In Developing Blockchain Standards for the Decentralized Web, I wrote about 3 core use cases that will help operationalize Web3 in the coming years. Here I explore decentralized identity (DID) solutions and why blockchain interoperability matters. In my next article, I will focus on today’s regulatory landscape and how decentralized IDs are positioned to interoperate with current regulations like KYC, AML and GDPR.
Identity is a central part of everything we do. It’s a cornerstone of trust, reputation, and integrity in personal and business relationships both online and off. So, shouldn’t you have control over your own identity data?
Today most online services manage your identity data for you using siloed ID systems (IAM) or 3rd party identity providers like Facebook and Google which employ Federated (FIM) and Single Sign-On (SSO) solutions. You don’t own your data, they do. Worse, your user data is often centralized and ripe for getting hacked (e.g. Yahoo), neglected (e.g. Equifax), or woefully mismanaged (e.g. Cambridge Analytica).
Decentralized ID solutions offer a more private, secure, and disintermediated alternative to the status quo. Here are 3 decentralized ID solutions that show promise in interoperating with today’s organizations and tomorrow’s decentralized applications (dapps):
Blockstack is “a new internet for decentralized apps.” Its mission is altruistic, and its open-source software puts users’ identity data first. With dapps middlemen are removed and data transmission takes place directly between 2 parties, peer-to-peer. Blockstack built its dapp ecosystem around blockchain-based decentralized identity, where “any blockchain can be used, as long as it provides total ordering of operations (which all blockchains do), but the security and reliability properties are directly dependent on the underlying blockchain.”(1) This means that more robust blockchains can be swapped out as needed, or multiple blockchains can be used in tandem, so users can always rely on a system architecture that is decentralized, interoperable, and secure by default.
With Blockstack, “users can log in to apps and services by using blockchain-based decentralized identity  and save data generated by apps/services on storage backends owned by the user (instead of the service provider).”(2) So, you get to choose which data you want to share with other dapps and users, and you always have the option to revoke data access at any time. Furthermore, Blockstack enables users to store their fully encrypted, private identity and dapp data in the cloud, using existing services like Dropbox, Amazon S3, and Google Drive as redundant online backups that can never read users’ private data. In other words, Blockstack turns today’s model of identity management and user data profiteering on its head, securely restoring private data ownership to users instead of centralized service providers, where data theft has become all too common.
SelfKey is building “a blockchain-based self-sovereign identity system.” Self-Sovereign Identity (SSID) means that you, as an individual, own and control your identity without relying on external authorities. In this decentralized model, blockchains enable individuals and organizations to attest for each other’s authenticity without middlemen. Today SelfKey offers a bridge between current regulatory obligations like KYC and tomorrow’s decentralized identity ecosystems. In this phase, traditional identity verification documents (e.g. passports, drivers licenses, proofs-of-address, etc.) are digitized locally, secured in the Identity Wallet using public key cryptography, and verified by banks. While the SelfKey beta does not offer a fully self-sovereign solution today, where users do not need to depend on external authorities like banks, its roadmap shows promise for migrating organizations’ existing ID solutions into the decentralized future.
Upon roll-out SelfKey’s Identity Wallet will support ETH and ERC20 tokens, which could lower the barrier to KYC compliance for Ethereum projects and improve opportunities for broader interoperability. Additionally, a recent partnership with Uncloak, a UK cybersecurity firm that uses the EOS blockchain and AI to bolster IT security, could prove mutually beneficial. At this stage, SelfKey is fitting tomorrow’s decentralized identity goals with today’s regulatory requirements. This approach may appear more welcoming to organizations than individuals in the short-term, but SelfKey’s long-term mission is promising. I’m excited to see how this model compares with other DID solutions moving forward.
uPort is an “open identity system that allows users to register their own identity on Ethereum, send and request credentials, sign transactions, and securely manage keys & data.” uPort’s focus on interoperability between humans, businesses, applications, IoT devices, AI, etc. and other blockchains and identity networks is very forward-thinking. The uPort protocol is written to align with existing open standards consortiums like the World Wide Web Consortium’s Credentials Community Group (W3C). Working in collaboration with W3C and other open standards consortiums enables uPort to build foundational protocols and products like their Self-Sovereign Wallet, Connect, and Credentials, which give users control over their own data across Web 2.0 apps and Web3 dapps alike.
uPort’s focus on building a DID solution that works with both public and private blockchains also stands out. A persistent barrier to entry for many businesses, non-profits and individuals has been balancing privacy needs with the reality of public blockchains. Public blockchains like Bitcoin and Ethereum provide pseudo-anonymity, meaning that transaction data is obscured but not fully private. Since every transaction on a public blockchain is open to the world to see, it is relatively easy to deduce pseudo-anonymous transactions. Offering a DID solution that can interoperate between public and private blockchains holds promise for organizations and businesses of all sizes while putting user data privacy first.
Opening Up the Conversation
With blockchain buzz in the news every day, it’s important to understand where we are today, where we’re coming from, and openly discuss where we want to go in order to maximize the promise of decentralized applications. What strengths, weaknesses, opportunities, and threats do you see on the horizon for decentralized identity solutions?