The premise of decentralized identity management is giving ownership and control of identity data to individuals and devices in IOT.
Likewise the premise of Web 3.0 is about moving away from centralized data repositories and siloed services, and creating a decentralized, interoperable internet, equipped with semantic data to facilitate IOT connectivity and automation.
Traditionally, digital identity has been maintained by organizations trusted to secure that information within their identity and access management (IAM) system. This model has revealed several shortcomings, including:
- organizations became subject to hacking
- organizations did not always handle the information in line with users’ wishes
- user information was scattered among many providers, increasing risk and user friction (how many accounts and passwords does the average person have)?
- users lack control of their own data, including the ability to revoke access.
A number of efforts have been made to address these shortcomings, including Single Sign On (SSO) and federated identity (through the likes of google, facebook and linkedin). However this is only a small step in the right direction, as it still facilitates a centralized model (just with less user friction).
In a decentralized identity model, identity data (name, address, age, birthday, gender, nationality, etc) is securely stored in an identity wallet. When a service provider needs to verify a user’s identity (or an attribute of their identity), it can authenticate against verified data in the wallet, providing the minimum amount of information possible to answer. For example, ‘is this person over 18 and therefore authorized to make this transaction’, the answer can be simply ‘yes’, rather than access their personal information ‘the person is 38 years old, born on 5/5/1984’.
This query and response is handled by ‘tokens’ so identity data is stored only in the digital identity wallet - not captured and stored at the other end of the transaction.
By limiting the data shared and having it stored with the individual, decentralized identity produces a significantly more private IAM option.
Benefits of decentralized identity
Decentralized identity and blockchain
Blockchain has received widespread attention for its ability to enable decentralized services, including decentralized identity. But using distributed ledger technology is just one approach.
At IndyKite we use an identity knowledge graph, coupled with a digital identity wallet to achieve the same goal.
Data is stored securely in the wallet, with tokens (similar to blockchains cryptographic private keys) used to authenticate and authorize.