Identity management is a crucial area for governments and businesses. Traditionally, they have relied on centralized forms of managing user IDs. However, over recent years, decentralized identity has emerged as a truly revolutionary way of managing access to many services and platforms.
Decentralized identity introduces the concept of user-owned IDs, something that may become a hard pill to swallow for many governments and large businesses.
What Is Decentralized Identity (DID)?
Decentralized identity (DID) refers to a system of identity management for people, organizations, data, apps, and more, via the use of decentralized ledger technologies (DLT), typically blockchains. DID is an emerging concept and has been making its first steps towards wider acceptance only in the last few years.
A key feature of DID is that user identities are self-owned, i.e., belong to the individual or organization, via secure storage on a blockchain platform. This is in stark contrast to the more traditional identity management modes, where your ID might be owned by the organization that issued it.
For example, an ID such as your Gmail account is technically owned by Google, not you. The same is true of government-issued IDs, i.e., they remain in the possession of the issuing government.
The traditional vs blockchain-based ID (Source: Deloitte.fr)
What Are the Main Identity Management Types?
The three main ID management types are:
- Centralized ID
- Federated ID
- DID
Developing DIDs is an attempt to move away from the more traditional ID types – centralized and federated.
Centralized ID
This is the most common ID type, familiar to every person who has ever dealt with any subscription-based website or email provider. Centralized IDs are issued, owned, and stored by one issuer. They are used to access specific services provided by the issuer but cannot be used with other service providers.
Examples of centralized IDs are login credentials used to access email accounts or specific websites. For example, a login for the Amazon website gives you access only to Amazon. Centralized IDs are owned by the issuer, Amazon in our example, never belong to you, and may be revoked by the issuing organization if they decide to do so.
In general, centralized IDs leave you largely at the mercy of the ID issuer. If Amazon decides to terminate your account based on their subjective evaluation of your actions, your ID is gone. In fact, at least in theory, it might later be re-issued by Amazon to another user.
While Amazon is not known to practice such ID “re-use”, mobile carrier providers in many countries are notorious for employing it. A mobile number issued by a carrier to you is a form of centralized ID. In many countries, if a mobile number is not used for a long period of time, it may “expire,” and later on, it may be reassigned to a new customer of the carrier.
Federated ID
Federated IDs are typically issued by one provider but may be used to access multiple services, all of which are normally linked to the issuer. For example, a single login credential on Google may be used to access Gmail, YouTube, Google Office, and a number of other digital products of the company.
Federated IDs are also extensively used in the government sector. In many countries, one government-issued ID number might be used to access a number of different services provided by separate government departments.
While federated IDs are more convenient than centralized IDs, they are still issued by one entity and do not belong to the user.
Typically, the range of services and platforms unified under the same federated ID all belong to the same company, group, or government. You are unlikely to be able to use your Google ID to log in to services provided by Microsoft or Facebook.
What Are the Advantages of Decentralized Identity Over Centralized and Federated IDs?
Decentralized identity offers a number of promising advantages, mainly stemming from it being based on DLT technology. The key ones among these include:
- ID ownership by the user
- Convenience of accessing a wide range of platforms and services
- Secure cryptographic storage on the blockchain
1. ID Ownership by the User
This is by far the most important advantage of DID. Unlike earlier forms of ID management, there is no issuing authority that controls your ID. Users create their own DIDs on blockchain platforms, registering their addresses and wallets on the network. Then, they could use the ID, which will remain in their procession in the decentralized, independent format.
ID ownership by end-users is a truly democratizing step in the overall blockchain technology’s roadmap. While centralized and federated IDs may be cancelled at the whim of the issuer, the DID system helps avoid such a scenario.
For example, the world’s largest social media platform, Facebook, is notorious for applying censorship and terminating accounts based on its own subjective evaluation of a user’s activity on the platform. Many users have lost years of accumulated contacts, content, and data because Facebook deemed their actions “inappropriate,” terminated their accounts, and duly appropriated the user’s ID on the platform.
Under the DID system, the user’s loss of access to Facebook would not lead to the loss of the ID as well, since one unified DID would be used to access the platform. That is, of course, if Facebook would not take a hostile stance towards the use of DIDs on its platform in the first place.
2. Access to a Wide Variety of Services and Platforms
A unified DID would open up access to a wide range of services and platforms, at least in theory. That is what the current proponents of DID hope for.
While centralized ID allows access to one resource, and federated ID helps access typically no more than a few resources, DID is envisioned as one identifier to access nearly all services, across both the business and government domains.
How realistic this expectation is remains to be seen. However, blockchain’s ability to provide unified secure access to a wide variety of entities makes universal access a possibility.
3. Secure Decentralized Storage
Blockchain’s cryptographic security features ensure this advantage of DID. Loss of data held by a company or government in a centralized database may lead to the exposure of IDs held on the system.
This is much less likely to happen when secure, decentralized storage is used. Naturally, blockchains are not completely immune to hacking attacks. However, their security profile is typically better than that of centralized storage systems.
What Are the Disadvantages and Problems Associated With DID?
With the exciting prospect of owning the rights to your ID, it seems that the DID concept is perfect. However, even this quite democratic form of ID management has its drawbacks and serious impediments to implementation. The main ones are:
- The concept of one ID for all services alarms some privacy pundits. If that one DID is exposed somehow, your entire history of access to all the services and platforms may become public, or worse, get into the hands of cyber criminals.
- Resistance from businesses and governments who prefer the old way. This may become a real impediment to the implementation of DID. Many large companies and most governments are unlikely to be very excited about the possibility of end-users controlling their IDs. For centuries, governments have been used to being in firm possession of citizens’ identifiers. The DID concept turns that upside down. Thus, expect significant resistance to DID from the government and large business sector, at least during the initial stages of the DID revolution.
- Lower trust from and acceptance by the less technologically-developed users. The DID concept opens great opportunities for people who currently lack basic ID documents. It is estimated that there are more than 1 billion of these people. Many of these individuals are from rural or poor backgrounds. In many cases, this segment is less technologically-savvy and more distrustful of the digital world.
Thus, the very segments that DID might benefit the most may be the most distrustful towards using it.
Conclusion
DID is a new identity management framework which uses DLT technology, primarily blockchains, to give users back the control over their digital IDs. DID is radically different from the more traditional ID management types – centralized and federated.
While both of these traditional types keep the ID ownership with the issuer, DID places the ownership in the hands of the users themselves. DID may be used not only for individuals but also for organizations and other entities such as data pieces, apps, content, and so on.
DID’s main advantages include self-ownership, access to a very wide variety of services and platforms, and secure blockchain-based storage.
However, DID has some drawbacks and impediments to its implementation, at least in the initial stages of its development. A key disadvantage of DID is the reliance on one unified ID. If this ID is somehow compromised, the person’s entire history of digital activities may be exposed. The DID concept is also likely to meet resistance from businesses and governments used to traditional ID management modes.
While DID is a great concept in theory, it remains to be seen how quickly it can gather enough backing to become the world’s preferred ID management mechanism.