Digital identity

Identity has been around for so long and it can be very simple like remembering your friend’s face or can be as complicated as an advance biometric like a retina scanning. The evolution of identity verification started to develop with the issuance of the first paper-based identity in the 14th century and the history of identity looks briefly like this.

Nowadays when you want to register for a new service, like opening a bank account, you have to prove your identity to the service provider with your ID card and if you come back for a service each time, you will need to do it again, either by presenting password or other credentials. So, the repetitiveness is not only the weakness of Centralized Identity with a single domain (or even multiple domains) but also privacy issues, data leakage, and risk of sovereignty.

Decentralized Identity can unravel all that. You prove your identity only once to a trusted organization then the organization registers your Decentralized Identifier onto a blockchain (distributed ledger) which called Identity Trust Fabric (ITF). Then you will have your own verifiable credential which stored in your phone and you take fully control of it.

Quite similar to the famous Bitcoin, there is no need for a data silo. Decentralized Identity uses a tool called Distributed Ledger to create an Identity trust fabric (ITF) which it a peer-to-peer platform that we can generate our Digital Identifiers (DIDs) and get approval by a trusted third-party, then store it for a tamper-free verification to present to anyone.

Once you onboarded by clarifying your identity with a trusted third-party, e.g. Department of Transportation, you will have an e-ID Wallet on your phone and can present it with QR code or API connection. The verifier will compare it with your record on the ITF and grant you access to your requested service. Additionally, Decentralized Identity can provide you a feature called Zero-Knowledge Proofs, which literally means that by answering the verifier’s yes-or-no question without revealing any other information other than the proof, e.g. age verification, so you can keep your privacy at all time.

Terminology

An entity is any singular, identifiable and separate object, e.g. individuals, organizations, systems, & etc.

The unique fact of being who or what a person or thing is.

A unique fact of being who or what a person is IN the digital world. It may be connected to a real-world Identity (thus being a digital twin) or may not (alias/persona).

Unique information used to identify people, organizations, or things
within a context. For example: SSN, e-mail address.
A globally unique identifier that does not require a centralized
registration authority because it is registered with a decentralized
network.
An assertion made about a subject, which is tamper-evident and has
authorship that can be cryptographically verified.

A set of one or more verifiable claims.

A role an entity can perform by asserting claims about one or more
subjects, creating a verifiable credential from these claims, and
transmitting the verifiable credential to a holder.
A role an entity performs by receiving one or more verifiable
credentials, optionally inside a verifiable presentation for processing.
Other specifications might refer to this concept as a relying party.
Actions and mechanisms that can authenticate the identity of a person
that includes information about an authentication provider, the login
identifier used to authenticate a person’s identity, and other
information related to authentication of a person’s identity.

The authority to access to data or services to authorized entities.

  • Identity Trusted Fabric (Gartner’s)
  • A blockchain network that establish and progressively enhance the
    trust of a digital identity and its profile attributes. It stores the one-way
    hash of an identity and its profile attribute identifiers, as well as their
    related certifications by other trusted organizations.
  • Zero-Knowledge Proof
  • A set of mathematical methods used to verify things without sharing or
    revealing underlying data. It basically answers yes-or-no questions,
    e.g., age verification.
  • Public Key Infrastructure
  • A set of roles, policies, hardware, software and procedures needed to
    create, manage, distribute, use, store and revoke digital certificates
    and manage public-key encryption.
  • Hardware Security Module
  • A physical computing device that safeguards and manages digital
    keys, performs encryption and decryption functions for digital
    signatures, strong authentication and other cryptographic functions.
  • Identity and Access Management
  • A framework of policies and technologies for ensuring that the proper
    people in an enterprise have the appropriate access to technology
    resources.

Evolution

Enter Text

Authentication

Enter Text

Identity proof

Enter Text

Cryptography

Enter Text

Distributed ledger

Enter Text

New : 2020 Guidance for Decentralized Identity and Verifiable Claims

Get the guide