This week, I gave a talk in a Hackathon event hosted by RMIT university, Accenture and CIRSO. During the event, I spoke about a fascinating topic – Self Sovereign Identity, a revolution of digital identity.
First, let’s define what is digital identity. Popular info site whatis.com, for example, says “A digital identity is the body of information about an individual, organization or electronic device that exists online”. My ice breaking question asked to the audience is: “How many of you believe you have digital identity/identities?” Most of the hands went up. Then I asked: “How many of you believe you have an authoritative digital identity?” No hands went up!
Why don’t we have an equivalent solution to physical credentials, e.g. passport, driver’s license on the Internet that we can just “show” to a website to register, login, or verify our rights and privileges? What is preventing it?
The internet addressing system is based on identifying physical endpoints (machines) on a network. However, people are not endpoints on a network. Therefore, the Internet has no way to uniquely identify people. If the Internet can’t identify people, then websites and applications must do that job. Therefore, usernames and passwords are so deeply imbedded in the fabric of the Web.
I know how we hate user names and passwords, but even worse than that, under this model, a person’s identity and personal data only exists within the context of each specific website or application he or she uses. Stop using the site or application and the person’s digital existence is meaningless. That is the biggest challenge we have with the digital identity today.
In an excellent article “The Path to Self-Sovereign identity” written by Christopher Allen, the models for online identity have advanced through four broad stages since the advent of the Internet: centralized identity, federated identity, user-centric identity, and self-sovereign identity.
Figure 1 – The four stages of digital identity
Self-sovereign identity is the final step in this evolution. The individual (or organisation) completely owns, controls and manages their identity. In this sense the individual is their own identity provider—there is no external party who can claim to “provide” the identity for them because it is intrinsically theirs. The individual’s digital existence is independent of any single organisation. Nobody can take your self-sovereign identity away from you.
Self-Sovereign Identity takes a paradigm shift. It shifts focus from “who we are?” to “what can I do?”
The best way to think of self-sovereign identity is as a digital container of identity transactions that you control. You can add more data to it yourself or ask others to do so. A great example is the recent “The Known Traveller” concept proposed and researched by World Economic Forum in collaboration with Accenture. The concept is based on the idea that an individual is in control of providing specific identity information, known in the digital identity industry as claims (e.g. biometric, biographic and travel history) to governmental and private-sector players along the journey, such as border control agencies, car rentals, hotels and airlines, for risk profiling, verification and access. The traveller can select which information is shared for a specific time according to the authority or private entity’s requirements to access the services. The identity of the traveller is authenticated through biometric verification and protected by distributed ledger technology and cryptography. (An environment of diffuse trust, not belonging to or controlled by any single organisation or even a small group of organisations). Furthermore, the technology connects with the identity providers’ own legacy systems, as well as with national systems connected to the International Civil Aviation Organization Public Key Directory (ICAO PKD), which is the trusted global source of identity providers’ digital signature information, to ensure traceability to the trusted source.
Figure 2 – Building a Known Traveller Status (Source: The Known Traveller: Unlocking the potential of digital identity for secure and seamless travel)
When you think in terms of a decentralized economy and society, exciting things can start to happen. When people around the world become owners of their own information, this can be a catalyst to a new set of business models allowing completely new ways to interact, e.g. new way of logging in and transact in ecommerce, new way of doing KYC, new way of handling our health records, employment history, school credential etc.
However, what got me excited is its implication in humanitarian space. According to World Bank, there are 1.5 billion people without a provable identity in the world which result in struggles to access a wide range of critical services. For example, they might be limited from accessing financial services like opening a bank account or obtaining credit; social benefits like vouchers, pensions, or cash transfers may be inaccessible; and healthcare benefits like insurance, vaccinations, and maternal care may be out of reach. The possibility of providing a provable digital identity that is private, portable and persistent for all those people so they could have the basic human rights as the rest of us is encouraging.