Decentralised Identity

“A globally unique persistent identifier that does not require a centralized registration authority and is often generated and/or registered cryptographically. … A specific DID scheme is defined in a DID method specification. Many—but not all—DID methods make use of distributed ledger technology (DLT) or some other form of decentralized network.”

Decentralized Identifiers (DIDs) v1.0

By making use of the existing Internet layer for financial transactions, with its thousands of participating institutions, GAIN has the potential to deliver a decentralised identity ecosystem that offers significant benefits for those financial institutions.

  • Turning a cost-centre (KYC processes and systems) into a potential profit-centre (offering Identity Provider services);
  • Simplifying processes, such as customer onboarding, login and password recovery;
  • Enabling cross-border platforms that facilitate scale;
  • Removing barriers (e.g., data sharing within and between institutions);
  • Moving towards comparative legal and regulatory structures that will serve to expand the total opportunity.; and
  • Re-using existing interoperable protocols, such as OpenID Connect and those APIs supporting Open Banking.

Critical developments in decentralised identity

The mission of the W3C’s Decentralized Identifier Working Group is to standardize the DID Unique Resource Identifier (URI) scheme, which includes the data model and syntax of DID Documents and DID Methods. The purpose of the DID document is to describe the public keys, authentication protocols, and service endpoints necessary to bootstrap cryptographically-verifiable interactions with the identified entity. The DID Method specification defines how a DID and DID document are created, resolved, and managed on a specific blockchain or “target system” and also defines, as a minimum, the Create, Read, Update, Delete operations for the DID.

Formed in 2017, the Decentralized Identity Foundation (DIF) promotes the interests of the decentralized identity community, including performing research and development to advance “pre-competitive” technical foundations towards established interoperable, global standards. DIF maintains an incredibly useful general-purpose knowledgebase, in the form of FAQs.

Originally proposed in 2015 the DID model was updated to include significant developments in distributed databases, cryptography and decentralized networks. This work led to the creation of another fundamental standard – Verifiable Credentials (VC) that together with the DID specification became the underpinning standards for Self-Sovereign Identity (SSI).

Self Sovereign Identity

See my previous post “Federated vs Self Sovereign Identity” to find out more about the fundamentals of SSI and the way in which it differs from Federated Identity.

The definition of SSI – “a person’s identity that is neither dependent on nor subject to any other power or state”, has given rise to two myths about SSI, which have, to some degree, cast a cloud over the adoption of the term.

  1. Self-sovereign identity is not ‘self-asserted identity’, it is just as dependent on information provided by trusted sources as one’s identity is in the real world e.g. the issue of a ;physical passport.
  2. Self-sovereign identity is not ‘just for people’, it is equally applicable to organisations and things.

More recently the term decentralised identity has made something of a resurgence with Microsoft throwing it’s considerable weight behind the term in this recent blog post.

Objections to Decentralised Identity

In October 2021, Google, Apple and Mozilla lodged formal objections to W3C approval of the Decentralized Identifiers (DIDs) 1.0 specification; the substance of which relates to concerns over

  • Interoperability,
  • Divergence rather than convergence of DID methods,
  • Centralized DID methods are not excluded, and
  • The impact on the environment by the reliance on blockchain.

Discussions continue and we all look forward to an early resolution of the issues raised.