A quick guide to decentralized identity and its benefits
- Posted on July 9, 2021
- Estimated reading time 3 minutes
Whether it is a name, surname, or something unusual like the school one attended, identity is hard to prove online. Current identity systems can associate pre-existing profiles with a password or other authentication factor, but it’s hard to create the profile in the first place. Online visitors cannot just turn up and prove what their name really is. At the same time, identity is now considered the new “perimeter” and the primary authorisation credential for people and machines. Although identity systems have improved, with the introduction of multiple factors for authentication, the fundamental issue of proving a stranger’s identity remains.
Some early solutions do exist. In 2014, the UK Government released the UK Verify system (although it’s now being retired, as it was hard to use) and Challenger banks require a passport photograph and a video of the customer.
Systems like these are the beginnings of true digital online identity but they are proprietary, not standardised, and compatible. The physical world on the other hand has passports, driving licences, proofs of address and many other mechanisms to prove identity, as well as tickets, staff cards and similar to prove access rights.
Decentralized Identity: Some key terms you need to know
Decentralized Identity (or DID) refers to new standards (see DID and VC) defining the operational mechanism, security and structure of digitized documents for the first time. Here are some of the key terms they define:
- The DID as a document containing public keys about an entity (person or machine), structured to facilitate easy discovery of said keys
- The Ledger is an immutable, decentralized, publicly accessible storage (e.g. Bitcoin/Sovrin) where DIDs are stored so that they cannot be changed
- The Verifiable Credential (VC) is a digital version of any physical document (e.g., a Passport), with its attributes and values
- The Issuer (e.g., the Passport Office): Creates their DID with keys, writes it in the Ledger and uses the keys to sign Verifiable Credentials (i.e., a digital passport)
- The Holder (i.e., a person) receives their credential in their Wallet - typically phone app
- The Verifier is the receiver/destination. It can request the holder to share a VC and then verify its authenticity using the issuer’s DID from the Ledger
The benefits of decentralized identity
The benefits of decentralized identity become more obvious when we consider that it's not just about passports and driving licences. Decentralized identity ensures that anything is provable and will be accepted and trusted, by online services. A prospective customer would be able to switch their bank account with, literally, three taps. Imagine no more forms to fill, no need to visit the bank, no more worries about spelling a name incorrectly, no more fuss – just a visit the website to do your business.
In addition, decentralized identity offers enhanced privacy via numerous features supported by the standards. The most prominent are:
- The Ledger ensures that no single entity has control over the key infrastructure.
- People can choose which Ledger and DID network to use.
- Consent is always required prior to sharing. Wallets will show exactly what will be shared, allowing users to mix credentials and attributes and share partial credentials.
What’s possible right now
A mature decentralized identity with multiple issuers and verifiers, acceptable by the public and private sector around the world would offer substantial value in the future. Until that time, there are compelling benefits of deploying DID on systems we control. The following examples are possible right now:
- A ‘log-in via decentralized identity’ option for websites
- Password-less log-in or 2FA option
- Replacement of the physical staff card
- Ticketing, including airline ticketing and boarding passes
The above would be more secure, easier to use, reduce costs and fraud and in some cases even reduce compliance risk. In use cases already catered by proprietary systems (e.g., air tickets), users will enjoy the simplicity of DID and the single App for use with multiple entities (e.g., multiple airlines).
We believe that it’s only a matter of time before decentralized identity explodes globally. We have already reached a turning point, after the European Union announced plans to adopt the technology. As the Zero Trust Champion at Microsoft Security 20/20 awards, Avanade is already integrating Azure Active Directory Verifiable Credentials, and working with our clients to ensure that we bring them along the journey!
Learn how we are helping organizations ensure the right access, at the right time, to the right users by leveraging our digital identity services.