One of the core tenets of Bitcoin and cryptocurrency is decentralization. The decentralized Bitcoin network can never go down so long as it remains decentralized across the thousands of nodes.
Blockchain is ushering in a new generation of decentralized services, designed to maintain network security, privacy, and more. But what about your identity? What if you could decentralize your identity so that criminals could not steal it and use it fraudulently?
Blockchain identity management is coming. Here’s how it works.
What Is Decentralized Identity?
Decentralized identity (commonly abbreviated to DID) is a way of replacing common identifiers, such as your email address or username, with a personal identity rooted in blockchain technology. The base idea of a DID is to protect the privacy and security of the individual in an age where breaches and intrusion are all-to easy.
Decentralized identities are anchored by blockchain IDs linked to zero-trust datastores that are universally discoverable
A decentralized identity, then, is under the full control of the DID subject. It has no single link to a centralized registry, identity provider, or certificate authority. Furthermore, a DID can contain multiple identification documents, each of which can carry a specification on how a service may use it.
Identity ownership isn’t a new concept. The idea of a “self-sovereign identity” is well established. People can store their identity on a personal device, provide it when required and without having to rely on a central database.
How Does Decentralized Identity Work?
The basic premise of a decentralized identity is that you create and control your ID on a blockchain. Once you create your ID, it lives on the blockchain, cryptographically tied to you. So long as you control the cryptographic keys linked to your decentralized identity, you remain in control.
Decentralized identities participate in an interconnected yet decentralized network of identities. There is a key switch in the management of online identity. The current system relies on constant authentication and access management. Whereas a decentralized identity system relies on attestations—that’s other entities verifying your identity and continuing to endorse it.
An easy way to visualize decentralized identity is by using the example of moving to a new country. On arrival, you have to register and sign-up for countless services: drivers license, voting, tax, insurance, your kid’s schools, dentists, doctors, and so on. It’s an overwhelming process that requires you to constantly verify your identity to a series of often interlinked agencies.
Instead, you provide and verify your identity with a decentralized identity service (more on these in a moment). The decentralized identity service ties into a trustless ecosystem involving each agency. The various agencies and services can make a claim for your identity, and the decentralized identity service provides verification.
Because your credentials store in a blockchain, they are immutable, tied directly to you.
“Once a decentralized identity is legally established, it can be verified by enrolled service providers within the ecosystem for granting access or conducting transactions,” explains Homan Farahmand, research director at Gartner. “For this model to succeed, you need a public but permissioned immutable fabric to store proof of identifiers cryptographically. A practical way to implement an ITF at the moment is through blockchain technology because it provides a decentralized and reasonably secure way to store and verify the proof of identifiers for identities (and their profile attributes).”
A DID Document Example
The Decentralized Identity Foundation (DIF) and W3C are working hard on creating DID standards. Within the DID standard are Decentralized Identifiers and DID Documents. The following examples come from the W3C Decentralized Identifiers document. A basic DID Identifier might look something like this:
The line of data declares a user identity and the associated public key (allowing someone to encrypt a message for the user). It can also link to a DID Document, which contains more information, such as the services that may interact with the user. A DID Document might look something like the following example:
The DID Document references the service attempting to access the identity, the reason, the owner, and the public key.
What Is the Microsoft Identity Overlay Network?
Microsoft made waves in the blockchain world after announcing the Identity Overlay Network (ION). ION is one decentralized identity network built on top of the Bitcoin blockchain that allows “tens of thousands of operations per second.”
In conjunction with the Decentralized Identity Foundation, Microsoft plans ION to bring the network capacity a fully functioning decentralized identity service requires to the world, while remaining both scalable, secure, and importantly, decentralized.
“We believe every person needs a decentralized, digital identity they own and control, backed by self-owned identifiers that enable secure, privacy-preserving interactions. This self-owned identity must seamlessly integrate into their lives and put them at the center of everything they do in the digital world.”
ION uses a Layer 2 Bitcoin protocol known as Sidetree. Instead of working directly on the sometimes-clunky Bitcoin blockchain, Layer 2 protocols work on top of it. This way, a Layer 2 protocol can perform rapid transactions in-network before writing the results to the Bitcoin blockchain. Another Layer 2 protocol example you might know is the Lightning Network. Sidetree isn’t a DID method. But it does allow the creation of DID methods on the Bitcoin network.
The Microsoft Decentralized Identity white paper explores how the decentralized identity system will work in practice, breaking it down into seven layers:
- W3C Decentralized Identifiers: Users create and manage their globally unique IDs. DIDs link to Decentralized Public Key Infrastructure (DPKI) which contains a public key and other authentication data.
- Decentralized systems: DIDs use blockchain technology in conjunction with DPKI, allowing DIDs to feature in a wide range of services as well as being blockchain agnostic.
- DID User Agents: The applications allowing users to identify with a DID, like a DID wallet.
- DIF Universal Resolver: Servers providing a standardized method of lookup and resolution for DIDs.
- DIF Identity Hubs: A mesh of encrypted personal datastores, comprising cloud and edge instances that contribute to identity data storage and identity interactions
- DID Attestations: Enable identity owners to manage identity claims, forming trust in the system between users and services.
- Decentralized apps and services: DIDs pair with Identity Hub datastores (#5) enabling the creation of new apps and services.
Blockchain Identity Management Is the Future
Microsoft isn’t the only major tech company developing blockchain identity management tools. As we often see in the blockchain space, IBM is also spearheading the development of a range of decentralized identity tools, too. IBM Verify Credentials is currently in alpha; you can try their DID tutorial, too.
Not only that, but PayPal made a serious investment in Cambridge Blockchain, a startup focusing on decentralized identity management. A PayPal spokesperson told Forbes that “We made an investment in Cambridge Blockchain because it is applying blockchain for digital identity in a way that we believe could benefit financial services companies including PayPal.”
Strong words that provide a clear indicator that blockchain identity management is on the horizon—even if it is a little confusing at the moment. Still, it is another step toward reclaiming privacy, illustrating how blockchain can pave the way for a truly decentralized internet.