Managing identities in a decentralized model
Publié le 21 décembre 2020Imade Elbaraka
In this age of digital transformation, the spheres of the individual’s life as professional, consumer, and private citizen are interlinked in a complex digital structure, like a piece of fabric. Identity has become the mapping of physical and digital realms using a unique secret that only the physical object knows, does or is defined by.
Whether it is about requesting a new credit card, enquiring about electricity account or interacting with governmental services, our current system is built around multiple sources of physical identity documents and cumbersome account log-ins.
Today, while consumers expect to connect with services and products instantly every day, our traditional identity processes require the possession of multiple accounts and log-ins with service providers and with organizations formerly interacting with each other, which need to verify our identity at each sign in, causing friction and mistrust. We increasingly need to prove our identity to third parties, each with different assurance requirements. This also leads to duplication of the user’s digital identity information that needs to constantly provide proof of identifier.
So, what if you could re-use your verified, unique and continuously updated identity in a decentralized model whenever you need to prove who you are with any provider?
Based on a transparent, immutable, and irreversible technology, digital identities can be managed within a non-proprietary architecture, a disruptive model contrasting with traditional identity management approach of storing identity and entitlements data in central authoritative sources where tracking of immutable identity changes, control and transparency can be problematic.
Built by a community based on trust, cryptographically verified identities can be consistently shared over a distributed ledger technology composed of multiple entities interacting without a centralized intermediary, providing a way for information to be recorded, shared and maintained by the created “Web of Trust”.
In its distributed form, the digital identity is considered as the “Single Source of Truth” which is self-sovereign where:
- every entity owns and controls its own identity, with the identity owner being autonomous and deciding the information to be shared
- distributed master identity record eliminates duplicated customer information across disconnected systems
These figures describe the evolution from siloed identities and inconsistent storage of attributes between organizations to blockchain-based model of decentralized identities and consistent information in each node/organization.
According to Gartner’s predictions in 2018, 35% of Identity and Access Management initiatives will include blockchain in 2022.
Blockchain Identity management takes identity verification and authentication to the next level.
Traditional identity and access management methods suffer from numerous challenges, including fragmentation of identity stores, nonrepudiation of enrollments, and password vulnerability. Here’s blockchain identity technologies will fundamentally transform the IAM landscape in the next years:
- Increase reliability and lower cost of initial identity verification: Current identity verification methods predominantly rely on static, proprietary databases and services that aggregate many data sources (e.g., credit file headers, mobile network operator data, government records) in a nontransparent manner. For enterprises that require identity verification to support business and customer operations, there is no direct way to: 1) verify the provenance of data used for identity verification (e.g., where it came from, how old it is, how it was enriched); 2) contribute to data (e.g., correct errors, add new entities); and 3) rely on peer information.
- Help enterprise move away from passwords and legacy authentication credentials: The password has reached the end of its useful life: We hear every month about data breaches resulting from compromised passwords. Blockchain can use historical transactional data and dynamic contextual information as authentication credentials and is thus much less vulnerable to hacking than passwords. Stronger enrollment methods, including reliance on past transactional information with other peer organizations (e.g., banks, insurers) will ensure the legitimacy of authentication credential information captured in the blockchain.
- Create a usable and flexible identity verification ecosystem for customer-centric identity: An identity and its attributes (e.g., date of birth, address, email address, phone number) that organizations use and store are never the same. For example, some contexts (e.g., governments, national ID schemes) allow using date of birth for IAM while others (e.g., employers) do not. The level of diligence in identity verification and trust in the digital identity also greatly varies. For example, you must undergo an in-depth know-your-customer (KYC) process to become a customer of a bank, but you need minimal to no identity verification to sign up for a photography blog’s email list. Blockchain identity’s brokerage scheme helps not only with identity verification but also with the ability to combine data sources and achieve a much higher degree of accuracy in identity verification. This is because you have designated identity verification brokers between the identity verification data providers and the organizations that need to verify users’ identities.
Yet blockchain-based Identity management cannot be revolutionary without a real introspection of the applicable security model. Blockchain risks should be addressed by implementing an identity trust fabric, a shared ledger for proof of identifiers, necessary for rooting trust in a decentralized network.