Identity and control of personal identity is top of mind, given recent events as well as the European Union’s General Data Protection Regulation (GDPR). A lot of our identity is shared without our explicit consent, gets stored in locations we are unaware of, and when compromised creates tremendous setbacks. Almost everything we do in the digital world is user name and password driven. With decentralized identity, you reduce risk by associating credentials typically used for in-person interactions, as instruments for virtual interactions where it is difficult to verify who or what is on the other side of the screen.
Offline, in-person identification is also riddled with fraud as people falsify and use expired documents which puts everyone at risk. Decentralized identity enables more secure and trusted exchanges of identity in the physical world.
IBM has made some recent announcements over the past few months regarding the vision and recent activity in this identity space, and we are working with partners to shape our focus on trusted identity solutions. Listen to my recent podcast, where I talk about where identity is going and how blockchain and emerging identity networks are driving change. I also get into some of the business and legal aspects that are essential in transforming identity explained in this video.
Imagine a new way
Imagine applying for a loan and quickly being vetted by banks by only sharing the information that is pertinent, removing the majority of manual verification. This would reduce costs, and the application time from weeks to days.
Imagine going into a new country and becoming ill due to something you ate and being able to receive healthcare at a local clinic because you are able to identify yourself with a globally accepted identifier. You are able to provide not only who you are, but also your medical history so physicians know exactly what medicine to give.
Imagine going to a bar where all that is required is a credential from the DMV, which indicates only that you are over 21 and a photo ID. You don’t have to provide unnecessary information such as your address or exact birthdate.
Imagine data controllers and enterprises that can mitigate the liability of holding personal identifiable information, by only requesting the required information to establish trust in a relationship. GDPR will require these data controllers to justify why the information is being collected and for how long it needs to be held. Decentralized identity allows data controllers to remain relevant and meet regulation requirements as data privacy becomes further regulated.
Imagine replacing your physical wallet with a digital one, for online and offline interactions. This digital wallet sits on devices at the edges of the network, such as your phone and laptop. You control where credentials get stored and have the ability to manage them with your devices. Trusted, known issuers within the identity network cryptographically attest and issue credentials directly into your digital wallet. You can then control what pieces of information are shared about you, who it is shared with, and only with your explicit consent.
The advent of blockchain technology, along with various public breaches in identity, has created an opportunity to transform how relationships between people and institutions are established and maintained.
Blockchain enables point-to-point cryptographic exchanges of identity at the edges of the network, at the devices. If a world existed where individuals controlled their identity, the creation of digital certificates would not be at scale with public key infrastructure (PKI) rooted within certificate authorities.
As key generation sits with identity owners in a decentralized PKI model, rooting trust will require a web of relationships with the ability to scale, blockchain provides immutability of identity owner and key relationships, instilling that trust in every relationship.
How and what information is provided is also critical. Blockchain enables the ability to share the minimum amount of information while still ensuring trust in all these possible relationships.
Establishing the foundation
Before we can imagine this new world, identity networks need to be established. A critical component in these early days is making it easier for individuals and organizations to participate in a capacity that meets their identity needs.
In the same light, business and legal components need to accompany technical roadmaps from the onset. Business in a digital era will require collaboration in three facets, and IBM is establishing the foundation of identity networks by focusing on these areas:
We use multiple identity instruments many times per week without much thought and, for the most part, college students are a great example of identity consumers. Students typically use a single identity document for many daily functions such as food service, dorm entry and exams, and event participation registration. Next-level student identification IBM has teamed […]
Several years ago, the Sovrin vision was introduced using a dot metaphor to describe a future whereby individuals would be able to take back control of their identity and participate at a peer-to-peer level with their online and offline relationships. Today the landscape of supporting open communities — network, code and standards — to achieve […]
Imagine a world in which you always have peace of mind that your personal information is safe. Imagine a world in which your information cannot be shared without your clear, explicit consent at the time of the transaction; where you decide who can access what information, when, and for how long. In this world, you […]