Identity issuers, holders, and verifiers can all benefit by migrating the ID management process to the blockchain.
Written by: Andrew Cahill
Translation: Ontology
Core point of view:
- Decentralized identity solutions are challenging the paradigm of centralized identity management;
- Identity issuers, holders and verifiers can all benefit by migrating the ID management process to distributed ledgers and blockchains;
- Although product trials are still in progress, if decentralized identity solutions bring product market adaptability, identity owners, application development companies, and blockchain consulting companies will be able to obtain corresponding value well.
In today’s society, managing digital identities is clearly still a challenge. Mass data is facing the threat of attacks and leaks. On average, each Internet user manages about 70-80 different user names and passwords. Phishing techniques often entice users to reveal ID cards and passwords. According to statistics, identity data breaches cause an average annual loss of up to 17 billion U.S. dollars. The list goes on.
These problems plague users with digital identities. It is estimated that approximately 1.1 billion people worldwide cannot prove their identity, preventing them from accessing critical medical, educational, and financial resources.
However, when we refer to “identity”, what exactly are we referring to? This includes many types-
“Identities” vary in shape and size, from government-issued IDs (driving licenses, passports, food stamps, and voter identification certificates) to healthcare IDs (medicine licenses, electronic prescriptions, and medical records) to financial IDs (KYC data, Credit history), social ID (browsing history, social media interaction). In a broad sense, they represent any information that a user shares with a specific individual or entity at a specific point in time.
However, regardless of what the actual ID represents, most identity management frameworks are composed of three parties: issuer, holder, and verifier. The issuer is the trusted party that issues the certificate and proves its validity. The holder is the individual who receives the certificate. The verifier is responsible for verifying whether the ID card represents the holder and whether it was issued by the issuer.
The issuance of a driver’s license is a simple case of identity management. In the United States, the state-level automotive department responsible for processing license applications and issuance represents the issuer. The licensed driver represents the holder. Any person or organization that uses identity to verify the identity of an individual represents a verifier.
Like most multi-party transactions, this identity management relationship is backed by trust. The verifier trusts the issuer, in this case the motor vehicle department issues the identity and conducts on-site inspection and verification. The owner believes that the motor vehicle department will protect and store their personal data. This is a case of a trust relationship between stakeholders in identity management.
More broadly, Internet users entrust billions of personal data records either explicitly or implicitly to social platforms, financial service companies, healthcare providers, and almost all individuals or organizations that provide services to users and verify their identities.
Most of these providers claim to provide “free” services, realizing customers’ personal data and online activities, forming a repetitive and centralized database, which is a “honeypot” that can be easily exploited by hackers. The costs associated with these centralized identity frameworks are difficult to quantify. Equifax paid US$575 million to the US Federal Trade Commission and state government agencies to resolve its 2017 data breach . However, this is only an explicit cost borne by the company, and has not been included in the cost of sensitive user information leakage. The opportunity costs associated with allowing third parties to access sensitive user information in exchange for “free” services are more difficult to quantify.
Decentralized identity solution
The mission of most identity solutions follows the idea of ​​”giving users the right to control their own identities.” But what does this mean? How will it be achieved?
In short, this means using blockchain and public/private key encryption technology to manage the issuance and verification of digital identities. Blockchain infrastructure can achieve many functions. When users control the private keys associated with their identities, they can more selectively decide when and with whom to share information. As electronic signatures encrypt and authenticate identities and do not require manual verification of paper documents, forging credentials becomes more challenging.
The key technical difference between decentralized identity solutions and centralized solutions is the decentralized identifier (DID). DID is an ID based on blockchain technology, used to connect the identity owner (individual, organization) and the public key address based on the blockchain. They provide a basic trust basis for determining “who is who” in the decentralized information sharing model, and have 4 main attributes:
- Permanence: Never need to be tampered with;
- Resolvability: used to find metadata;
- Verifiability: it can be encrypted and verified, and the private key signature proves its controllability;
- Decentralized attributes: no centralized registration authority is required to publish and store relevant data.
According to the World Wide Web Consortium , there are currently more than 90 DID method specifications under development, covering more than 80 different licensed and unlicensed blockchain networks.
The following figure outlines the issuance and verification process of DID and ID:
Specific steps are as follows:
- The issuer registers the public DID on the blockchain or distributed ledger of their choice;
- The holder provides the issuer with the information needed to create the voucher;
- The issuer creates a certificate, digitally signs the DID they created, and then provides the holder with the certificate that needs to be put in their wallet;
- When the wallet holder presents the digital certificate to the verifier, the holder creates a separate DID by effectively signing the DID registered by the issuer;
- When the holder presents the digital certificate to the verifier, the verifier can refer to a suitable blockchain or distributed ledger to verify that the issuer has indeed digitally signed and sent the certificate, and the holder has indeed performed the DID The certificate controller of the signature.
But what does this mean in practice? This means that issuers, holders and verifiers are all likely to benefit from the current solution and improve efficiency.
Issuers can avoid the cost of issuing paper certificates that are easily tampered with and forged; holders can better control their ID, and can decide when, who, and under what conditions to disclose their identity information; The verifier can guarantee the authenticity of the provided identity to a greater extent, and can reduce the costs and risks associated with manually verifying the ID and storing sensitive customer information.
Furthermore, this greatly reduces the risk of centralized storage of customer data. In a decentralized identity system, information is scattered and stored on local devices such as smart phones. Under the decentralized data model, the risk of ID theft may be limited to a single user and wallet, rather than a large database that stores billions of personal information records.
From a high level, the decentralized identity industry can be divided into four parts to promote the process of landing applications.
(i) Blockchain infrastructure: Blockchain and distributed ledgers lay the foundation of trust for decentralized identity solutions, including permission chains such as Sovrin, organizations have control over operational network nodes, and Bitcoin, etc. Without permission to the network, any participant can operate the node to achieve consensus.
The main purpose of the blockchain is to manage the issuance of DID and provide a distributed registry for encryption verification. The DID method is being developed on general-purpose blockchains such as Ethereum and blockchain platforms optimized for decentralized identity management such as Sovrin, Veres One, and Ontology.
(ii) Standards and interoperability: Organizations such as the World Wide Web Consortium are developing structure and verification standards on how to construct and verify decentralized identity data, with a focus on making solutions interoperable.
(iii) Consulting and deployment: Blue-chip consulting companies and blockchain technology companies are using educational resources and consulting services to bridge the gap between development and real-life decentralized identity use cases.
(iv) Wallet and verification services: Technology companies are developing wallet applications and verification solutions. The wallet is used to store personal identification credentials and the private key associated with the DID. Verification services enable companies to use decentralized identities that are usually stored in digital wallets to verify their customers.
The value of decentralized identity at a glance
Obviously, there are several stakeholders in the decentralized identity system. Although product development and experiments are still in progress, once the decentralized identity solution is widely used, its value manifestation is still worthy of careful study.
At this point, the most obvious beneficiary is the individual identity holder. By controlling their identity, users can benefit in many ways. From a quantifiable point of view, this may mean getting compensation for leaking personal information, such as browsing history, consumer preferences, or health care data. From a more qualitative perspective, the economic value of enhancing personal privacy protection is even more difficult to assess.
Technology companies that develop wallet applications and provide verification services can also benefit from ecological development. The value matrix brought by companies such as Civic provides a prototype of a decentralized identity pricing structure: companies that provide identity wallets and verification services can charge a fixed SaaS rate or a pay-per-use fee to verifiers who need to verify customer identities.
In addition, the blockchain tokens related to certain wallet applications shown in the table below may increase in value. The use cases and design of tokens vary from project to project, but they are usually used to motivate users to use applications, deliver value in their respective identity and data networks, and in some cases grant a governance function. Under the same other conditions, how to adjust the structure of these assets and how to integrate them into the corresponding ecology may drive the relevant wallets and identity networks to achieve valuable growth.
Digital assets related to decentralized identity have risen with the overall bull market of digital assets this year, but they are still far below the historical high level during the 2017-2018 bull market. According to our research, Ontology, Civic and SelfKey represent more active decentralized identity projects, and their ecology is closely related to digital assets.
Similarly, blockchain consulting companies can get consulting fee income from the decentralized identity ecosystem. Blue chip technology companies such as Microsoft, Accenture, and IBM are taking the lead in launching their own decentralized identity solutions, while Evernym and Consensys are helping companies build their own decentralized identity infrastructure.
Finally, DID-registered blockchains, especially those optimized for DID, can benefit from broader ecological development. Decentralized identity solutions rely on blockchain or distributed ledger to promote the issuance and verification of DID. Under all other conditions being equal, the issuance of DID requires blockchain transactions, which may drive the demand for native blockchain assets on a large scale to pay for related transaction fees.
Concluding remarks
Fully digitizing identity solutions is a common task that governments, private companies, blockchain communities, and standards bodies are exploring. The main problems of the current ID framework include: the concern for centralized data storage, the abuse of personal customer information, and the inability of individuals to completely control their identities.
It is estimated that by 2030, the economic value that a fully digital identification system can release will be as high as 3% to 13% of GDP . In view of the existence of different types of identities under fragmented supervision and legal jurisdiction, the possibility of one family being dominant is slim. The decentralized identity solution introduces a new framework for the storage and sharing of personal information. But they are not omnipotent and usually transfer the responsibility of information protection from the company to the individual. Every user who has his own Bitcoin wallet knows that managing and updating private keys should not be underestimated.
The success of these solutions will ultimately depend on their ability to generate strong network effects, which will take time to test. Its standards need to be jointly established and adopted by a wide range of industry participants. Issuers need to adapt to the new framework to manage and issue certificates; users need to adopt this technology, and in most cases, they also need to adapt to personally escort the certificates; companies and verifiers need to adopt relevant technologies to promote the adoption of these certificates .
These tasks are arduous. But having said that, the apparent cost associated with the current centralized solution is high, and the opportunity cost associated with it is not decreasing.
Source link: www.theblockcrypto.com
