Who am I?
This is both an existential question, and also a very practical administrative concern.
Our identity is for better or worse the key to everything we do.
Today, identity is exchanged using government ID cards and official paperwork. But what would you do if you lose the paperwork or it gets destroyed? Or, as is often the case in many countries around the world, you never receive the paperwork to begin with?
Decentralised identity is an attempt to reduce the reliance on something as fragile as paper to make identity more robust and scalable.
Understanding decentralised identity
Today, all forms of identification require maintenance of and reliance on physical credentials that are issued by central authorities. We have left organisations – government, financial institutions and others – as custodians of our identities and an unprecedented amount of personal data. But multiple incidents have proven that perhaps these agencies are not yet ready for the role. This centralisation of our identity leaves us vulnerable to data breaches, data compromises, and third-party intermediaries.
The current identity frameworks are centralised, suffer from a lack of trust, aren’t portable, and don’t give consumers control.
Decentralised identity puts that power and responsibility back in the hands of the individuals, giving them the ability to control and protect their own personal information.
In short, it allows individuals to manage their own identities. In a decentralised framework, the user receives credentials from a number of issuers (e.g., government, education, employer) and stores them in a digital wallet. The user presents those credentials to the relevant issuing authority, who then verifies their identity through a blockchain-based ledger that does not store the user’s data.
The identity can be initiated by an individual through an agent of some kind, either on a device or through a browser-based application. Once created, the identity could be validated by external entities: banks, universities, governments, or even other validated identities.
A decentralised identity system solves the problem of lack of user control by only sharing that data the individual wants to share; and if they change their minds about sharing it or decide an organisation no longer needs it, they have the control to revoke access. Each identity request granted by the user allows access to specific sets of data, ensuring that privacy is included by design. This concept is made possible by the decentralised nature of blockchain and the trust created by consensus algorithms.
While still in its nascent stages, the decentralised approach to identity promises to give users much more independence, enhance privacy, and inspire digital transformation across organisations.
How does blockchain help in creating a decentralised identity?
Trustworthy digital identification is one of the major challenges facing us because none of the traditional means of verifying someone is completely full proof.
There are special properties that are required for a digital identity to fulfil its potential and these map the properties of blockchain technology.
In short, blockchain is the ripe foundation for creating a decentralised identity.
Firstly, blockchain is immutable. The way blockchain works ensures that every transaction is confirmed by each system in the network. This structure renders it impossible to alter a transaction without consensus among the systems. Additionally, blockchain is transparent since each system in the network has a record of every transaction that has occurred.
This makes blockchain perfect for decentralising identity. No one party controls the data, so there is no single point of failure or someone who can override a transaction. Second, it is reasonably impossible to alter blockchain transactions. And this is how blockchain builds trust: when data cannot be modified and is independently verifiable, it can be trusted.
Blockchain allows for data sets to be stored in a set of distributed datastores in an environment where the data cannot be modified.
Benefits of decentralised identity
In a decentralised system, the wallet acts as a secure repository for user credentials. It protects credentials using encryption and biometrics, requests informed consent from the user each time credentials are requested and conceals any metadata that could lead to credential tracking. Encrypted, decentralised storage systems like blockchain are impenetrable by design, reducing the risk of an entity gaining unauthorised access in order to steal or monetise user data.
Decentralised identity not only improves privacy and security for users, it also helps organisations reduce security risks. Most organisations are subject to regulations based on how they collect, process, store, and transact upon user data—and they face penalties even for unknowingly breaking the rules or experiencing data breaches. By collecting and storing less data, organisations simplify their compliance responsibilities and reduce the risks of misusing information and being targeted in opportunistic cyber attacks.
Furthermore, requesting only the necessary credentials for users to prove their identities, encourages a new depth of trust and transparency between organisations and users.
For developers, decentralised identity opens the gates to better standards of app design, effectively eliminating the need for cumbersome KYC processes. With all the credentials stored in a user wallet, the users would be able to securely communicate approved information, thus allowing developers to design more engaging user experiences, driven by participation in an open, standards-based ecosystem.
The adoption of distributed or decentralised identity is something that is almost inevitable. People will want to own their identity, have it in a form that can be used across a number of different services, and have it available on whichever device the identity owner wants to use.