What is Decentralized Identity? Will it replace the current Identity System? Read on and find it out.
1. What is Decentralized Identity?
Traditional identity control mandates a user to register an account in the service provider's own system in order to interact with the it. For example, if you want to save money in a bank, you have to register an account with the bank and provide some required identity information from you. In this case, the bank's system is managing and controlling your account.
Decentralized Identity, on the other hand, is a new trending concept where the control of identity is given back to consumers. Decentralized Identity is a self-owned, independent identity that enables trusted data exchange.
Self-Sovereign Identity (SSI) is used interchangeably with Decentralized Identity from time to time. There are some differences between them but usually are conveying a similar concept when people talk about them.
2. The Three Pillars of Decentralized Identity
There are three distinguished components known as the three pillars in Decentralized Identity: Blockchain, Verifiable Credentials (VCs) and Decentralized Identifiers (DIDs).
Blockchain is a too popular name out there. Simply put, it records information in a way (via distributed ledger) that almost impossible to be altered.
Verifiable Credentials is like a digital version of driver license or passport. It contains user's profile information and those information is cryptographically secured and verifiable when presented to the organization that needs to verify them.
Decentralized Identifier is a new way to enable users to have a cryptographic digital identity. This digital identity could be any subject like a person, organization, abstract entity and etc. They are created by the user and ultimately owned by the user. Decentralized Identifier enables user to prove control and ownership over their digital identities without requiring permission from any 3rd party.
3. Verifiable Credentials vs. Decentralized Identifiers
Verifiable Credentials and Decentralized Identifiers serve different purposes.
Maintaining privacy is a major benefit of Verifiable Credentials. For example, there is a truck company is hiring drivers and any applicant for this job needs to have a valid driver license. In the traditional way, a person needs to show his driver license issued by Registry of Motor Vehicle department and it contains some Personal Identifiable Information (PII). Even if this is a popular way in the current world, the user indeed gives away some of his privacy to the truck company.
A Verifiable Credentials issued by the Registry of Motor Vehicle department allows the truck company to verify the authenticity of the driver license number without disclosing the user's private information.
On the other hand Decentralized Identifier is a way to identify yourself or your generated digital identities without relying on a 3rd party or a centralized organization. For example, a phone number we use today is like a centralized identifier - it can be used to identify a user but it is owned by a phone company who also keeps track of it. A Decentralized Identifier is like a phone number you created and owned by yourself.
4. How Decentralized Identity Works
Some more terms to understand:
Decentralized Identity Wallet - A digital wallet or a special app that allows user to create his own Decentralized Identifiers, store his PII and manage his Verifiable Credentials
Holder - A user who creates his own Decentralized Identifiers with a digital wallet app and receives Verifiable Credentials
Issuer - An organization that signs a Verifiable Credential with its private key and issues it to the holder
Verifier - A service provider or party that checks the Verifiable Credentials before providing its service to the user/holder
Blockchain, DIDs and VCs
The Blockchain is used as a universal network to record information that is almost impossible to alter. Decentralized Identifiers (DIDs) generated by User (holder) is recorded on the blockchain which contains details like public key and verification information. Verifiable Credentials (VCs) are issued to user by public departments (government, employer, universities and etc.) and stored in digital wallet. VCs are binded to DIDs so that when 3rd party is verifying VCs, it can find that VC by searching the DID on the blockchain record.
Holder, Issuer and Verifier
Issuers are public authorities that issue VCs. Whenever a VC is issued to the Holder, the Issuer will sign that VC with the Issuer's Private Key and the Holder will store that VC in the digital wallet. In the meantime, the Issuer will store the corresponding Public Key (binding to the DID) in the Blockchain Ledger as well so that it later can be retrieved by the Verifier to verify the VC which is signed with private key.
Whenever a Holder receives the VC from the issuer, the holder will sign the VC with his own Private Key as well and this is in addition to the Issuer's signing. Now the VC has two signatures: Issuer's signature and Holder's signature. Also, the Holder will store his public key (binding to the same DID) in the blockchain ledger so that later it can be retrieved by Verifier to verify the VC.
Later, if a Holder wants to use a service provided by the Verifier, the Holder presents the corresponding VC to the Verifier. In order to verify that VC, the Verifier finds the two Public Keys (Issuer's and Holder's) based on the DID that VC belongs to in the Blockchain Ledger, and use those two Public Keys to verify the two signatures to make sure that VC is genuine.
In this ecosystem, there is NO central authority managing the user's identity, but rather, the Blockchain-based Distributed Ledger is acting as source of the truth. Furthermore, the user's identity information is NOT held on the ledger, but within the Digital Wallet owned by the user.
5. Merits of Decentralized Identity
There are some main benefits of Decentralized Identity
First, the Control is given back to the identity owner. The user has complete control and ownership of the his identities and credentials, and therefore, he can decide which information they want to disclose while proving the claims without dependency on any other party.
Second, since PII information is NOT revealed to other parties, the attack aiming on PII information will be reduced. Even if a lot of information is stored on blockchain ledger, the blockchain itself by nature is secure and impenetrable.
Third, Decentralized Identity helps organizations to reduce security risks. In the traditional way, organizations collect, process and store user's PII data subjecting to regulations, which could be very costing. Furthermore, any breach of user data will result in huge fines as well as risks to shake the foundation of the organization. With Decentralized Identity, the organizations can collect and store less data, which eases their compliance responsibilities and reducing the risk of cyber attacks.
Forth, Decentralized Identity technology will make it easier for user to create and manage their identities.
6. So When Will Decentralized Identity Come?
Despite the fancy technology and benefits that Decentralized Identity entails, it's well known that Decentralized Identity is still in its early phase. However, the very question to ask ourselves is that when Decentralized Identity will become prevalent and dominating?
As from the previous explanation of this post, we can see that a lot of perspectives are in the picture of a functioning Decentralized Identity ecosystem. It requires tremendous technology infrastructure to be built from various parties (enterprises, government, other authorities and etc.). On top of that, regulations and policies need to be published by authorities, and be followed by all involved parties. Furthermore, applications need to be adopted by consumers. Each one could be a blocking barrier on the road of blossom.
If we take one step back and look at the evolving history of technology, technological revolution could happen either with a strong driving force to push it forward, or critical problems that blocking the development are resolved and it morphs by itself. For example, iPhone was developed by the vision of Steve Jobs and his consistent driving and pushing brought the iPhone/smart phone into the world. Artificial Intelligence was in hibernation until deep learning is developed in recent years. Seeing that, the technological requirements for Decentralized Identify should be fairly available nowadays, it's more of a driving force that is needed to push through each party to develop and adopt the Decentralized Identity technology.
When will this driving force come? It is difficult to say. For a thought experiment, say, some day in the future, the issue of consumer privacy becomes so compelling that systems and platforms out there couldn't handle it any more. Then, the calling of a new way to tackle the privacy issue systematically will come, and then all parties might get together and start to rethink how we can resolve that issue. Within those years, the Decentralized Identity conditions have progressed as well and hence become a viable choice.
7. Sum Up
In this post, we looked at the concept of Decentralized Identity and its three pillars: Blockchain, Verifiable Credentials and Digital Identifier. We also looked at how each party could interact with each other in a Decentralized Identity ecosystem. Then the benefits of Decentralized Identity have be mentioned as well. Lastly, we took one step further to ponder the possibility of Decentralized Identity becoming prevalent.