Evolution of digital identity and the Self-Soveriegn Identity model
The world has come to a juncture where digital identities have become a part of our day-to-day lives. If you’re not familiar with the term, a digital identity is what is used to identify an entity over the internet, in a specific context. This entity could be you, me, an organization, a device or even an application. When it comes to us, in the present circumstances it could be our Facebook login, Twitter handle or some username and password you gave to sign up to a random application.
Like everything else in the tech world, digital identity has also evolved over the years. Let’s take a quick look at these identity models which depicts the relationship between the different entities involved in digital identity.
- The Centralized Identity Model
This model can be explained as the most basic and the first model of digital identity. The centralized identity model is something that is being used to identify entities in the digital world as well as the the non-digital world.
For example, when you go to a library to get a membership, the librarian will issue you a membership card with an ID. And this is what you will use to identify yourself within the confines of the library everytime you borrow or return books. But you can’t use your library card to identify yourself to a police officer when they stop you for speeding. For the police, or actually the government, the valid form of identification is your National Identity Card . If the offense is related to driving, the police officer may need to identify you by your driving license which is another identity provided for you in the context of driving.
So in simple terms, in this model separate centralized organizations govern their users’ identity in their own context. In the digital world this could again be similar to you having an account in an application like Medium.
Eventhough this model suited the early days of the internet where less number of people and service providers were available online, with the advancement of technology, the disadvantages of the centralized model came to light, such as,
- Users having to remember multiple sets of credentials for all the applications they have accounts on.
- Users’ personal details being available in organizational databases without the users’ control.
- The centralized user databases being subject to massive data breaches.
Even with these concerns, the centralized identity model is still being used by many service providers.
- The Federated Identity Model
To provide solutions to some of the concerns posed by the centralized identity model, the federated model was introduced. Here, an identity provider acts as the middle man between the entity and the organization which manages the users’ accounts.
The “Sign in with Google”, “Log in with Facebook” buttons you see on the signup forms of applications is the best real world example for identity federation. Here, the user’s account which is already available in Google or Facebook is used as a form of identity to gain access to the some other service. In this situation, the user does not have to create a new account in the application thus reducing the number of credentials the user has to remember. In addition to this, Identity and Access Management solutions also exist which supports this federated identity model for large organizations.
But, the federated model still does not solve all of the concerns associated with the centralized identity model.
- An identity provider can still be a central location with users data, and can be a victim of data breaches.
- A single identity provider which can provide access to all applications over the internet doesn’t exist and therefore, the users will again have to use and remember credentials to multiple identity providers.
- Users’ data will still exist in a remote location which is out of the user’s control.
These are just some of the concerns associated with the federated identity model which led to the introduction of the self-soveriegn identity model.
- The Self-Soveriegn Identity (SSI) Model
With the disadvantages associated with the centralized and the federated identity models due to the centralization of data in an organization or an identity provider, the need for a decentralized identity model was evident.
This gave way to the introduction of an identity model which does not rely on user accounts, as did the previous two identity models we discussed. So how is a user’s identity verified by another party without having a user account?
To answer this question, let’s first take a look at how identity works in the real world. In the real word, we have our own specific identity. We are identified by our name, NIC, address, age and many other identity attributes. This information belongs to us and doesn’t change based on the context. For example, regardless of whom or which organizations you interact with, these details about you will not change. You can decide whether you want to share this information with an outside party whenever you want. And also what information you share and what you don’t want to share with a specific organization is solely up to you.
What if we introduce a similar identity model to the digital world? Since you, the user has control of their own identity information, the data of multiple users won’t be stored in a central location subject to data breaches. The user will have the complete control of their own identity information and they will not have to remember different credentials to interact with different organizations. These are some of the advantages we would gain from such a model. Isn’t it evident that this concept would actually solve most of the problems associated with the previous identity models?
This decentralized model is what later came to be as the self-soveriegn identity model, giving true meaning to it’s name. As the name implies, the model consists of independant peers without any account based control in their relationship. Each user or peer is connected to another peer which could be anything including a person or an organization. Neither owns the relationship or controls it, but each peer has the ability to let go and end the relationship or continue based on their preference. This makes the user the owner and the controller of their own information thus ensuring privacy, security and control of their data.
This is just the foundation of self-soveriegn identity. But from this basic information itself it’s no doubt that SSI will revolutionize the concept of digital identity in the future.
Stay tuned to find out more about Self-Soveriegn Identity and the role of blockchain in SSI in my next set of blogs!
Reference
Der, U., Jähnichen, S. and Sürmeli, J., 2017. Self-sovereign identity $-$ opportunities and challenges for the digital revolution. arXiv preprint arXiv:1712.01767.
Tobin, A. and Reed, D., 2016. The inevitable rise of self-sovereign identity. The Sovrin Foundation, 29(2016).
Preukschat, A. and Reed, D., 2021. Self-Sovereign Identity: Decentralized Digital Identity and Verifiable Credentials. Simon and Schuster.
