Decentralized identity: Proving it’s really you in the 21st Century

“An NFT of a diploma successful your crypto wallet, for instance, would crook into a imperishable world certification.”

One-quarter of the planetary populace is going to beryllium spending astatine slightest an hr a time successful the metaverse by 2026, according to tech consulting steadfast Gartner, for shopping, gaming, acquisition and more. But astatine immoderate point, radical are going to person to show that it’s truly them down the avatar.

That’s conscionable 1 crushed galore judge that decentralized individuality (DI) is apt to play an progressively important relation successful Web3’s evolution. And adjacent if DI has been mostly overlooked by mainstream media, caller events suggest that is astir to change.

Consider that successful July, the World Wide Web Consortium (W3C) announced a caller modular for decentralized identifiers, culminating years of mostly quiescent enactment and deliberations successful this area. In August, Gartner proclaimed DI a “must-know” emerging technology, wherever radical tin “control their ain integer individuality by leveraging technologies specified arsenic blockchain […] on with integer wallets.” Earlier this year, Ethereum co-founder Vitalik Buterin proposed Soulbound Tokens (SBTs), which would see galore DI elements successful a non-transferable NFT format.

Sometimes called self-sovereign individuality (SSI), decentralized individuality tin play a cardinal relation successful mitigating fraud, information breaches, societal engineering and theft successful the expanding metaverse, accidental technologists, but possibly much importantly, it whitethorn interaction wide and divers sectors of quality endeavor, including education, healthcare, law, question and employment. 

“I judge that SSI volition beryllium revolutionizing however we comprehend individuality absorption successful the upcoming years,” Adam Gągol, co-founder of Aleph Zero, tells Magazine, portion others suggest it is connected people to disrupt accepted individuality management. 

“I’m not definite I would accidental ‘disrupt’ arsenic overmuch arsenic ‘catalyze,’” Scott Kominers, an subordinate prof astatine Harvard Business School who has written astir DI, tells Magazine. “My anticipation is that decentralized individuality solutions volition marque existing sources of accusation connected individuals’ background, enactment past and interests much almighty and utile than before.”

“An NFT of a diploma successful your crypto wallet, for instance, would crook into a imperishable world certification,” Kominers and Jad Esber wrote precocious successful a Future article. 

Decentralized individuality won’t needfully exclude a spot of amusive on the way, either. “With nationalist histories, it would beryllium imaginable to beryllium that you were aboriginal to a inclination oregon progressive successful a task earlier it took disconnected — like, say, being into Taylor Swift earlier she was popular,” Kominers and Esber noted.

Recent events, similar the illness of the FTX crypto exchange, suggest different imaginable uses for DI/SSI, which tin beryllium applied to organizations arsenic good arsenic people. Fraser Edwards, CEO and co-founder astatine Cheqd, envisions “audit opinions issued arsenic VCs [verifiable credentials], wherever the absorption is little connected sovereignty and individuality but much connected trusted information and estimation — i.e., ‘Do I run successful bully faith?’ Or simply, ‘Am I trustworthy?’” helium tells Magazine.

Decentralized identifiers and verifiable credentials 

DI has 2 main components: decentralized identifiers (DIDs), which are similar accepted identifiers — a ineligible name, an email address, a societal information number, etc. — with the cardinal quality that DIDs are controlled and sometimes adjacent issued by individuals. An illustration would beryllium an Ethereum account. You tin make arsenic galore Ethereum accounts arsenic you similar and stock them with whomever you like. There is nary cardinal repository. They reside connected an encrypted decentralized integer ledger — i.e., a blockchain. 

The 2nd constituent is verifiable credentials (VCs). These tin beryllium derived from acquainted credentials specified arsenic diplomas, room cards and passports, but again, they are not held connected a centralized repository with a azygous constituent of power oregon failure, but connected a blockchain wherever they tin beryllium work by machines. They connection acquainted benefits similar persistence and accessibility, but besides much method ones similar cryptographic verifiability (your individuality is much unafraid due to the fact that it is encrypted) and resolvability — i.e., it’s imaginable to observe metadata astir a idiosyncratic from that person’s DID. 

Kim Hamilton Duffy, manager of individuality and standards astatine Centre Consortium, offers this illustration of however decentralized identifiers and credentials mightiness enactment successful an acquisition and employment context: 

A fictional “Sally” earns a master’s grade from the University of Oxford for which she receives a “digital diploma that contains a decentralized identifier she provided. This integer diploma is signed utilizing a decentralized identifier which has been published and verified by the University of Oxford.”

Over time, Sally updates the cryptographic worldly associated with her DID, adding biometric protections and besides a quantum-resistant algorithm. “A decennary aft graduation, she applies for a occupation successful Japan, for which she provides her integer diploma by uploading it to the prospective employee’s website.” A decentralized identifier authenticates that she is the existent recipient of the degree. Moreover:

“Cryptographic authentication provides a robust verification of her claim, allowing the leader to trust connected Sally’s assertion that she earned a master’s grade from the stated assemblage without having to interaction the assemblage directly.”

Generally speaking, DI has grown with the enlargement of blockchain technology, and astir each DI usage cases impact a cryptographically unafraid blockchain astatine immoderate point. DI is besides processing on with zero cognition technologies that, for example, “enable individuals to beryllium they ain oregon person done thing without revealing what that happening is.” A idiosyncratic applying for a mortgage, for example, would beryllium capable to beryllium that their income falls wrong a definite approved set without revealing to the slope their existent salary.

An important milestone?

The DI question has arguably been flying nether the radar, but the caller statement connected DI standards makes for faster progress. “The announcement of DID Core arsenic a W3C proposal is simply a precise important milestone, thing that galore DI and SSI projects person been waiting for,” Markus Sabadello, CEO astatine Danube Tech, tells Magazine. It’s a awesome to the full ecosystem that the exertion is ready, “not conscionable for experimentation and proofs of conception but for superior solutions to real-life projects.” 

“The W3C DID standard’s value is connected par with telephone numbers oregon email code standards’ vitality,” Rouven Heck, decentralized individuality pb astatine ConsenSys Mesh and enforcement manager astatine the Decentralized Identity Foundation, tells Magazine. “A precocious level of interoperability becomes imaginable erstwhile each supplier uses the aforesaid specification.” 

Today, Big Tech players similar Microsoft are conducting pilots, and adjacent immoderate governments, including the United States, Canada the European Union, Germany and Finland, person been looking astatine DI “as a instrumentality to amended state-backed individuality solutions,” notes Heck. 

Still, the question is arguably waiting for its archetypal large usage case. Pilots are happening astatine the fringes and are often humble successful scope. 

Germany, for instance, precocious launched a private/public DI pilot for the question and hospitality sector. Data from authorities ID cards and worker certificates were extracted and merged to make a azygous verifiable credential truthful that erstwhile a institution worker checked into 1 of the 120 German hotels participating successful the project, the beforehand table relation learned instantly from a swipe of the QR codification connected the guest’s mobile instrumentality that “this is truly a traveler from that corp and is allowed to usage immoderate services we person successful in the contract,” reports Florian Daniel, main accusation serviceman of Deutsche Hospitality, who added that the proceedings volition soon beryllium expanded beyond Germany’s borders. 

It whitethorn look astonishing that pilots similar these are happening successful areas similar question alternatively than successful healthcare oregon acquisition oregon different places wherever the request for DI/SSI solutions seems much urgent. But cases similar the question illustration “are much straightforward to pilot, arsenic little delicate information is involved,” Heck tells Magazine.

Distributed identity’s interaction successful healthcare

Healthcare is 1 assemblage wherever DI could truly alteration things. It sometimes defies communal consciousness that a person’s wellness records are stored for years wrong a azygous hospital. At a minimum, decentralized identifiers would marque it easier for individuals to alteration wellness work providers and platforms, but challenges remain.

“For clinicians, DIDs are overmuch much of a definite happening due to the fact that they alteration amended estimation registries and trim the dependence connected hospitals and different institutions arsenic keepers of a clinician’s reputation,” Adrian Gropper, a aesculapian doc and main exertion serviceman of Patient Privacy Rights — a nationalist enactment representing 10.3 cardinal patients — tells Magazine. 

Electronic aesculapian grounds with diligent information and wellness attraction accusation successful tablet. Doctor utilizing integer astute instrumentality to work study online. Modern exertion successful hospital. (Source: Healthcare Law Insight)

How adjacent is DI to mainstream adoption successful the healthcare sector? “It volition instrumentality galore years,” says Gropper, explaining:

“The azygous biggest obstacle is that clinicians person allowed hospitals to power their entree to diligent records, and hospitals person small inducement to interruption their control… and hazard disintermediation from the clinician-patient relationship.” 

DI solutions whitethorn beryllium person to fruition successful areas similar retail business. The convenience store assemblage has developed a DI solution called TruAge that’s aimed astatine curtailing underage purchases of products similar intoxicant and besides restricting the magnitude of definite different products that tin beryllium purchased, Peter Steele, vice president of probe astatine The Pinnacle Corporation, tells Magazine.

The strategy allows consumers to transportation integer impervious of their property connected their mobile phones, “which tin beryllium scanned astatine a POS [point of sale] to o.k. age-restricted purchases,” says Steele, adding:

“It mightiness beryllium imaginable for an ‘adult’ to acquisition a ample fig of vape products and past springiness them to kids. But with TruAge, they volition beryllium restricted from purchasing a ample quantity — and that regularisation is crossed each stores, not conscionable 1 benignant of store, oregon a azygous store.” 

TruAge is present being implemented by POS suppliers, adds Steele, but “it volition instrumentality a fewer years earlier it becomes ubiquitous.” 

Government’s relation successful decentralized identity

Many governments are besides pursuing DI progress. State agencies are apt to stay the superior issuers of galore identifiers similar driver’s licenses, commencement certificates and societal information numbers, adjacent though DIDs and related technologies volition yet springiness governments little power implicit them, says Sabadello. 

“I deliberation it volition instrumentality a fewer much years, but determination are already respective governments investing into DID technology,” helium says. “The EU Commission has been promoting the EBSI/ESSIF infrastructure — which is based connected DIDs — arsenic a cardinal gathering artifact of a European integer individuality framework.” 

The U.S. authorities is besides looking into DI solutions. As reported, the U.S. Department of Homeland Security contracted with Danube Tech respective years backmost to develop blockchain information solutions for integer documents similar passports and greenish cards. Eventually, subject commanders could nonstop orders to troops successful the tract crossed decentralized integer networks, Sabadello tells Cointelegraph, and the soldiers could verify the bid utilizing DI solutions. 

“In galore EU countries, we already spot the exploding popularity of gov-tech solutions allowing users to place themselves utilizing a smartphone app,” says Gągol. One-time Know Your Customer protocols replacing repeated uploads of passports, drivers licenses, wellness certificates, etc. should beryllium popular, though this volition necessitate “much much privacy-aware solutions, arsenic typically a batch of delicate information is passed astir successful the KYC process,” Gągol adds.

Questions astir SBTs 

Buterin created thing of a disturbance successful SSI quarters with his May insubstantial connected non-transferable “soulbound” tokens. Does the aboriginal beryllium to privately controlled integer wallets that incorporate one’s acquisition and employment credentials, but besides immoderate societal identifiers similar “fanships” and caller question destinations? 

“With NFT-based DI/SSI — oregon soulbound tokens — users tin take to proviso oregon omit arsenic overmuch identifying accusation arsenic they like,” Amit Chaudhary, caput of DeFi probe astatine Polygon, tells Magazine. “The end-user is successful power of their accusation and decides however overmuch they privation to interact with oregon beryllium targeted by businesses and marketers — if astatine all.”

Others aren’t truthful keen connected SBTs, however. “I bash not similar the conception of incentivizing users to person a azygous wallet,” Gągol tells Magazine. Nor does helium deliberation that the immense bulk of identity-related features similar employment credentials, instrumentality nine memberships, etc. “should beryllium backstage by default and revealed lone astatine the petition of the user.”

Some types of individuality information, including world credentials similar diplomas, “should beryllium ‘soulbound’ successful the consciousness that the accusation is tied to the idiosyncratic alternatively than being tradable,” says Kominers. But others accidental utilizing NFT tokens similar SBTs to correspond circumstantial identifiers whitethorn not beryllium appropriate, “as this leads to a correlation of an individual’s activities and, therefore, their identity,” Alastair Johnson, laminitis and CEO of Nuggets, tells Magazine.

A boon for the processing world?

Identity-related problems, including certification fraud, loom particularly ample successful the processing world. According to the World Bank, immoderate 1 cardinal radical connected the satellite person nary mode of verifying their identity, which vastly limits their entree to integer services. 

“These problems are precise large, yes,” says Snorre Lothar von Gohren Edwin, co-founder and main exertion serviceman of Diwala. The problems that existed with respect to individuality successful the U.S. and Europe 15 years agone are present bubbling up successful Africa, helium tells Magazine.

Diwala, which claims to beryllium the archetypal institution to make blockchain-enabled integer credentials connected the African continent, has built a level successful Uganda that allows “skill providers” to contented integer certificates to trainees, recruiters oregon employers that tin beryllium easy verified online. The institution claims to person issued implicit 10,000 credentials to radical and businesses crossed East and West Africa, with 67% lawsuit maturation successful 2022.

Scalability and usability questions 

Obstacles stay earlier DI becomes commonplace, however. Can the exertion beryllium scaled up? Will DI arsenic presently constituted beryllium usable not conscionable by businesses but by backstage individuals? 

On the archetypal question: DI proponents are often insistent that backstage accusation successful the aboriginal beryllium shared connected a need-to-know basis. Optimally, says Gągol: 

“Users should person an enactment of performing a precise exhaustive KYC for the intent of uploading the information to the ID system, but past they should lone selectively disclose the accusation that is perfectly indispensable for a fixed platform.”

Only binary accusation should beryllium required. For example, is the purchaser aged capable to acquisition intoxicant successful an online shop: Yes oregon no? Still, the exertion to bash this whitethorn not beryllium up to velocity astatine present, Gągol tells Magazine. “Such selective reveals are surely imaginable with zk-SNARK technology, but we are yet to spot a large-scale deployment of specified solutions.” 

Usability indispensable get amended earlier DI goes mainstream, too. “We request user-friendly integer wallet solutions that tin marque gathering one’s decentralized individuality intuitive and accessible to the broader population,” Kominers says.

DI’s components — DiDs, VCs and idiosyncratic datastore protocols — are each “incredibly powerful” connected their own, Daniel Buchner, caput of decentralized individuality astatine Block, tells Magazine. But truthful acold they person been mostly deployed for comparatively constrictive usage cases, usually successful the concern world. 

Solutions bash not connection “sufficient inferior oregon caller experiences to consumers that are toothbrush-frequent successful use,” Buchner says.

Edgar Whitley, subordinate prof of accusation systems astatine the London School of Economics, expressed “concerns astir relationship recovery,” particularly if credentials are lone held successful a idiosyncratic device, arsenic good arsenic challenges with respect to inclusion and exclusion. 

One besides can’t presume that each employers volition clasp DI soon, either. In the United Kingdom, wherever employers are required to behaviour “right-to-work” checks connected employees, for instance, galore companies inactive favour face-to-face checks and “have nary evident plans for making the modulation to the caller approach,” Whitley tells Magazine.

“Recognition by regulatory bodies is astir apt 1 of the biggest obstacles that needs attention,” adds Chaudhary. Once regularisation is successful place, “companies volition beryllium receptive to decentralized individuality arsenic portion of their regular operations, and the rollout tin statesman successful earnest.”

The aboriginal of decentralized identity

If SSI/DI ever bash go commonplace, they could spur immoderate absorbing spinoffs. Asked precocious astir the aboriginal prospects of blockchain-enabled nationalist elections, Marta Piekarska-Geater, elder DAO strategist astatine ConsenSys, answered:

“The archetypal question that I would inquire is: Where are we with self-sovereign identity? Because close now, erstwhile it comes to immoderate usage of nationalist services oregon engaging with governments, you request to verify yourself.” 

Decentralized individuality should springiness radical the quality to “leverage their accusation frictionlessly crossed a wide array of platforms — and that, successful turn, creates caller usage cases and sources of worth for the underlying accusation itself,” Kominers tells Magazine.

Chaudhary foresees “decentralized recognition scores for fiscal primitives and societal payments successful DeFi” becoming common. Other imaginable innovation areas are subordinate estimation profiles for Web3 games, delegated voting, decentralized Sybil scores, and “domain-expertise estimation for DAOs to alteration caller decision-making and governance models,” helium says. 

Some judge that decentralized individuality solutions are agelong overdue. Piekarska-Geater, based successful the U.K., was calved successful Poland and inactive travels with a Polish passport. “I was successful situations wherever I couldn’t permission a state due to the fact that my passport wasn’t accepted astatine the border,” she tells Magazine. In 1 instance, she was held up due to the fact that her passport’s biometric leafage had a flimsy tear. “We are successful the 21st century, and that is inactive happening connected a regular basis.”

Chaudhary offered immoderate consolation:

“Once the DI infrastructure is successful place, carrying carnal IDs volition go obsolete.”