enables secure mobile payments. Payments are authenticated on the user’s mobile device, so no data is shared across the internet.