DLT in Decentralized Identity

By September 25, 2017Blog, Hyperledger Indy

Guest post: Dr. Phil Windley, Sovrin Foundation

Since the dawn of the World Wide Web, we’ve been fixated on the concept of place. The entire language of the Web is about location: we visit Web sites using Web addresses. Consequently, it’s almost impossible for us to think there’s any other way. We build places where we expect people and machines (via APIs) to come, meet, and transact. The place metaphor leads to centralization. Facebook, Google, and Amazon are all places. The interactions on them are centralized and under the control of whoever owns the place.

Another way to think about online interaction is in terms of methods—ways of executing actions . Methods for interaction are called protocols. The Internet, domain name resolution, and email are familiar examples of systems based on protocols. Protocols define ways or methods for things to interact. They give the interaction a script, as it were, defining how an interaction plays out. “If you do X, then I’ll do Y.” “If you do X and then do Z, that’s an error.” and so on.

Protocols foster decentralization. By describing the method for interaction, a protocol gives anyone a way to participate. In addition, protocols naturally support interoperability and substitutability. Protocols are largely responsible for what Doc Searls and Dave Weinberger call the three virtues of the Internet:

  • Nobody owns it
  • Everybody can use it
  • Anybody can improve it

This contrast between place and protocol is evident in online identity. We treat identity as if it were something linked to a place. Every online identity you have was given to you by someone else.

This simple fact makes every online identity completely different from identity in the physical world where you exist first, independently, as a sovereign human being. In the physical world, identity emerges from relationships. Over time, humans have developed interaction patterns around how we identify ourselves to each other. In other words, identity in the physical world is a protocol.

Online identity systems are rigid and can only be used in the way their designers allow because places are prescriptive. In contrast, an identity protocol is fluid and flexible, supporting use cases the protocol designer never imagined. As an example, a protocol for identity could give rise to decentralized apps that let anyone share rides in their car without the overhead of a Lyft or Uber because the identity system would let others vouch for the driver or the passenger, independently, using a universally recognized standard.

How can we move online identity from place to protocol? A protocol for online identity would define how identifiers work and how anyone can create, manage, and exchange attributes and claims for those identifiers. A protocol for identity must be private, secure, interoperable, and open to everyone. The result is an identity network.

A protocol for identity relies on the combination of three important standards: decentralized identifiers (DIDs), verifiable claims, and a ledger that is available to all.

Decentralized Identifiers—DIDs allow anyone to create identifiers for anything. Furthermore, they are standard and interoperable. DIDs link to public keys and service endpoints. And because DIDs are pairwise pseudonymous to prevent correlation and preserve privacy, people will have hundreds or thousands of DIDs representing all of the various digital relationships to which they’re a party. These relationships might be with organizations they do business with, friends they interact with, or things they own.

Verifiable Claims—verifiable claims allow trustworthy assertions to be made about anything that has an identifier. Like DIDs, claims are standard and interoperable. Furthermore, they’re based on strong cryptography to bind the claim issuer, the claim subject, and the claim itself. Verifiable claims are combined with zero knowledge proofs for minimal disclosure. For example, when I need to prove to the bank that I’m employed by BYU, I don’t give them the claim. Instead I generate a proof—an incontrovertible certification of some fact—from the claim. The proof discloses only the information the bank needs. All this is done cryptographically so that no party to the transaction has any doubt whether or not the information is correct.

A Distributed Ledger—the ledger links a DID to associated keys and endpoints in a way that’s publicly discoverable. The ledger records information about claims (although not the claims themselves or any other private data). The ledger also supports claim and key revocation. The ledger is foundation for identity transactions.

A protocol for identity allows for ad hoc, decentralized online interactions that follow the patterns humans have developed for establishing trust in the physical world. This promises to unleash countless new decentralized products and services that will transform how people interact online. Joel Monegro wrote in his post on Fat Protocols:

By replicating and storing user data across an open and decentralized network rather than individual applications controlling access to disparate silos of information, we reduce the barriers to entry for new players and create a more vibrant and competitive ecosystem of products and services on top.

Moving online identity from place to protocol creates an open and decentralized network that reduces barriers to entry for new products and services that rely on identity to establish trust.