Our digital world relies heavily on the use of identity for financial transactions, citizen enablement, and access to records. Our personal names aside, identity is typically assigned, generated, granted, and/or controlled by governments and corporations. Entrusting identity to a central authority may be acceptable when all actors behave ethically, but we live in an imperfect world with inadequate controls over privacy. There’s no assurance that your identity, or the data associated with it, will be used only for the purposes for which you’ve granted permission. That’s why the news headlines daily announce new privacy violations and data breaches.
Decentralized Identifiers: Create Your Own Identity
The World Wide Web Consortium (WC3), the main international standards body for the World Wide Web, runs the Credentials Community Group (CCG). CCG is exploring the creation, storage, presentation, verification and control of identities of a person, group or things for the future of the World Wide Web. An important element of CCG is something called a “Decentralized Identifier,” a form of self-sovereign digital identity.
Self-sovereign identity represents a solution to the privacy issue and takes a fundamentally different approach to identity-based on a decentralized identifier (DID). A DID is akin to a Web URL, is a unique value that can be assigned to any entity, person, or thing. The DID is based on Public Key Infrastructure (PKI) and typically includes a public key, authentication suites, and service endpoints about the entity it represents. DID can be generated on a blockchain or a distributed ledger by the entity itself without the need for a certificate authority, and this shared information is called the “DID Document.” The DID Document can include attributes or verified claims about the entity, person, or thing.
A DID can be used to identify and validate an entity if the information is distributed and stored on an immutable database like a blockchain. Since every entity can have its own independent root of trust, such as a certificate root authority, this architecture is called “Decentralized PKI.”
Share Only Verifiable Claims
DID has an important role to play in managing privacy. For example, it can help answer the question “Why share your entire driver’s license, when all the other party may need to know is that you’re 18 or older?” Using a function called “verifiable claims” DID can protect privacy by sharing only the data needed for a specific task. It does so by standardizing the structure of verifiable claims, so data can be presented and signed by a self-sovereign identity.
The W3C Verifiable Claims working group is focused on addressing the following privacy challenges:
- Establish an architecture where the holder of a verifiable claim is in complete control of its identifier, where its claims are stored, and how it is used;
- Enhance website usability by removing the need to manually enter verifiable claims;
- Reduce fraud by creating a standard way to share verifiable qualifications;
- Ensure maximum privacy in a claims-sharing mechanism.
The group is working towards developing a standard, universally-accepted, machine-readable template for claims based on the model below.
Self-Sovereign Application Ecosystem
Blockchain can leverage the self-sovereign identity architecture and standard framework to distribute independent roots of trust and create an immutable repository of claims. Once that has happened a self-sovereign application ecosystem can be put in place to tackle business-critical and privacy-sensitive issues:
- Banking – once one bank completes a Know Your Customer (KYC) for a customer all other banks will be able to leverage it, avoiding massive duplication of work the associated opportunities for security breaches;
- Education – students can submit a verifiable claim as proof of identity that other schools, on-line testing services, and potential employers can leverage as an attention of identity;
- Retail – products can be issued verifiable claims by government food authorities like the FDA, allowing any consumer to validate the authenticity and quality of products during purchase;
- Insurance – patients can share a verifiable claim of medical insurance to hospitals to streamline admissions and reduce the risk of fraudulent insurance submissions.
Self-sovereign identity, verifiable claims, and blockchain provide the basic building blocks of privacy-by-design using which we can build next-generation of fraud-resistant applications.
Read my other blogs in this blockchain series:
Blockchain, IoT and Emerging Blockchain Technologies
Can Blockchain Scale to Meet Enterprise Needs?
GDPR: Control over My Data, My Fundamental Right
Like this blog? Share it on social media or give it a thumbs-up using the buttons below.
Abilash Soundararajan is a Business Development Strategist at Aruba, a Hewlett Packard Enterprise company.