Wallet-based identity

Mobile phones are becoming increasingly smarter and they are slowly swallowing a wallet. We already have a cryptographically secured money, called cryptocurrency, but a wallet is also about documents: identity and healthcare cards, driver license, and vehicle registration are all necessary to prove who you are and that you have access.

Identity is all that defines you

Identity is all that defines you and how people recognize you in the world. Today our identities are owned by governments and corporations. On October 4, 2021, Facebook, along with WhatsApp and Instagram, disappeared from the Internet. Anyone who relied on Facebook to log in on third-party services was unable to use Facebook authentication as well.

Corporate and government data aggregators have proven in many data breaches that the centralized security approach is not enough, as it creates two issues: you can either lose access to your identity or someone else can steal your identity.

Login and password

The process of proving who you are, online is called authentication. The most common form of authentication to web services is based on login and password, and this method seems to have many faults:

most people have an average of 70-80 passwords to remember, and three-quarters have had to reset at least one forgotten password in the past 90 days,
61% of consumers admit to reusing passwords, with 18-to-24-year-olds being the worst offenders,
an estimated 1 million passwords are stolen every week,
the average consumer abandons 16 purchases a year due to password frustration.

Because this approach is not secure enough, more and more online services enforce 2-factor authentication, where mobile device plays a key role to generate a temporary code. This combination of digital identity and the physical device seems to be a key to greater security. Especially since we are now more likely to leave our wallets than our smartphones at home, and 90% of users have a mobile device within reach at all times. A smartphone is already holding a key set to our digital identity, and a wallet as well.

Digital identity wallet

In the digital world, a wallet is an identity management application, that allows users to store and manage digital identity keys. It is worth considering that the digital identity wallet is dependent on a device and while this is convenient, it can also be a challenge if the device breaks down, runs out of battery, or faces network issues.

Centralized identity wallets

Many governments and corporations in order to preserve their best interest are working on their own implementations of digital identity, trying hard to convince the world to their centralized approach, where a single authority has the power to issue and disable identity keys:

Visa, in partnership with IBM, on their B2B Connect platform, utilizes open source Hyperledger Fabric blockchain, which means the implementation is based on private corporate blockchain
Cardano Prism is set to supply the EU with digital identity wallets, and the level of decentralization of the Cardano blockchain is debatable

These solutions mostly benefit their authors and ignore the greater social interest.

Decentralized identity

The need for decentralization has been expressed in common efforts of World Wide Web Consortium (W3C) members and resulted in Decentralized Identifiers (DIDs) as a new recommended standard for the Web. W3C specifies that a decentralized identifier has 4 essential characteristics:

decentralized: there should be no central issuing agency,
persistent the identifier should be inherently persistent, not requiring the continued operation of an underlying organization,
cryptographically verifiable: it should be possible to prove control of the identifier cryptographically,
resolvable: it should be possible to discover metadata about the identifier.

Decentralized identity introduces the concept of user-owned IDs, which may become a hard pill to swallow for many governments and large businesses.

Decentralized identity refers to a system of identity management for people, organizations, data, and apps.

Decentralized identifiers are a new type of identifier that enables verifiable, decentralized digital identity. In contrast to typical, federated identifiers, DIDs have been designed so that they may be decoupled from centralized registries, identity providers, and certificate authorities. Specifically, while other parties might be used to help enable the discovery of information related to a DID, the design enables the controller of a DID to prove control over it without requiring permission from any other party.DIDs are URIs that associate a DID subject with a DID document allowing trustable interactions associated with that subject.

Decentralized Identifiers v1.0, W3C Recommendation, 19 July 2022

Warm data

Because Decentralized Identifiers are URI, they are pointing to where the data is located instead of representing the actual data storage. The International Bateson Institute describes interrelationships between information as Warm Data:

“Warm Data” is the information about interrelationships that integrate elements of a complex system. It has found the qualitative dynamics and offers another dimension of understanding to what is learned through quantitative data (cold data). Warm Data will provide leverage in our analysis of other streams of information. The implications for the uses of Warm Data are staggering, and may offer a whole new dimension to the tools of information science we have to work with at present.

The International Bateson Institute

Decentralized Identity Foundation connects open-source developers and organizations from around the world in joint efforts for building a new identity ecosystem. DIF Work Groups are organized around topics including:

Authentication, focused on wide spreading password-less authentication
DID Communication, providing secure communication channels for DID owners
Secure Data Storage, also referred to as Data Hubs, for decentralized data storage
Wallet Security group is working on standardizing digital wallet solutions
Sidetree development and operating group works on a backbone protocol for The Identity Overlay Network (ION) that implements DIDs atop Bitcoin

Among many other implementations, the ION network is the only one that meets all 4 requirements for decentralized identifiers, as defined by W3C. According to the name, the first point on the list is “decentralization”. Bitcoin is currently the most secure and decentralized blockchain, and time will show if not the only truly decentralized digital ledger technology.

With greater power comes greater responsibility

Photo by Blake Connally on Unsplash Digital identity can be centralized and decentralized. The difference is who has control over access keys. Centralized identity administration means that one day you may lose access, own nothing, and not essentially be happy. On the other hand, decentralized identifiers will give you more control over your digital life, and luckily for mental well-being, this power will come with more responsibility.

Decentralized identifiers are an important step in building a semantic version of the Internet, where users own their data, often referred to as Web3. DIDs open a pathway to greater access control and management tools for all content creators. Truly decentralized identity means you will have full control over who and how access your online data.