The need for decentralized identities

The world is in the middle of a global and holistic digital transformation on every imaginable level. Businesses that recognize this trend and embrace technological innovation will be able to align their technologies, products and services and extend their market dominance. The development of the so-called Internet of Things (IoT), the vision of seamless networking and automation of data, systems and devices, is one of the relevant issues. Vehicles that increasingly communicate and perform driving operations autonomously, artificial intelligence in medical fields which use data to make more accurate diagnoses of patients, cities that become smart, and more importantly, big data and sensors that enable accurate forecasts and efficiencies are just the tip of this technological transformation.

How can we ensure that these grand visions do not end in digital chaos?

The fundamental technical requirements and features that encompass almost all these visions are

  • interoperability and nondiscrimination,
  • scalability,
  • resource efficiency, as well as
  • trust and security.

We see the application of distributed ledger technology in connection with so-called decentralized (or self-sovereign) identities as fulfilling essential properties of these core requirements. This is a new concept based on proven cryptographic methods and it offers transparency for each participant. At the core of the concept is the user (a human or even a machine or device), who manages control over his own identity and correlated data, making unmonitored data use by third parties enormously difficult by having the user provide only necessary and verifiable identity data. This approach enables a high degree of privacy and a secure exchange of correlated attributes, as well as easy peer-to-peer communication without middlemen.

Over the next few chapters and blog posts, we will discuss this topic on a high technical level, but also in a straightforward way, so that you can become an expert on decentralized identities too! First, we will clarify what a (digital) identity is and what approaches and challenges exist today, before we go in depth on the central components of decentralized identities, verifiable credentials, and distributed ledger technology, ending with the potential of these components and how they work together.

What is an identity?

An identity is essencially a collection of information of an entity, which could be a person, an organisation, a device, a digital assset such as a website, or a sofware application. This information describes the entity, e.g. your organisation, and is broken into smaller pieces (or sub identities), each connecting specific details or attributes about the entity.

In addition, several identities (or sets of information) can be linked to a single entity.

Attributes are the specific details that make up these identities, such as your name, address, phone number, or even digital identifiers like a MAC address. The key idea in self-sovereign identity is that you have full control over these details, allowing you to manage and share your identity as needed.

What is the essence of a digital identity?

In the world we live in, an identity is usually represented by a physical object. For instance, nowadays everyone has a passport, a driver’s license, maybe even a company ID card or a membership card of a gym or a club. This asset can be used to prove an affiliation and the attributes it contains, such as the date of birth, can be used for authorization by third parties.

Let’s assume a person (here: the entity) wants to purchase a beer at a bar. They will provide physical proof of their identity in the form of an ID card to the bartender who recognizes that certain authenticity attributes are present on the ID and that it comes from a known issuer, e.g. the Federal Republic of Germany. The link of the ID itself to the entity is established via a comparison of the image and the person. Based on the associated attribute “date of birth”, the bartender can also verify the person is authorized to purchase a beer, provided that the legally required age has been met. As a result, the bartender can take the order.

We should always keep this concept in mind for the following approaches and digital processes, as it wasn’t possible to implement this concept in the digital world without challenges so far. The risk of misuse and falsification of digital identities on the internet is immense, since it is difficult to verify a digital identity on the basis of its characteristics.

Most of us have multiple online accounts from different providers, each covering one or more specific services in our daily lives, but each time requiring certain characteristics of the user. These characteristics are present in online accounts that we have to create and verify ourselves.

The online account in conjunction with the characteristics stored there, such as picture, age, place of residence or occupation, then form our digital identity, to which we gain access when we log in with the correct credentials to the identity held by the service provider.

The steps of the process are as follows:

A user would like to use a website or a service. To do so, they must specify which digital identity belongs to them by entering their username. To prevent anyone from logging in with this name and using the service without authorization, the user must prove that they are the real holder of the identity. For digital identities, there are three categories of methods to do so:

  • Through knowledge (e.g., a secret password),
  • possession (e.g., a card, a cell phone, an ID card), or
  • properties (e.g., biometric properties such as fingerprints).

Or a combination of the above.

The majority of us will be mostly familiar with proving through knowledge by entering the password or PIN. After entering it into the form, the provider checks the password against their system, which authenticates the user to the service, granting them access.

But current identity solutions have several restrictions.

– read about the status quo of digital identities in the handbook, Part 2 –