Decentralised identity is the
Sign In With Google equivalent for the physical world, except you are in control of your data.
We are all used to registering or authenticating using our Facebook/Google/Apple accounts. These have become so ubiquitous its hard for a developer to imagine building a user registration flow today without these options. The benefits of these are twofold — convenience (no need to fill forms) and security (trusting FB/Google rather than an unfamiliar product). The user is spared the hassle of remembering yet another account and the developer can skip building a standalone user authentication system.
Now how can we build such a system for handling our most important documents, like driver’s license or passport. The ideal system would let a service verify our identity without giving it any access and lets the user remain in complete control of their data, enter Decentralised Identity.
What is this Decentralised Identity?
To put it simply, just like cryptocurrency changed money to a completely digital form that lived on your mobile wallet, decentralised identity uses blockchain to store and share your identity. Its a little bit more complicated than just storing your driver’s license or passport as pdf, decentralised identity is a secure way to verify and share your identity.
Want to read this story later? Save it in Journal.
So how does decentralised identity work? Decentralised identity models lets users share identity verifications over a blockchain network. The identity itself is not stored on the blockchain network, instead DID uses verification method that lets you verify a claim without actually sharing the identity. Your identity is with your control at all times and is never actually shared, eliminating most identity theft problems.
A did identifier looks like this
did:example:123456789abcd , different networks can reserve did identifiers like domain names and can then be used to issue identities, so a DID issued by google could look like
did:google:1234569abce and a DID issued by the US government could look like
did:usgov:abcd1235 You can think of this like the SSN in the US or the PAN in India, it is one single identifier that lets you authenticate across all services, but unlike SSN/PAN nobody can misuse you identity in case of DID because the identifier itself has no meaning unless signed by your keys.
And these keys are never shared, they live inside your mobile device (or a secure server if you choose to) and will authenticate every request for identification. Some protocols also use a different temporary DID for all relationships, ie. the DID for your schoold and your office are two totally randomised values and ensures your DID is never compromised by any single service.
Another important feature of DIDs is selective sharing of data. Lets say a service wants to know your age, in the present situation, you would present your ID to a human who then checks your age and admits you. With DIDs, you dont even have to share your age, the service will simply query your did with a condition like
is age > 18 ? and if that statement is true, the DID returns a success message, the service still does not know about your age, it simply knows if your old enough to use their service. This can be expanded to a lot of arenas, you don’t have to share your age at a hotel, they can simply check if you are over 18 (with your consent, ie. if you approve the request), you do not have to share your bank statement with a real estate agent, he can simply query if you have put up an escrow.
What does the future look like?
DID is the future of identity and authentication, we are right now relying on identitifcation systems built for the pre-internet generation, DID is digital native and is built for the internet. It is still in its very early days, so early infact a proper standard has not been agreed upon yet. The backbone of the internet, TCP/IP was standardised in 1982, so we are a long way from seeing a standardised DID setup being used internationally.
DIDs combined with CBDCs (Central Bank Digital Currency) will ensure that identity verification and issuance can move to a completely paperless process.
DID W3C working draft — https://www.w3.org/TR/did-core/
Sovrin Project— https://sovrin.org