3 Ways to implement Decentralised Identity Systems
In my previous article, I spoke about the different identity models that are currently existing on the internet. In this article I’m going to talk about the different ways organisations can implement decentralised identity systems.
Roles in Digital Identity
In the digital identity world, there are usually at least entities that participate so that the exchange of value can take place.
The holder is typically an individual/organisation that would own the digital identity. This could include information like your name, address, DOB, nationality, email, phone, etc. If you’re an organisation, it could include information like your organisation name, office address, director, etc. Some of your information could be public (For example, you’re a fan of Manchester United. Whereas some of the information you hold may be private (For example, your address, DOB or that you’re in fact a Chelsea fan). As you can imagine, there is lots of information you could hold about yourself.
An Identity Provider is an organisation/individual who will verify something about you. For example, in the federated model Facebook will verify your email address to another company. Identity providers are likely to be reputable institutions like governments or banks who have strong ID Issuing/Verification processes.
The more reputable an ID Provider is, the more likely they would bring trust in the internet. For example, you’ll likely trust me if you see my name on why passport rather than if you saw my name on my Facebook account. There’s probably an infinite list of things that can be verified by an ID provider — passports, visas, university degrees, employment contracts, addresses, criminal records and so on.
Not everything about you needs to be verified. For example, you can claim that you’re a Chelsea fan, and no one else needs to validate that claim. This simple concept is called a ‘self-assertion’.
Relying parties are entities that rely on ID Providers’ claims to verify the holders with their permission. The benefit for relying parties for participating is that they wouldn’t have to build their own infrastructure. The alternative option is for them to verify you in person, which is just inconvenient. Relying parties can greatly reduce their own costs by relying on reputable institutions with strong ID solutions and can create better customer experiences. They don’t have to build their own infrastructure which can be rather expensive, as well as they don’t have to have expensive physical offices to verify individuals.
ID Providers can charge relying parties an appropriate fee for verifying their IDs.
Now, onto the different ways a decentralised identity system could be implemented and what use cases they’re solving!
Enterprises can host their own private-permissioned ledger to solve their internal use case. The enterprise will act as both the issuer and the verifier. It’s likely that they’ll also control the data about the holder. An example use case is passwordless authentication. The enterprise will issue you a ‘credential’ which proves you are their customer. Next time you login to their website, you simply provide that credential and prove that you’re a customer. In this case, they’re both the issuer and the verifier.
By itself, enterprise use cases are quite niche and doesn’t necessarily solve existing problems in the internet.
A consortium is basically a close group of companies join together as issuers or verifiers and use a private-permissioned blockchain to let owners share their identity information. The holder can move their identity related information from one organisation to another. An example use case of this is re-sharing eKYC results so that you can open a bank account. The bank relies on your previous bank’s ID verification processes to let you open an account.
Self sovereign identity
In self sovereign, you’d use a public, permissioned ledger. It’s important that the infrastructure is built in a way so that it doesn’t end up being controlled by a single or a group of organisations. The identity holder will be at the centre of the network, where they can have increased privacy. Anyone from governments, banks, digital companies, individuals can follow the same rules. Users can experience greater privacy and easier access to service, and organisations can greatly reduce their costs by relying on others for their ID processes. ID providers can also monetise ID products they own. Over time, this could be used to restore trust on the internet. There’s a really cool use case by Truu where healthcare professionals are issued digital staff IDs which they can use to verify themselves when they work at other hospitals.