Our startup, CollaboGate, has released the first product, UNiD, decentralized identity platform on March 10, 2021. We are receiving a lot of responses from the audience who is reimagining digital experience. The days to design our decentralized architecture and build products are full of insights and we are excited to keep working on that.
As we hit the road, people often ask this question to us, “Do you recommend some resources about concepts and technologies of the decentralized ID?” If you were an engineer, you could learn that by reading various spec sheets and source codes. However, there is no such introductory content to navigate you to learn quickly available for business people in real life.
In my serial blog posts, I would like to address some problems regarding the limitation of the current internet system inherently holds, the future of the internet, user’s awareness and dynamism to privacy, concept, technologies, and use cases of the decentralized ID. Subscribe to this blog if you like.
What is the Decentralized ID?
The decentralized identifier is a spec of a new identifier that individuals (or corporations or machines, as the case may be) manages their own identities. By combining the decentralized ID with digital signature technologies and distributed ledger systems, the individuals will be able to get control to access their personal data and communicate with other parties in the digital world in a more secure way. Some exciting pilot projects such as vaccine certifications and digital passports are going on. Debates surrounding decentralized identity are becoming more active and I suppose it will remain so going forward.
In this article, I intend to share some key concepts about inherent issues of most digital ID currently being used, differences between the digital ID and the decentralized ID, why the decentralized ID matters to us.
Current Digital ID Model
Until now, we have familiarized ourselves with a siloed model where we make the digital ID for every single service that we use, sign it up, and access to resources of the service. That model is simple and easy to build, although a process to enter our personal information for every time we use and complete a sign-up procedure itself is a lot of work. In fact, it is said that 40–50% of users drop the service in their onboarding process such as user registration and data entry to sign up forms. In addition, password is accompanied by big security issues, for instance, at least 65% of people reuse the same password to use multiple services and makes one of major causes of data leakage.
The federated model, where a third party acts as Identity Provider (IdP) between you and services which you are accessing, was made to address the issue.
The federation model enables people to authenticate to the service with digital credentials once it goes through IdP. It is commonly used in forms of social log-in and single sign-on. The federation model enabled seamless authentication and authorization, reducing the number of separate credentials you need to maintain, and, thus improved usability of the services. However, the federation model still involves some structural problems as follows:
- Trust Issue: All federated services need to trust the IdP for all authentication. Therefore, it is difficult for the services that require a high level of trust, such as finance, healthcare, and social infrastructure, to employ the federation model considering the levels of trust and demarkation point. In fact, the federation model in such social infrastructure use cases as accessibility to multiple banks with the credentials issued by another bank, remains to be unused despite the governments’ efforts to use it.
- Single point of failure: The IdP is virtually a treasure house of personal information where all the credentials gather. Plus, because the IdP defines the data format and schema, and it needs to keep connections to all the participants on the network, so It lost the flexibility and expandability of the system. Therefore, costs to build and maintain the IdP are very expensive, and policies and operations of the IdP affect the associated services.
- Censorship Issue: IdP obtains the information regarding who, when, and which services a user accesses. Censorship is actively discussed globally in the dynamism of awareness to the privacy being raised and regulations of personal information protection.
And, we have noticed what these two models have in common is that enterprises have a control to the digital ID. I would like to name it the “enterprise-centric model.” Now, I would like to spot some structural issues that cannot be solved by the “enterprise-centric model” and key concerns that all enterprises who are progressing digital transformation of their businesses should address.
- In the enterprise-centric model, we, as the owners of personal data, can not aware of what kind of information is collected when and how it is used. In an age when privacy is a prerequisite for building trust, enterprises need to redesign not only their business operation and internal rules regarding privacy, but also supporting systems and digital identity infrastructure.
- In the enterprise-centered model, nobody can prove that identification and certification such as academic history and vaccination etc… without relying on the trust of third parties. Our daily lives still require face-to-face and manual data verification. The operations to verify those data being generated in every single transaction require tremendous cost and often create a bottleneck for DX.
- Owning data is becoming more expensive and it is not making business sense. In other words, the cost to own and manage the data keeps increasing constantly. Competitive advantage to own the data is getting smaller, and on the other hand, making profits using personal information is not an easy job. Most enterprises and services use personal information simply to provide decent services that suit user’s needs and it is not necessary to centralize it in one place.
- For enterprises with multiple customer touch points and services, having separate digital ID systems for each service is a highly prioritized management issue. The approach of building in-house IdP goes against the times, as we have discussed.
With the spread of the Covid-19 and the accelerating DX of the social infrastructure, organizations and services around the world are experiencing problems that cannot be solved with the “enterprise-centric model”.
Difference between the decentralized ID and the main stream of digital ID of today
The individual-centered approach makes the decentralized ID unique comparing to the enterprise-centric model. The individual-centered approach enables individual to control their identities. It may sound innovative very much. And, a certain peer (individual, organization, and machines) can directly establish an encrypted connection with other peers. This encrypted connection sustainably remains to be maintained, instead of the session-based connection. This encrypted connection can enable the exchange of digitally signed credentials and verification of the data to be received using decentralized ledger.
I will give you an example. If the decentralized ID is in place, you can bring your credentials issued by your hospital and your credentials will be able to be automatically verified in the insurance services or immigration at the airport. Similarly, you will be able to reuse the identification already issued by a trusted party for other services. By the portability of credentials that can be verified by anyone, it becomes more difficult to make spoofing digital ID simply by knowing his or her personal information.
In summary, digital identities, which has been managed separately for each service, can be connected to decentralized identities managed by individuals to realized a user-driven data circulation. The connected services will be authorized to access the verifiable credentials based on user consent and exchange verifiable credentials in secure and privacy-preserving way.
The standardization of decentralized identity and verifiable credentials has begun around 2017, and W3C has published the Candidate Recommendation in the following URL: https://www.w3.org/blog/news/archives/8966 in this March. That means the completion of the phase to design technologies regarding the decentralized ID. The decentralized ID has become ready for implementation in the real life.
As a technology startup, we are focusing on development of our full-stack platform that introduces the decentralized identity in more effortless way, although we are aware that we need to pay attention to policies and governance in addition to technologies at the same time. We are accelerating to collaborate with engineers, policy makers and communities globally and progress our digital society.
We are ready for demo. We look forward to receiving the demo requests from the enterprises who are passionate about reimagining digital experience. Apply from HERE.
Thanks Miki for helping with editing 👍
Follow us on Twitter
Follow us on LinkedIn
P.S. To learn more about UNiD, please visit our GitHub, where we will feature (a demo) and a technical deep dive.