The advent of blockchain technology seems to have unavoidably ignited the interest of many different parties as (apparently) the missing link for building a truly decentralized digital identity system. Such as the blockchain was indeed the missing link for building a truly decentralized digital currency, the reliance upon a distributed ledger as the only “root of trust” (given robust enough consensus protocols and a fair distribution of power) makes possible the existence of a single (and unforgeable) “source of truth” for all sorts of identifiers and their related data.

In simple terms, by combining the blockchain paradigm with the concept of public key infrastructure, an ecosystem can be built where trust arises dynamically and organically within the system (such as in real social interaction) intead of granted by a central (root) authority. Moreover, such an ecosystem can provide the capability for entities to make cryptographically verifiable claims about other entities, giving place to a wide spectrum of potential solutions to a huge number of identity-related problems while also disrupting the current mechanisms for authentication and authorization.

The Decentralized Identity Foundation, along with the W3C Credentials Community Group (among other involved and related initiatives) are working on the making of standards and tools for decentralized identity to become a reality. To understand this enterprise, it’s crucial to know the concepts of DIDs and Verifiable Credentials.

Decentralized Identifiers (DIDs)

Simply put, a decentralized identifier is a string of characters that is associated with an entity (whether a person, organization or even a thing), and it’s tied (via a distributed ledger or any sort of consensus network) to a series of attributes upon which only the identity owner can perform any changes. These attributes might include public cryptographic keys, among other relevant data for authentication and authorization purposes.

A SelfKey DID would look like this:

did:key:0x4d130daf2443c0e622f211e629363b5e689073b8

An identity owner might generate and manage multiple DIDs according to her needs to provide different “facets” on different contexts. For example, Alice might want to keep a DID for interacting with cryptocurrency exchanges, and another one for keeping credentials related to healthcare records. Furthermore, Alice might even want to create a unique DID per relationship she establishes through her identity wallet, thus avoiding leaking out any correlational information to malicious third parties.

Verifiable Credentials

Utility value in this paradigm becomes more evident when we leverage the benefits of a trusted and decentralized source of identifiers to enable entities to make attestations about facts or attributes in relation to these identifiers. Since the issuer of these attestations can be easily verified to have legitimately done so (via cryptographic signature verification), a powerful system of trust and proofs can be developed in a fully decentralized manner, with the potential to comprehend and improve all areas of digital interaction.

These are a few example use cases for verifiable credentials:

A notary public certifies that a given legal document copy is legitimate for a certain individual.

A financial institution states that an individual has successfully gone through KYC process.

An academic institution states that a person has achieved certain degree in a career or has approved certain specific courses.

An individual (as an identity owner) gives explicit consent to an institution or company to perform certain actions or utilize given personal data on the owner’s behalf.

A company states that a given person is an active employee in the company or was an employee for a given time period.

…The possibilities are endlesss, from the most “institutional” use cases such as the ones mentioned, to the most “casual” such as proofs of community group membership or simply “friendship status” on a decentralized social network.

Also, it’s important to note that verifiable credentials can be stored and shared privately, thus preserving the principle of privacy that is characteristic of self-sovereign identity.

Identity as an economic incentive

One of the most interesting aspects of blockchain, as seen on the cryptocurrency case, is the incentivization of public contribution to the system. Also, incentivization schemes work as security measures, by economically encouraging “good” behavior within the system, while making “bad” behavior simply not profitable.

In the identity space, this is no different. By providing entities with a convenient and secure platform to make verifiable attestations upon other entities, an attestation marketplace naturally arises, in which free market dynamics and reputational measures serve to give real value to the legitimate use of identity data. In such a system, the following scenarios emerge:

A certified notary public charges a fee for issuing attestations over legal documents.

An identity owner receives a fee for sharing personal data, if the corresponding credential is proven to be valid.

Credential issuers receive a fee per successful validation, as long as the credential doesn’t expire.

Certain attestations require a “stake” of tokens to be made, in order to provide a measure of trust over the attestation. If the corresponding credential is found to violate any policies, the stake would be lost.

More complex use cases can (and most probably will) arise as the complexity of the identity ecosystem increases and a wider diversity of actors join the self-sovereign community.

Conclusion

Given the potential of blockchain technology in order to provide a decentralized and verifiable source of truth for identity and attestations, we can assert that the age of self-sovereign identity is imminent. In a world where the failures of centralized systems become more evident each day, a technological setting where the identity subjects are the real and sole owners of their data sounds more like a necessity than just a desirable capability.

Furthermore, it’s not hard to envision a whole economy developing on top of self-sovereign identity, where credential issuers and credential holders are properly rewarded for the utilization and disclosure of their data through the implementation of secure monetization protocols and a decentralized marketplace. At SelfKey, we’re working hard to build and provide such a reality.