The Ongoing March Towards Decentralized Identity

The Ongoing March Towards Decentralized Identity

The innovative roll out of Web2 technologies has thrown up a number of issues when it comes to identity. A lot of work is being done to address these issues through decentralized identity projects.

Decentralized identity: What it is and why it’s needed

Decentralized identity encapsulates various approaches to bringing about a manner in which people control their own personal data and credentials while still being able to interact with government, service providers and other entities.

Identity is something that defines each and every one of us. It’s inherently personal yet it’s something that we need to share in order to participate in the ubiquitous systems we’ve set up for ourselves as a society.

decentralized_ID.png IMG SRC

Prior to the development of Web2, identity implicated documents like passports and driver’s licenses. As documents issued by centralized trust authorities, we choose to use them as forms of identification. In that way, the individual still has some control over who those details are shared with.

The past 20 years has brought with it the development of Web2 technologies. That has changed the manner in which identity is handled. With many of the Web2 behemoths, our identity and the personal data that goes with it has been the product. Through these platforms our data is being shared with third parties whose identities we’re not even aware of.

With these online systems, our identity manifests itself through email addresses and social network login credentials. It’s certainly convenient but it’s compromising our sovereignty and privacy as a consequence, as this approach doesn’t offer us any form of control.

When centralized Web2 corporations aren’t harvesting our data, they’re allowing it to be compromised. A personal data breach at fintech company Revolut stands as a recent example albeit that it’s a regular and ongoing occurrence among centralized guardians of our data.

In a post-Covid world, the importance of digital identity is rising given that the rate of digitization has accelerated. Digital identities are proliferating with the ongoing digitization of every conceivable service and interaction.

Blockchain and digital identity

The writing has been on the wall that we need to find a solution to this problem. That pursuit has led to a focus on decentralized identity systems. While decentralized identity doesn’t necessarily need to implicate blockchain, it’s unsurprising that it can play a role given that decentralization is key to both.

In decentralized blockchain, the mantra is ‘not your keys, not your coins.’ Proponents of decentralized identity within the Web3 space feel that a similar mantra of ‘not your keys, not your identity’ can be pursued.

Builders of dApps have sought to take this approach from the outset. In the Ethereum-centric DeFi and NFT space, platforms have long since been setup that allow the user to authenticate themselves using a digital wallet such as MetaMask.

A decentralized digital wallet puts the user in control. Their wallet as a means of identity can’t be censored. And in DeFi, they’re free to authenticate themselves on a multitude of platforms using the very same wallet.

The challenge then becomes applying this approach in some way to non-crypto native platforms or off-chain applications. In the DeFi example, we’re referring to a largely anonymous user experience. The task is further complicated as in many circumstances, there will be a need to have identity and credentials authenticated. Even within DeFi itself, that is an emerging issue as corporations that need to abide by current regulations can’t operate in DeFi markets that are completely anonymous.

Establishing a trust system

While a decentralized identity can be held by the user, a trust system is going to be necessary to achieve that while also being able to authenticate and verify that identity and the credentials that are associated with it.

Such a trust system therefore needs two essential components:

  1. Decentralized Identifiers (DIDs): IDs that users create and control independently. DIDs are user generated, globally unique and can be verified across any platform. In order for them to facilitate independent user control, DIDs need to be tamper-proof, censorship resistant and immutable.

  2. Verifiable Credentials: Attested information.

It’s possible to have an identity that’s validated on a peer-to-peer or reputation-based system. When it comes to use cases that bridge with the existing world of banking and fintech, it will need to be regulatory validation in line with the norms of know your customer (KYC) and anti-money laundering (AML) standards.

A Bitcoin-based approach

Ironically, Microsoft as a leading Web2 incumbent has been one of the earliest in establishing a decentralized identity system. Microsoft’s ION or Identity Overlay Network is an open, public decentralized identifier network built atop of the Bitcoin blockchain.

ms_ion.png IMG SRC

It’s not just individuals that need decentralized identity but companies too. A lot of enterprise infrastructure is based on Microsoft products. There are more remote, contract and temporary workers than ever before so organizations need a way to onboard them securely, seamlessly and without any breach of integrity for the organization. By 2025, 70% of the global workforce will be working remotely to some extent or other.

Enterprises are also looking to limit risk and a decentralized identity system makes for easier and more efficient and trustworthy auditing. Credentials can be checked for faster and better recruitment.

trust_system.png A trust system is needed to validate credentials: IMG SRC

Concerns have been expressed about the authenticity of profiles on one of the most sober social media platforms — LinkedIn. Even when profiles themselves aren’t fake, how about the employment and academic records of LinkedIn members? Systems like ION provide scope to tackle these issues.

IDs are anchored to the Bitcoin blockchain while personal data is held on the peer-to-peer InterPlanetary File System (IPFS).

An Ethereum-based approach

Sign In With Ethereum (SIWE) is another approach being taken to achieve decentralized identity. It’s an initiative that has been put forward by the Ethereum Foundation and the Ethereum Naming Service (ENS). SIWE allows a user to achieve off-chain authentication using his/her Ethereum account and ENS profile.

siwe.png IMG SRC

The application is being molded as it forms part of Ethereum Improvement Process (EIP) 4361 which is still at the review stage. The project is being driven by Spruce Systems, an open source software provider focused on decentralized identity within Web3. SIWE would work in a similar fashion to the current standard that allows users to sign in to different platforms using their Facebook or Google IDs. The difference in this case of course is that the identity is decentralized.

Broader innovation

Beyond the SIWE project, Spruce Systems has its own decentralized identity products. SpruceID is an ecosystem of open source tools which have been designed to enable user-controlled identity. It includes Credible, a mobile wallet that supports verifiable credentials and decentralized identifiers and Rebase, a decentralized service which allows users to map their identities to cryptographic keys in a publicly auditable way.

The Web3 startup has also optimized its products to work across a number of blockchains in addition to Ethereum including Polygon, Tezos, Solana, Celo and Ceramic.

Circle, the company behind leading US dollar stablecoin USDC, recently built a ‘know your business’ (KYB) proof of concept verification system based on open source protocols for decentralized digital identity credentials.

Proof of Humanity is a project that takes quite a different approach to decentralized identity. It’s akin to an online phone book where users sign up by making a brief video of themselves. If any other community members believe the profile to be fake, then the account can be disputed.

There are other projects implicated where decentralized identity is concerned, including the teams behind distributed ledger IOTA, identity verification protocol Civic and many others.

Future outlook

With all of these approaches being taken, it’s likely that we will see moves towards standardization. It makes sense to try and establish some common principles so that decentralized identity can be more seamlessly applied across disparate platforms. This is already being pursued by organizations such as the Web3 Foundation and the Decentralized Identity Foundation.

Once standards have been teased out, adoption seems inevitable. South Korea is renowned for being an early adopter of new technology and innovation. In recent days, the country has outlined plans to provide its citizens with a decentralized identity system secured by blockchain.

It may still take some time to achieve significant adoption but the outlook is good in terms of empowering people with control over their own data. Meanwhile, the Web2 social media giants will likely need to go back to the drawing board and plan to pivot to a brand new business model.