The Evolving Role of Identity - So what's next?

The advent of web 3.0 and the change it brings is a hot topic in many different contexts. There are also varying definitions of what web 3.0 actually means so to begin with, let’s set some parameters. 

At Indykite, we are focusing on the rise of the semantic web based on machine readability and interoperability.  This will create a common framework that allows data to be shared and reused across application, enterprise, and community boundaries, while working as an integrator across different content, applications and systems.

Blockchain is often referred to in this context, however blockchain isn’t designed to support relationships and contexts in the same way. So while the semantic web will include and relate to blockchain technologies, it will not be dependent on it. 

Within these parameters, data relating to context and relationships has incredibly high value, which is why a conversation around identity becomes very important. 

There are many facets and layers to our identities; starting with basic information or even detailed descriptions but also including more complex factors, like contexts and relationships. This is true both in life and online. As the semantic web grows, linking information and data together will become increasingly important for effective access and authorization management. 

Role of identity 

Identity is foundational for establishing trust relationships, which are critical to the future of online interaction. The internet was never designed with an identity layer so there has always been a challenge of creating trust relationships with a high degree of assurance that the person, organization or thing is who they say they are.

To build this level of trust and assurance, we have traditionally used identity platforms and systems that employ either a centralized or federated model, with a new decentralized model on the horizon. 

Model 1 - Centralized Identity

Where each organization provided their users with an identity and the organization owned and managed all of the data related to that identity.  This was good for the organizations because they had full control.  Not so great for the end-users because they need to manage and remember hundreds of credentials.  

Model 2 - Federated 

A little more “user friendly” in that end-users could re-use their credentials at multiple organizations e.g Google credentials can be used to login to various online applications.  The downside to this is that the organizations now had a “man-in-the-middle” and most of the social providers did not offer high levels of assurance with their logins.

Model 3 - Decentralized Identity 

This new paradigm requires a trust model where the end-user owns and controls their identity data, where identity data is provided by multiple providers in the form of verifiable credentials.  When the end-user presents a set of claims to a service, that service needs to be able to verify that claim is accurate and issued by an authoritative source.

Illustration of graph models

The shift towards a user centric, decentralized model is natural in the current context of data breaches and the sharp rise in privacy awareness, as individuals recognise the value of their data. Users want more control over their information and who that information is shared with. 

Meanwhile, businesses want to decrease their exposure to possible data breaches, create an attractive customer experience and generate real business value from its Identity and Access Management (IAM) system. 

A decentralized identity model solves this with greater privacy controls that can manage and understand complex relationships between attributes and entities. This is helpful now but crucial for the future with consideration to smart objects, bots, digital twins and identity ecosystems. Further, businesses and customers can benefit from smarter, faster authentication and authorization, with a dynamic system able to understand connections between services and between people. 

Consider the current process to collect a registered parcel at the local post office for a family member. Existing identity systems are unable to provide power of attorney services, so the person is expected to produce both their own and the parcel owner’s ID documentation. 

An identity and access system that utilizes a decentralized model, can understand relationships between people, as well as systems and things, while offering a high level of assurance is what the future of identity must look like. So, in theory, with a simple click in an app, your representative could collect that parcel for you. 

At IndyKite, we believe this can be achieved through graph technology. Graph has a unique ability to understand dynamic and complex relationships and manages data in a more natural, intuitive way, giving context to otherwise meaningless data. 

Our next webinar will focus on exactly this topic - Connected dots: Graph Data for Digital Identity, where we will demonstrate how it works and why more and more businesses are embracing graph technology and decentralized identity management. 

Sign up for it here! 

Subscribe Icon

Keep updated

Don’t miss a beat from your favourite identity geeks 🤓

Trusted Onboarding and Verification

Proofing and Verification (KYC)

Integrate proofing and verification services with verified attributes, facial matching and biometrics, liveness checks and NFC id document scanning.

Trusted Authentication

Strong Authentication

Perform strong authentication with 3rd party authentication services (including biometric) services to enrich the user authentication journey and flow. 

Knowledge Based Access Control (KBAC)

Knowledge Based Access Control (KBAC)

Leverage the power of the knowledge graph to perform Dynamic Authorization - interrogating the continuously changing context, allowing for more advanced authorization use cases.