What is a decentralized identity?
A decentralized identity is a self-owned, independent identity that enables trusted data exchange.
Decentralized identity is an emerging Web3 concept based on a trust framework for identity management. Such decentralized identity management includes an approach to identity and access administration that allows people to generate, manage and control their personally identifiable information (PII) without a centralized third party like a registry, identity provider or certification authority.
Considered to be private and sensitive data, PII refers to the body of information about specific individuals that directly or indirectly identifies them. Usually, it combines name, age, address, biometrics, citizenship, employment, credit card accounts, credit history, et cetera. In addition to PII, information that forms a decentralized digital identity includes data from online electronic devices, such as usernames and passwords, search history, buying history and others.
With a decentralized identity, users can control their own PII and provide only the information that is required to be verified. Decentralized identity management supports an identity trust framework where users, organizations and things interact with each other transparently and securely.
2.
Why does decentralized identity matter?
A decentralized identity aims to give people official proof of identity and complete ownership and control over their identities in a secure and user-friendly way.
A verifiable proof of existence is often needed for citizens to access essential services like healthcare, banking and education. Unfortunately, according to Worldbank data, 1 billion people on our planet still do not have an official proof of identity. A considerable part of the population is in a precarious position, unable to vote, open a bank account, own property or find a job. The inability to obtain identification documents limits people’s freedom.
What’s more, traditional centralized identification systems are insecure, fragmented and exclusionary. Centralized identity databases are at risk as they often become prime targets for hackers. From time to time, we hear about hacks and attacks on centralized identity solutions in which thousands and millions of customer records are being stolen from major retailers.
The ownership issues remain as well. Users who have traditional forms of digital identity still don’t have complete ownership and control over them and are usually unaware of the value their data generates. In a centralized scenario, PII is stored and managed by others. Thus, it becomes more challenging, if not impossible, for users to claim ownership of their identities.
Decentralized digital identity addresses these issues by providing a way for digital identity to be used across multiple participating platforms without sacrificing security and the user’s experience. In a decentralized identity framework, users need only an internet connection and a device to access it.
Furthermore, in decentralized identity systems, distributed ledger technologies and blockchain, in particular, validate the existence of a legitimate identity. By providing a consistent, interoperable and tamper-proof architecture, blockchains enable the secure management and storage of PII, with significaant benefits for organizations, users, developers and Internet of Things (IoT) management systems.
3.
What is self-sovereign identity?
Self-sovereign identity is a concept that refers to the use of distributed databases to manage PII.
The notion of self-sovereign identity (SSI) is core to the idea of decentralized identity. Instead of having a set of identities across multiple platforms or a single identity managed by a third party, SII users have digital wallets in which various credentials are stored and accessible through reliable applications.
Experts distinguish three main components known as the three pillars of SSI: blockchain, verifiable credentials (VCs) and decentralized identifiers (DIDs).
Blockchain is a decentralized digital database, a ledger of transactions duplicated and distributed among network computers that record information in a way that makes it difficult or impossible to change, hack or cheat.
Second, there are VCs referred to as tamper-proof cryptographically-secured and verified credentials that implement SSI and protect users’ data. They can represent information found in paper credentials, such as a passport or license and digital credentials with no physical equivalent, such as, for instance, ownership of a bank account.
And last but not least, SSI includes DIDs, a new type of identifier that enables users to have a cryptographically verifiable, decentralized digital identity. A DID refers to any subject like a person, organization, data model, abstract entity, et cetera, as determined by the controller of the DID. They are created by the user, owned by the user and independent of any organization. Designed to be decoupled from centralized registries, identity providers and certificate authorities, DIDs enable users to prove control over their digital identity without requiring permission from any third party.
Alongside SII, which is rooted in blockchain, DIDs and VCs, decentralized identity architecture also embraces four more elements. They are a holder who creates a DID and receives the verifiable credential, an issuer that signs a verifiable credential with their private key and issues it to the holder, and a verifier that checks the credentials and can read the issuer’s public DID on the blockchain. Moreover, a decentralized identity architecture encompasses special decentralized identity wallets that fuel the whole system.
How decentralized identity works
The basis for decentralized identity management is the use of decentralized encrypted blockchain-based wallets.
In a decentralized identity framework, users utilize decentralized identity wallets — special apps that allow them to create their decentralized identifiers, store their PII and manage their VCs —instead of keeping identity information on numerous websites controlled by intermediaries.
Besides distributed architecture, these decentralized identity wallets are encrypted. Passwords to access them are replaced by non-phishable cryptographic keys that do not represent a single weakness in the case of a breach. A decentralized wallet generates a pair of cryptographic keys: public and private. The public key distinguishes a concrete wallet, while the private one, which is stored in the wallet, is needed during the authentication process.
While decentralized identity wallets transparently authenticate users, they also protect users’ communications and data. Decentralized apps (DApps) store PII, verified identity details and the information needed to establish trust, prove eligibility or just complete a transaction. These wallets help users give and revoke access to identity information from a single source, making it faster and easier.
On top of that, this information in the wallet is signed by multiple trusted parties to prove its accuracy. For example, digital identities can get approval from issuers such as universities, employers, or government structures. Using a decentralized identity wallet, users can present proof of their identity to any third party.
4.
The pros and cons of decentralized identity
The four main benefits of decentralized identity management include control, security, privacy and ease of use. However, the main concerns are a low level of adoption, the lack of regulation and interoperability.
Control gives identity owners and digital devices power over their digital identifiers. Because users have complete control and ownership of their identities and credentials, they can decide which information they want to reveal and can prove their claims without depending on any other party.
Security reduces attack surfaces by storing PII. Blockchain is an encrypted decentralized storage system that is safe, flexible and impenetrable by design, reducing the risk of an attacker gaining unauthorized access to steal or monetize user data.
Decentralized identity management also helps organizations reduce security risks. Based on how organizations collect, process and store users’ data, they are subject to regulations. Organizations face sanctions and fines even for unintentional rule violations or data breaches. With decentralized identity management, they have an opportunity to collect and store less identity data, simplifying their compliance responsibilities and reducing the risks of cyberattacks and information being misused.
Privacy enables entities to use the principle of least privilege (PoLP) to designate minimal or selective access for identity credentials. PoLP is a term correlated with information security. It states that any person, gadget or process should only have the minimal rights necessary to execute the considered task.
And last but not least, decentralized identity technology gives users the advantage of easily creating and managing their identities with user-friendly neoteric decentralized identity apps and platforms.
As for flaws and drawbacks, there are a bunch of them, primarily — adoption. Governments and organizations are still attempting to figure out how to deploy the decentralized identity technology at scale, while most non-tech users have not even heard of this phenomenon.
Overcoming the legacy systems and regulations and creating interoperable global standards and governance are also important issues. While a secondary issue, identity data fragility, which refers to duplication, confusion, and inaccuracy in identity management, remains.
5.
Decentralized identity protocols
Several identity protocols, from crypto startups to big tech solutions, deal with decentralized identification, and each has its specifics and features.
Though the decentralized identity technology is fairly new, initiatives and players in the decentralized identity space, software for implementing decentralized identity wallets and supporting services are plentiful. They range from the Hyperledger open-source developing community, through a range of decentralized identity protocols and startups, to some of the biggest names in the industry.
Decentralized identity protocols and private identity stores such as uPort or 3Box are called identity hubs. Recently, the Ethereum-based uPort platform split into two new projects: Veramo, an open source framework for identifiers and credentials, and Serto – both of which carry on the mission of decentralizing the internet. 3Box Labs, in turn, went headlong into the development of Ceramic Network, a decentralized data network that brings unlimited data composability to Web3 apps, and Identity Index (IDX), a cross-chain protocol for decentralized identity and interoperable data.
Other DID platforms are ION, an open public layer-2 decentralized identity network that runs atop the Bitcoin (BTC) blockchain based on the purely deterministic Sidetree protocol. The notable Polkadot (DOT) ecosystem player Dock protocol enables everyone to issue and build solutions for decentralized identity and verifiable credentials that are instantly verifiable using blockchain. The Sovrin Network is an open-source, decentralized, public identity network metasystem to create, manage and control self-sovereign digital identity. ORE ID is the universal authentication and authorization platform for blockchain that functions cross-chain.
Connecting blockchain with crypto-biometrics, the Humanode project enables liveness detection checks that help identify real and unique human beings while accessing wallets and platforms and provide Sybil-resistance to any decentralized identity network.
Moreover, in the background, many vendors that provide decentralized identity wallets or help organizations incorporate the technology into their apps are members of the Decentralized Identity Foundation and the Trust Over IP Foundation. The World Wide Web Consortium provides standards for identity technologies and interoperability via the W3C-DID and VC projects. These organizations are working tirelessly to standardize and shape decentralized identity.
The future of decentralized identity
The decentralized identity space is still in its infancy; however, it is clear that it has the potential to change existing identity management for the better.
The world moves more toward Web3, the next evolution of the internet. Through decentralization and blockchain technology, an increasing number of people are taking back control of their data.
The digital identity space is still in its inception; however, from all the above discussion, it is obvious that decentralized identity with blockchain has the potential to make identity management decentralized, simplified and seamless, completely transforming the landscape.
While startups and DID initiatives continue to develop proofs of concepts for decentralized identity in government, finance, healthcare and other fields, the opportunities for decentralized identity continue to grow.
Overall, the goal is to make users feel more empowered online and build up and share a verifiable reputation and proof of existence. Analysts predict that one of the latest hottest trends in the tech industry — the Metaverse — may become a key initiator for decentralized identity spread.
With the advancement of avatars in the form of nonfungible tokens serving as users’ digital identities within virtual spaces, soulbound tokens, blockchain, biometrics and related cutting-edge technologies, decentralized identity will soon reach the masses in the flourishing Web3 ecosystem, which will boom in the coming years