Blockchain for Decentralized Identity — The Art of the Possible
According to Liminal Strategy Partners4, the market opportunity for identity will grow from USD 32.8 billion in 2022 to USD 266.5 billion by 2027, at a CAGR of 68.9%. Furthermore, adoption by the public sector has a flywheel effect on the private sector. Enterprises that integrate identity credentials and adopt them across use cases will achieve efficiencies and build better experiences while implementing the principles of SSI (self-sovereign identity explained in the first blog). As a result, Financial Services, Digital Commerce, and the Public Sector are the largest markets in 2022. In addition, growth in travel (Covered in the twelfth blog) and healthcare (outlined in the fourteenth blog) also looks promising.
The transition from centralized service providers that manage some identity elements to a decentralized model has begun. The institutions that provide and acknowledge this trend will be wise. Digitization of decentralized identity leads to building greater trust. Companies are trying to figure out how to be relevant to their users. However, for the success of the Self-Sovereign identity, the ecosystem needs to evolve. It requires participation from different industries, the private and public sectors that start issuing and accepting each other’s verifiable credentials (explained in the fifth blog), all within agreed-upon governance principles (covered in the sixth blog). Some of the challenges and opportunities ahead are:
1. The solution works for those with smartphones that can access the Digital Wallet. However, smartphones are still costly and not viable in certain parts of the world. Furthermore, for data stored on the smartphone, specific storage is required. Therefore, we expect storage services for most identity data to be on the cloud.
2. Along with a smartphone, internet service is required, which could be challenging in some regions. A verifier must gain proof of the user’s online identity in some situations, and the system must provide the same. The solution needs to work offline or with intermittent or indeterminate connectivity.
3. Localizing the business processes across the globe will also present challenges. For example, ensuring the integrity of local issuers will need governance. In regional jurisdictions, government or local governing bodies’ participation in approving and certifying issuers will help.
4. Multiple service providers offer wallet services to help users manage their identities according to SSI principles. Whoever owns the wallet wins the game. Many vendors are providing these services. There will be consolidation in this area, and we could emerge with a few popular digital wallets (explained in the fourth blog). Maybe those providing hardware services coupled with a digital wallet.
5. Cross wallet and device synchronization are required to provide a better customer experience. These are capabilities that exist today for apps that we use daily. However, having your digital wallet with relevant identity data on multiple devices accessible anytime needs development.
6. Common schemas for verifiable credentials that issuers adopt across different vertical segments will enable viral adoption of the digital credential. In addition, it will drive true interoperability among systems. Tremendous effort and progress are happening here. For example, a standard schema proposed by Good Health Pass2 for vaccination records globally will augment its use in travel. Check the seventh blog for standards.
7. A user can have thousands of DIDs (decentralized identifiers explained in the third blog) and all the attributes that come with them. The SSI ecosystem must scale with infrastructure to support the components with SLAs for response time. It is not yet mature and needs investments.
8. A solid decentralized key management system is crucial for the success of SSI, where there are cryptographic key pairs with private keys within a digital wallet. Therefore, KERI7 (Key Event Receipt Infrastructure) is a viable solution.
9. Simple user experiences with easy navigation are required (described in the sixteenth blog). It is an area for further innovation. Adoption will depend on ease of use, especially with some multifaceted use cases.
10. Interoperability with consistent user experiences across applications and the digital wallet is required.
11. The portability of verifiable credentials and wallets is also nascent. With standardization, these will evolve and give more power to the users.
12. Someday users will be able to manage their online reputations across the internet — on websites, within apps, etc. In addition, since they own their data, they will be able to manage who sees what about them.
13. Trust is the foundation of Decentralized Identity on the blockchain. Reliable issuers who verifiers trust are essential to building the ecosystem. A critical mass of issuers will bring the verifiers to the ecosystem. In some countries, the government has initiated issuing documents using SSI standards. It helps decentralized identity but is not imperative for success. Private organizations are also adopting the role of a trusted issuer by building consortiums, adding to the flywheel effect. (Check the sixth blog for Governance).
14. The ecosystem requires guardianship and delegation with adequate permissions for each role. We need more work here, especially if guardians manage the digital identities of those who cannot handle them. In addition, governance of this area will need to prevent fraud. For example, children will have their verifiable credentials managed by their parents in the capacity of a guardian. Once they become adults, it gets transferred to their digital wallets.
15. Formal standards are still evolving for schemas, wallets, etc. Self-sovereign identity implementations will have a catalytic effect with a more comprehensive definition and adoption of standards. Industry groups are helping here. For example, IATA (International Air and Transport Association) has published standards for the travel industry. Another group, MOBI5 (Mobility Open Blockchain Initiative), is working on standards to make transportation more efficient, equitable, and sustainable while preserving the privacy of users and providers.
16. Governance to ensure that all parties comply with agreed-upon rules will also be essential to making Decentralized Identity a success. It is still evolving and is in a nascent stage. We can expect more Governance Bodies, Auditors, Registries, and Trust Anchors to regulate the behavior of issuers and verifiers under well-defined policies and laws. In addition, we expect more consortiums by industry sectors. Expect advancements in policies.
17. Expect more collaboration across governments, countries, and standard bodies to build mutual recognition and interoperability so that world citizens can travel freely across borders with their identities3. For example, the Digital Government Exchange (DGX) Digital Identity Working Group (DIWG), established in 2020 with representation from Australia, Canada, Finland, Israel, New Zealand, Singapore, the Netherlands, and the UK, is collaborating toward this goal. The thirteenth blog covers progress in the EU.
18. New business models with ecosystem participants will evolve, creating new jobs in new categories and business opportunities. In addition, the innovative prospects will give rise to different monetization capabilities.
In McKinsey’s report6 to the World Economic Forum in Oct 2021, blockchain-based trust architecture ranks seventh among the top ten tech trends that will shape the coming decade. “In addition to lowering the risk of breaches, trust architectures reduce the cost of complying with security regulations, lower the operating and capital expenditures associated with cybersecurity, and enable more cost-efficient transactions, for instance, between buyers and sellers,” McKinsey notes.
To reference previous posts refer to this link. Again, I would suggest reading the posts in succession.
Glossary:
Agent
Piece of code associated with a wallet that makes secure connections with other agents and wallets to share and communicate identity information to complete a transaction. It enables an entity to take on one or more roles in an SSI model –an issuer, holder, or verifier. There are two types: edge agents that run on a mobile device or cloud agents that run on a server in the cloud.
Blockchain
A blockchain is a decentralized ledger, which can be public, private, or hybrid. In the context of decentralized identity, it can store a public DID, DID document, schemas, and formal descriptions of a verifiable credential, revocation registries, and proof of data sharing — however, the blockchain stores no PII (Personal Identifiable Information).
Claim
A claim is an attribute within a verifiable credential. For example, the Drivers License number in a Driver’s License is a claim, whereas the Drivers License is a Verifiable Credential (see below for a definition).
DID (Decentralized Identifier)
Like a Uniform Resource Name, a globally unique identifier that somebody can universally discover a DID on a blockchain using a method. A DID is an interoperable, open-sourced web standard delivered by the W3C2. Each DID is associated with only one DID document.
DDO (A DID Document)
The DID document holds the description of the DID, the public key for verification, set of authentication protocols, service endpoints, a timestamp, and a signature.
Digital Wallet
A digital wallet is a software used to digitally store (usually in a smartphone) the contents of a wallet, like IDs, loyalty cards, and financial instruments used for payments. In essence, it is a digital version of a physical wallet.
Entity
A person, organization, or thing
Holder
An identity owner and user of a Digital Wallet where their credentials are accepted, stored, and controlled using verifiable credentials. The holder approves attestation requests from verifiers and delivers the same.
Issuer
An issuer is a credible provider of identification documents; their signature (key) attests to the credentials’ validity. Governed by Governing Bodies or Trusted Anchors, issuers can belong to an ecosystem of trusted entities that issue documents/credentials with claims data. Issuers have the infrastructure to access a public blockchain to issue and revoke credentials. The schema and their definition of credentials are on the blockchain.
Private Key
A private key is stored cryptographically in the digital wallet of the entity (holder) in the decentralized identity ecosystem. As the name implies, it is personal for the identity owner.
Presentation or Proof
The proof attests a claim or compound claims from the holder to the verifier to prove some form of identification to complete a transaction. All achieved without making contact with the issuer.
Public Key
A public key is a cryptographic key stored on the blockchain visible to others. It identifies the identity of an entity. Along with the private key, the public key can read encrypted messages for the entity.
Revocation Registry
A registry of DIDs that the issuer revokes. Verifiers can check if the holder is using a revoked claim on the blockchain.
Verifier
A verifier is an entity that wants to verify claims from a holder to complete a transaction or event. The transaction uses a QR code at the endpoints.
Verifiable Credential
A credential is an attestation of authority, competence, or qualification given by an authorized party (issuer) to an entity (holder). It consists of metadata, claims, and proofs and has one or many claims related to an entity’s identity. It is to respond to attestations for proof of a claim. Claims from multiple verifiable credentials consolidated to respond to a request for proof, is called a compound verifiable credential.
References:
1. SSIMeetup.org: O’Donnell, Darrell — The State of the Digital Wallet
2. https://www.goodhealthpass.org/
3. 2022, Digital Transformation Agency; Digital Identity in response to Covid-19; DGX Digital Identity Working Group; Digital Gov Exchange
4. Liminal.co
6. https://www.weforum.org/agenda/2021/10/technology-trends-top-10-mckinsey/
7. KERI — https://keri.one/keri-resources/
Contact
Linkedin https://www.linkedin.com/in/anitarao/,
Twitter @anitaprao,
Blog https://rao-anita.medium.com/
#SSI; #decentralizedidentity; #blockchain; #digitalidentity; #selfsovereignidentity; #identity; #dlt; #web3; #web3.0; #dApps; #digitalwallets; #distributedledger
