What is decentralized identity, federated identity and self-sovereign identity

What is decentralized identity?

In an increasingly digital world, where mobile payments are second nature and biometrics are becoming common, it’s only a matter of time before bank cards, passports and cash get left behind. Our kids will soon wake up without the need for any of these items. They will instead turn to their phones or watches combined with their face, voice or fingerprints to make payments and prove they are who they say they are. Eventually, verifying identity will be done solely with our physical attributes.

But to deliver on this future we need to ensure personal information can be shared in a privacy-centric and secure way. We must be able to broker trust between one another in both the online and physical worlds without the threat of impersonation or data breaches. Until recently, trust was built face-to-face or by sending documents through the mail. It then became the job of credit bureaus to identify us online using knowledge-based questions, such as ‘what’s your mother’s maiden name?’, or ‘what addresses have you lived at in the past three years?’.

The problem with these methods is that they either take too long or are no longer viable because data breaches have rendered knowledge-based solutions untrustworthy. Complicating things even further, Juniper Research predicts that a few years from now there will be 50 billion internet-connected devices, many of which will require you to prove your identity for service or access — a landscape that will be all too tempting for fraudsters and all too complicated for us to manage. Decentralized identity promises to simplify digital identity for everyone by making it easier to verify and share, while making it completely private and secure. 

The benefits of decentralized identity

Decentralized identity is a concept that gives back control of identity to consumers through the use of an identity wallet kept on a phone or laptop. A user can collect verified information about themselves in the wallet (like their driver’s license or passport) from certified providers such as the government, or ID verifiers like Onfido. By controlling what information is shared from the wallet to requesting third parties (e.g., when ordering alcohol online), the user is able to better manage their identity online and their privacy — for example, in this scenario they only need to present proof that they’re over 18. They don’t need to reveal their actual date of birth, address, full name, or any other information detailed on their ID. This replaces the old way of having to prove your identity with every single service provider. It benefits consumers as they choose who gets their data and can revoke it at any time. With a decentralized system, businesses no longer have to choose between security and customer experience and can reduce compliance costs. They don’t have to hold troves of personal identifying information about their customers, making them less susceptible to data hacks and making it easier to comply with data privacy laws like Europe’s General Data Protection Regulation (GDPR) or the California Consumer Privacy Act.

How does decentralized identity work?

1. Credential providers (like governments or Onfido) are able to verify any relevant information about an individual or organization and issue digitally verifiable credentials to that person.
2. People hold multiple digital credentials on their phone (through digital wallets like the one Airside provides) and accept or reject requests to share information with institutions (third parties).
3. Third parties request information from the consumer and receive digital credentials that they can trust (which the consumer can revoke at any time)

What do decentralized identity companies do?

Decentralized identity companies develop and implement solutions that enable individuals to have greater control over their personal identity information. They leverage technology to create secure, privacy-enhancing, and user-centric identity management systems. These companies facilitate the creation and verification of digital identities, develop self-sovereign identity frameworks, provide authentication and authorization mechanisms, contribute to interoperability standards, develop user-friendly identity wallets, and integrate decentralized identity solutions into various industries and sectors. Their goal is to empower individuals with control over their data while establishing trust and security in digital interactions.

What is federated identity management? 

Federated identity management belongs in the world of Identity and Access Management. Often the purview of companies like OneLogin or Okta, federated identity allows authorized users to access multiple applications and domains using a single set of login credentials. It links a user’s identity across multiple identity management systems so they can access different applications securely and efficiently. 

When organizations implement federated identity solutions, their users can access web applications, partner websites, Active Directory, and other applications without logging in separately every time. 

What does self-sovereign identity mean?

Self-sovereign identity refers to the concept and practice of individuals having full control and ownership over their digital identities and personal data. It is a decentralized approach to identity management that enables individuals to manage their identity attributes, selectively disclose information, and authenticate themselves without relying on centralized authorities or intermediaries.

In a self-sovereign identity system, individuals have the authority to create and control their digital identities, including the ability to store their identity data securely and decide who can access it. This empowers individuals to assert their identity and share only the necessary information when interacting with various entities such as service providers, governments, or other individuals.

Key principles of self-sovereign identity

User Control: Individuals have ultimate control over their personal data, determining what information is shared, with whom, and for what purpose.

Portability: Individuals can share their digital identities across different platforms, services, and organizations without being tied to a specific identity provider.

Security and privacy: Self-sovereign identity emphasizes strong security measures and privacy-enhancing technologies, such as encryption and decentralized storage, to protect personal information.

Interoperability: Self-sovereign identity systems aim to establish standards and protocols that enable seamless interoperability between different identity solutions, promoting compatibility and widespread adoption.

By giving individuals ownership and control over their digital identities, self-sovereign identity offers the potential for increased privacy, reduced reliance on centralized databases, minimized identity theft risks, and improved user experiences in digital interactions.

What’s the difference between decentralized identity and self-sovereign identity?

Decentralized identity and self-sovereign identity are closely related concepts, but they have some nuanced differences:

Decentralized identity:

Decentralized identity refers to the broader concept of managing identity information in a decentralized manner. It focuses on the distributed storage and management of identity-related data, enabling individuals to have control over their data and reducing reliance on centralized identity providers. Decentralized identity systems can involve multiple entities collaborating to establish trust and authenticate identities without a central authority, and can be used in various contexts, including both centralized and self-sovereign identity scenarios.

Self-Sovereign identity:

Self-sovereign identity is a specific approach within decentralized identity that emphasizes individual control, ownership, and agency over personal identity data. These systems are designed to empower individuals with complete authority over their digital identities, enabling them to manage their identity attributes, selectively disclose information, and authenticate themselves without relying on centralized intermediaries. Self-sovereign identity places a strong emphasis on privacy, user control, and portability of identity across different platforms and services.

In essence, decentralized identity is a broader term that encompasses various approaches to distributing identity information, while self-sovereign identity is a specific subset within decentralized identity that focuses on individual control and ownership of personal data. Self-sovereign identity can be seen as a more advanced and user-centric manifestation of decentralized identity, emphasizing privacy, autonomy, and individual empowerment.

Does decentralized identity run on blockchain?

Blockchain is widely hailed as a massive win for cryptocurrency companies to secure payments, and in some cases is used for voting. The asymmetric cryptography used to secure the data on distributed ledger technology (DLT) makes it both impenetrable and transparent. Some companies have used the technology to run decentralized identity solutions, but we don’t think it’s best suited for the reason Adam Tsao, founder of Airside points out here. In summary, it’s too slow, not private enough and consumers can’t control who has access to their data and cannot revoke it when they want to.

The future of decentralized identity

It seems like a privacy-focused, user-controlled way to verify identity is an obvious choice for everyone to adopt right? One thing holding up its mass deployment is that a number of countries have developed their own systems of digital identity. They are disparate, national schemes rather than systems that adhere to a unified standard or regulation. Finding something that works for every country and across borders is a greater challenge. 

Recently, Onfido acquired Airside, a company that can transform all passports and most US driving licenses into verifiable credentials stored on your smartphone. Its technology is compatible with both iOS and Android devices, can work across country lines, is compatible with all NFC-powered passports and US driving licenses from most states. Slowly we are breaking down the barrier to this technology and analysts expect massive adoption in the near future.

According to Gartner: “By 2026, 50% of smartphone users will frequently use one or more verifiable claims stored in their decentralized identity wallet.”

What is portable identity?

Portable identity is a similar term to decentralized identity, indicating credentials a user stores and controls on a mobile device they carry with them.

Gartner also had this to say about the future of portable or decentralized identity in their recent Market Guide for Identity Proofing and Affirmation (2022):

“Portable digital identity is the future: The requirement to demonstrate your identity or share specific identity attributes online repeatedly is inefficient and costly — when opening a bank account, when shopping, when accessing citizen services or when starting a new job. This approach clearly will not scale as we move into the future, especially as our digital lives — across services, mobile devices, connected homes and connected cars — increasingly rely on digital identity. Digital identity must be simple, secure and, ideally, portable.”