Decentralised Identifiers
Data is a new asset in the digital world - and identity is the new money
Technology has turned out data into a commodity but a new privacy-centric model is emerging.
Decentralised Identifiers (DIDs) represent a new breakthrough in the field of identity management. They are exciting because they represent a tool that can provide us with the power to control our digital identity without the need for a central authority.
The Problem
Researchers at privacy website privacyaffairs.com found that you can obtain a person's full identity for a price of $1,275. This includes bank credentials, driver’s license, insurance, and other IDs.
For $1,275, you can control a person’s identity
That’s alarming. Let’s take a look at how identity management works today, and in which ways the system is broken.
You build your identity over the course of your life through formal documentation, e.g. driver’s license, passports, etc. And learn quickly about the hassle of replacing lost or stolen identification documents. There is also the problem of paying the required fees and potentially long wait times for central issuing authorities.
The internet has become such an integral part of our lives that a majority of us now have a rich and detailed online profile. This has caused companies of all sizes to identify their customers (Know Your Customer) - often requiring copies of IDs or Passports.
But there's a problem: these documents are physical and not designed to be shared electronically - and the individual attributes of the documents cannot be shared on a need-to-know basis. For example, in order to prove your nationality, you must send a passport scan (including details of your date of birth, passport number, and address)
Here are the major failure points of how we currently do identity:
1. Businesses and governments lack the resources to safeguard our data
2. Current implementations of Identity Management systems rely on a Centralised infrastructure
3. It requires oversharing of personal information
The Solution
A DID allows you to create and manage a resolvable identifier that can help prove your identity online.
They comprise of 4 key characteristics:
1. Persistence
2. Globally resolvable
3. Decentralised
4. Cryptographically verifiable
The figure below shows an example of a DID.
Here, the DID Method defines how it will work with a specific protocol. DIDs can adapt to any protocol capable of resolving a unique key into a unique value.
Defining how it is created, resolved, and managed is the role of the DID method specification. These typically define at least the following operations for a target system:
Create
Read
Update
Delete
For a detailed description of these operations, refer here.
How does it work?
DID is a string that contains attributes that can uniquely define a person, organisation, or object. For an end-user, the use of a DID to access a service would involve 3 parties:
1. An identity holder - the individual who wants to prove their identity
2. A claims issuer - third party authorised to verify credentials
3. The Inspector - service provider looking to authenticate the identity
Why you should care?
1. DIDs allow you to own and control your digital identity
Whenever you sign up for a service, the company that owns the service now owns a significant part of your digital identity, Facebook and Google are common examples. In order to participate online, you have to give up control of your personal data.
DIDs can change that. You can manage your own credentials and create a permanent verifiable record of your own identity.
2. DIDs enable fast registration to services
The average adult has over 90 online accounts, and I'm sure you know the pain of registering for a service. When signing up for a financial service for example, you may need to provide information that is time-intensive but also an invasion of your privacy.
A Decentralised Identifier can contain the information service providers need in order to accept you on their platform. So you could access the service provider with a click of a button.
3. DIDs open the door to Verifiable Claims
It should be possible to prove certain aspects about ourselves without having to share all personal information. For example, if you go down to the liquor store you can imagine a notarised document that contains a picture of the individual and verifies a claim: "JOHN DOE is above the age of 18", based on inference rather than providing all your personal information.
DIDs are only the base layer of the decentralised identity infrastructure. The next layer in the chain is where most of the value is unlocked - Verifiable Credentials.
More on this in a following post.