What’s Next for Blockchain? Decentralized Identity
Our credentials are an inseparable part of our daily lives and our identity. We use ID cards to prove who we are, driver’s licenses to prove we can operate a motor vehicle, university diplomas to prove our level of education, passports to travel between countries, and more.
Sadly, most of these credentials and globally unique identifiers (phone numbers, usernames, tax IDs, barcodes, RFIDs, etc.) are not under our control. We receive them from external authorities that decide who or what they refer to and when or if they can be revoked. What’s worse, they’re only useful in specific contexts, not always available when needed, and are recognized only by certain bodies (which we can’t choose). They are also tamper-susceptible and can become invalid if the issuer no longer exists. And if you lose them, you have to go through the tedious and slow bureaucratic process of having them issued to you again. These are just some of the problems of traditional credentials and identifiers. Luckily, technology has come up with a revolutionary solution - the concept of decentralized identity.
What is decentralized identity?
An innovative approach to identity management, decentralized identity provides a blockchain-based mechanism for expressing personal credentials in a cryptographically secure, private, and machine-verifiable way. The decentralized identity mechanism relies on a trust network in which identifiers (such as usernames) are replaced with self-owned and independent IDs. This way, it facilitates information flow through blockchain technology which ensures privacy and security.
This mechanism provides an identity wallet where consumers can store verified information about themselves from certified issuers. These issuers are the source of credentials and include various government bodies (e.g. issuing passports), corporations (e.g. employment credentials) national agencies, educational institutions (e.g. diplomas), and certification bodies. Holders, who request their verifiable credentials from these issuers, hold their credentials in their digital wallets. When verifiers request them, holders present proofs of claims from one or more credentials.
A verifier can be a person, organization, or thing seeking trust assurance about the subjects of credentials by requesting proofs from holders of the claim(s) from one or more verifiable credentials. Should the holder agree, the holder’s agent responds with proof verifiable by the verifier. The critical part of this process - the verification of the issuer’s digital signature - is usually carried out via a decentralized identifier (DID).
The decentralized identity mechanism relies on a trust network in which identifiers (such as usernames) are replaced with self-owned and independent IDs. This way, it facilitates information flow through blockchain technology which ensures privacy and security.
W3C verifiable credentials
The World Wide Web Consortium (W3C)’s Decentralized Identifier Working Group has recommended a data model for verifiable credentials as a key building block for decentralized identity which will provide more autonomy and privacy to the holders. Under this model, the information represented by a verifiable credential parallels that of a physical credential. Empowering verifiable credentials with technologies such as digital signatures makes them more tamper-evident and trustworthy than physical credentials.
Holders of verifiable credentials can generate verifiable presentations and share them with specific verifiers as proof they own verifiable credentials with certain characteristics. Some types of verifiable presentations can include data that is synthesized from but does not include the original verifiable credentials, such as zero-knowledge proofs. Unlike their physical counterparts, verifiable credentials and verifiable presentations can be transmitted quickly, which makes them more convenient for establishing trust at a distance.
To enable verifiable, decentralized digital identity and allow individuals and organizations to create their own identifiers using trusted systems, a new type of identifier is used - decentralized identifiers (DIDs). They refer to any subject (a person, organization, item, abstract entity, data model, etc.), as determined by the DID controller (an entity that can modify a DID document). These identifiers are used within verifiable credentials to create a link between them.
These identifiers are different from traditional, federated identifiers because DIDs, by design, can be separated from centralized registries, identity providers, and certificate authorities. To be more precise - while other parties can be used to facilitate the discovery of information related to a DID, the design allows its controller to prove control over it without needing permission from any other party.
DIDs are a type of Uniform Resource Identifiers (URIs), which is the standard identifier format for all resources on the Internet. This URI type couples a DID subject with a DID document, allowing trustable interactions associated with that subject. Every DID document can express cryptographic material, verification methods, or services, which provide a collection of mechanisms allowing a DID controller to prove control of the DID. Services facilitate trusted interactions related to the DID subject.
Decentralized Identity Foundation (DIF)
To advance the interests of the decentralized identity community, give control to entities over their identities, and allow trusted interactions, the Decentralized Identity Foundation (DIF) was born. Its main purpose is to perform research, cultivate and advance ideas and solutions, as well as enable industry-wide discussions, experimentation, and demonstration of interoperability. Additionally, this foundation works closely with standardization bodies to ensure the formalization of the more matured concepts or solutions in the most suitable organizations.
Microsoft, IBM, others jump on the bandwagon
One of the corporations recognizing the importance of decentralized identity is Microsoft, which is advancing it through its in-house solutions. Microsoft holds the belief that everyone has the right to own their digital identity, which is secure and private. It also believes that this identity must be able to seamlessly integrate into daily life and grant full control over data access and use.
With this in mind, the corporation has designed its Azure Active Directory (Azure AD) to enable the use of decentralized identifiers and verifiable credentials, to validate and share information digitally. Azure AD enterprise identity service provides single sign-on, multi-factor authentication, and conditional access to shield the workforce and other users from cyber attacks. Microsoft isn’t the only company advancing decentralized identity. IBM has launched the alpha version of its Verify Credentials, to show how it’s creating a decentralized approach to identity management. To achieve this, IBM is building on top of open standards in combination with the DIF, W3C, and other standards groups.
Under the influence of the Covid pandemic, early implementations of decentralized identity management systems have begun enrolling elsewhere around the world. For example, South Korea’s Jeju Island launched a blockchain-based contact tracing system for tourists, allowing them to identify themselves when visiting tourist destinations. Thoughtworks China has come up with TWallet, a blockchain-based mobile digital wallet that validates users’ identities and enables secure mobile payments. Payments are authenticated on the user’s mobile device, so no data is shared across the internet.
In today’s increasingly decentralized world, it’s only natural that blockchain plays a crucial role in returning the control over our identities and other data back to where it’s supposed to be - in our own hands. Standardized by W3C and DIF, and backed by giants like Microsoft and IBM, decentralized identity gives individuals back the control over where, when, and with whom they share their credentials. As for organizations, it allows them to verify electronic data, improve transparency and verifiability, and reduce risk in operations. Finally, it enables developers to design user-centric apps and services, as well as create true serverless apps that store data with users.
What do you think the future holds for decentralized idenitity? Have any questions or comments, or have you noticed something we missed? We’d love to hear from you, so drop us a comment! We also invite you to check out our blog or join us on our informative and entertaining Blockchain Innovators podcast. There you can learn more about the revolutionary world of blockchain and its constant innovations.