Blockchain for Decentralized Identity — Adoption
Reusable Identity is at the cusp of a significant paradigm shift. The above map, courtesy cheqd5 shows the adoption of self-sovereign identity worldwide. Covid-19 triggered implementations for healthcare (covered in the fourteenth blog). IATA (International Air Transport Association) is sponsoring standards and triggering adoption in the travel sector (outlined in the twelfth blog). The EU is leading with regulations and public sector sponsorship with EBSI — European Blockchain Services Infrastructure (as explained in the thirteenth blog). Canada, with the Pan Canadian Trust Framework, is also making strides (covered in the eighth blog). Social Innovation for financial inclusion and humanitarian causes has made progress (covered in the ninth blog). Global Legal Entity Identifiers is improving Digital Commerce (as outlined in the tenth blog). There are numerous pilot initiatives underway across the globe.
While progress with standards and governance is underway, use case implementations are going on in parallel. Here are some noteworthy live projects in the public and private sectors.
Some notable public sector4 live implementations include:
1. British Columbia Government of Canada Orgbook — It enables 1.4 million business owners to prove ownership of businesses using a public registry of Verifiable Credentials (explained in the fourth blog).
2. NHS (National Health System) Staff Passport — in the United Kingdom, it enables 1.4 million healthcare workers to achieve worker portability across more than 1200 hospitals (covered in the fourteenth blog).
3. NY Excelsior Pass — enables twenty-one million New Yorkers to provide proof of Covid-19 vaccination status.
4. Covid-19 vaccination certificate in Japan — for 2.4 million users provide immunity passport for Covid-19.
There are plenty of pilots in the European Union (as outlined in the thirteenth blog).
Some significant private sector4 live implementations include:
1. Zada — in Healthcare in Southeast Asia for one billion people to enable them to obtain their vaccination records on mobile.
2. Yoma in Education in Africa, where students can develop their skills, find opportunities and build careers (covered in the seventeenth blog).
3. Member pass — in Financial Services powers authentication for credit union members in the US, allowing them to call in, walk in or log in to their branch.
4. Farmer Connect — A Supply Chain solution for half a billion users in Vietnam and Brazil. It enables farmers to use data from the supply chain to obtain credit.
What determines a successful self-sovereign identity implementation? Here are some criteria to ensure the privacy and security of the users. These, if done right, promote digital trust in the ecosystem.
1. The network ensures portability and interoperability. It is easy for people to take their reusable credentials with their wallets to any provider.
2. The system is built on mutual trust between the issuer, holder, and verifier. In addition, there are mechanisms to substantiate evidence.
3. Use of safe signatures to prevent co-relation. While sharing proofs with a verifier, only provide evidence that the issuer signed it, not his (the issuer’s) signature.
4. The ability to share specific claims and not the whole verifiable credential. This flexibility ZKP (zero-knowledge proof) supports the principle of data minimization. The system also supports the creation of compound attestation proofs stitching together claims from multiple verifiable credentials.
5. The environment prevents co-relation. It decouples the issuers from the verifiers. Therefore, the verifier should not be able to contact the issuer.
According to Gartner, Decentralized Identity was entering the Trough of Disillusionment in August 2021. While there is still more work to be done, Self-sovereign identity has made tremendous strides.
What are some inhibitors to widespread adoption?
1. We must approach self-sovereign identity as solving a business problem for the customer. It requires a well-defined business case with outcomes and value delivered for the customer. Technology with standards and policies are the enablers. We need to avoid standards paralysis and balance interoperability with innovation. Hence, approach a project with the customer and their underserved needs.
2. We need issuers adopting self-sovereign identity principles (outlined in the first blog) to issue credentials. Proxy issuers are a solution when an organization is not ready with its infrastructure to start providing credentials. In some countries, Financial Institutions issue credentials that verifiers accept. Public sector-issued credentials also help foster adoption.
3. Impeccable product experiences — simple, easy-to-use processes solving customer problems will aid adoption (as explained in the sixteenth blog). The solution is less about a dance of protocols, QR codes, and dialog boxes. Instead, strive to abstract the complexity. Where possible, get user consent up front for actions without exposing every step of the DID (decentralized identifier explained in the third blog) exchange protocol.
4. Building robust, sustainable governance takes time. Adopting an MVG (minimum viable governance) and starting small by making trust registries within industry verticals helps. An example is IATA (International Air Transport Association) for travel (as covered in the twelfth blog).
Self-sovereign identity has no limitations by industry sector for implementation. Identity is pervasive across all sectors from government, education, travel, healthcare, and the supply chain. Any business process that needs identification of one’s identity credentials for authentication will adopt it in the metaverse and across the universe.
In 2020, identity theft in the US cost $712.4 billion5. In the United Kingdom, the same year, the cost of Debit and Credit card identity theft was 29.7 million pounds. The problem is significant and needs to be addressed. Self-Sovereign Identity can help.
I will cover The Art of the Possible in the next post.
To reference previous posts refer to this link. Again, I would suggest reading the posts in succession.
Glossary:
DID (Decentralized Identifier)
Like a Uniform Resource Name, a globally unique identifier that somebody can universally discover a DID on a blockchain using a method. A DID is an interoperable, open-sourced web standard delivered by the W3C2. Each DID is associated with only one DID document.
DDO (A DID Document)
The DID document contains the DID description, the public key for verification, a set of authentication protocols, service endpoints, a timestamp, and a signature.
Digital Wallet
A digital wallet is a software used to digitally store (usually in a smartphone) the contents of a wallet, like IDs, loyalty cards, and financial instruments used for payments. In essence, it is a digital version of a physical wallet.
Entity
A person, organization, or thing
Holder
An identity owner and user of a Digital Wallet where their credentials are accepted, stored and controlled using verifiable credentials. The holder approves attestation requests from verifiers and delivers the same.
Issuer
An issuer is a credible provider of identification documents; their signature (key) attests to the credentials’ validity. Governed by Governing Bodies or Trusted Anchors, issuers can belong to an ecosystem of trusted entities that issue documents/credentials with claims data. Issuers have the infrastructure to access a public blockchain to issue and revoke credentials. The schema and their definition of credentials are on the blockchain.
Private Key
A private key is stored cryptographically in the digital wallet of the entity (holder) in the decentralized identity ecosystem. As the name implies, it is personal for the identity owner.
Presentation or Proof
The proof attests a claim or compound claims from the holder to the verifier to prove some form of identification to complete a transaction. All are achieved without making contact with the issuer.
Public Key
A public key is a cryptographic key stored on the blockchain visible to others. It identifies the identity of an entity. Along with the private key, the public key can read encrypted messages for the entity.
Self-Sovereign Identity (SSI):
A decentralized way to manage the identity of an entity is built on the principles of transparency, interoperability, portability, and consent from the owner who controls what they own, know, and have.
Smart Contract:
A program on the blockchain network; executes transactions within certain parameters. For example, a smart contract within a token NFT can receive royalties each time it is sold.
Verifiable Credential
A credential is an attestation of authority, competence, or qualification given by an authorized party (issuer) to an entity (holder). It consists of metadata, claims, and proofs and has one or many claims related to an entity’s identity. It is to respond to attestations for proof of a claim. Claims from multiple verifiable credentials consolidated to respond to a request for proof is called a compound verifiable credential.
Zero-Knowledge Proof
Contains claims or attributes that prove something about an entity without exposing co-relateable information about them.
References
1. View from the field, Riley Hughtes at TOIP
2. https://www.weforum.org/agenda/2021/10/technology-trends-top-10-mckinsey/
4. www.trinsic.com Global VC Adoption Tracker
5. Self-sovereign Identity, How big is the market opportunity by Cheqd
Contact
Linkedin https://www.linkedin.com/in/anitarao/,
Twitter @anitaprao,
Blog https://rao-anita.medium.com/
#SSI; #decentralizedidentity; #blockchain; #digitalidentity; #selfsovereignidentity; #identity; #dlt; #web3; #web3.0; #dApps; #digitalwallets; #distributedledger
