Decentralized Identity Portability

In this article I wanted to shed light on digital identity portability, starting from the current digital identities models and limitations to self-sovereign identity (SSI) value proposition and Decentralized Identifiers (DIDs) capabilities, ending up with a holistic view of the future digital identity portability.

INDEX

1- Current digital identities models and limitations

2- SSI and DID: capabilities and value proposition

3- SSI value proposition for different personas

4- SSI portability

5- SSI universal portability challenges

Conclusion

1- Current digital identities models and limitations

The Internet was born without an identity layer. So far web2 has managed identities following two models: centralized and federated. Although not always perceived as a threat, it is well known that these two models preserve neither privacy nor security.

The centralized identity model establishes a 1:1 relationship between one account and one web interface using protocols like HTTPS, SSL, TLS.

The federated identity model is an evolution of the previous one enhancing the user experience, like social login (Facebook, Google, Linkedin..) and all the SSO single sign-on enterprise accounts for example Microsoft account. Establishing a relationship with 1 to many makes the sign-up and sign-in less tedious for accounts connected via the same federated application. One account proxy access to many web interfaces via protocols like SMAL, OpenID and frameworks like OAuth 2.0.

Both models have 3 main limitations:

1. Identities are not unique. The identifier, email, and phone number, can be reassigned, the social security number can’t be proved that is yours.
2. No one owns the identity since they are issued by private entities, data are stored in servers that can be subjected to data branches, and identities can be revoked.
3. Identities are not portable. There’s no standard to exchange identities universally, so they are not portable from and application to another.

2- SSI and DID: capabilities and value proposition

Self-sovereign identity (SSI), the 3rd identity model, solves these limitations by introducing three main innovations:

1. Authentication is no anymore at the application level but at the protocol level
2. The identity is exchanged between peers (with no need for 3rd parties intermediation)
3. DID, decentralised identifier, W3C standard, thanks to blockchain technology, is the first identifier in history that combines the following four properties:

• It is a permanent (persistent) identifier that never needs to change; it is assigned once and never re-assigned.
• It is a resolvable identifier, you can look up the DID to get metadata. Also, can be enriched with information if combined with verifiable credentials
• It is a cryptographically verifiable identifier. The ownership is proven using the cryptographic function digital signature
• It is a decentralised identifier that doesn’t need central registration authority since it is enabled by blockchain technology and can be used on different blockchains
• it is portable, meaning it opens everlasting connection channels

3- SSI value proposition for different personas

The previous capabilities bring value to individuals, organizations and developers.

Individuals

- ownership of the identity and control with whom and what data to exchange

- increased privacy and security

- portable across vendors' applications, improved user experience avoiding the onboarding and remembering credentials

Organizations

- increase data integrity, quality

- quicker time to market

- increase interoperability and interaction between product and service portfolio

- saving onboarding and maintenance costs

- brand awareness

- enable innovation automation reducing system complexity

- engage with less risk, use electronic claim verification and improve transparency, auditability, and security

Developers

• Make it easier the integration between systems
• Design user-centric apps and services and allow to build serverless apps that store data

4. SSI portability

Today if you want to create a digital identity you create an account, which is an external object different from yourself, stored in a private server, that does not belong to you, held by somebody that you don't know.

Every time we create an account is like handing over our identity allowing somebody else to be you, and hoping nothing bad against us will happen.

With self-sovereign identity, anyone can be an identity issuer for an individual, entity, or machine. Rather than asking the external entity to create an account on their server, DID opens a connection channel.

DID is like cookies exchanged on the internet with a website, but between wallets, applications on our phones store our credentials and keys.

DID is a string that represents the address of the public key in a ledger so the public key is your own identifier. Since you have the private key you can prove that you own the public key.

The network is a key-value store, where the key is the DID, a string that represents the address of the public key, which is a location key. A JSON id document link data in a standard JSON format. The value retrieved when looking it up is the did document.

DID method specification define how to read and write a DID (and its document) on a specific blockchain or DLT. How you are going to create, update and don’t delete but revoke a DID in a did document. DIDs create a relationship, a lifetime encrypted private channel with the entity you share credentials with that you will use not only for authentication but also to exchange verifiable digital credentials on private, public, or DLT networks.

Any DID has its own private key that needs to be managed which constitutes an additional challenge.

The shift between applications to protocol means that DID becomes a digital representation of us and we choose with whom to exchange our credentials and which type of information to disclose.

You don’t have anymore an account at the application level (individual, organization, connected device), but you have a connection at the protocol level. At the end of the connection, there is a digital wallet which is an app where is store your credentials, keys, and tokens. Some of the credentials you issue yourself, others will come from peer issuers like -driver’s licence, employer, and loyalty card.

The shift of ownership is pretty obvious, the individuals regain possession of their own identity and data. But since we live in an economic society, although mechanically we already have tools now to do that, the transition between the old way of digital identification to the new needs to be recognized by all the actors, private and public, involved in the business of identification and authorization.

5- SSI universal portability challenges

1- Key management is still the main limitation and the same open issue for cryptocurrency non-custodial wallets where the user is the only one responsible for the custody of his/her assets.

2- Wallets application installed in our mobile with whom we exchange credentials. The wallet adoption is comparable to the browser adoption for the web. It needs massive adoption to be used

3- Governance between the 3 roles, the issuer, the identity holder, and the verifier. The issuers are public authorities or businesses that can attest to the data (attribute, credential, claims). The identity holders own the private keys and decide what to share with the verifiers. The verifiers verify the identity data and transact, so should be part of a trusted network.

4- Interoperability between Decentralized Identity solutions at several levels: credentials, ledger, wallet, and ecosystem.

Since 2017, SSI community has chased the killer app that would foster SSI massive adoption. Like browsers for the internet, the wallet app will be the user interface to exchange identities and payments on blockchain networks. Rather than a specific use case, the network effect and consequently the propagation of SSI decentralized identities portability will be unlocked by private and public institution agreements and the recognition of existing standards.

Portability requires the implementation of completely different digital identity architectures and networks and a cultural shift that brings back ownership to the digital representation of the human, entity or things, devices, and virtual assets.

Progressively overcoming a set of issues with a higher degree of complexity, along with policies and technical working groups, will move forward the portability and adoption in the long run.

So until there isn’t an agreement, a solution legally recognized, SSI will be portable only within the specific ecosystem or vertical, although improving security and privacy by design.

Conclusion

The idea that decentralized identities in the future could be seamlessly and universally exchanged for public and private purposes with institutions, and in the consumer world, is inspiring to say the least. The magnitude of what can be achieved is so transformational that justifies a long path to reach its full potential, as long as the right expectations are set up and stakeholders are aware of the milestones and challenges to be overcome in between.

Until then, SSI will be a valuable evolution of silos applications, bringing privacy and security benefits but not yet driving universal portability.

Despite how long it will take, we are going towards a future where we could say I’m the digital representation of myself.