A Beginner’s Guide to Decentralized Identity
With so much data stored via centralized entities, its time for firms to upgrade their security. Here 4 considerations for companies looking to switch to an decentralized identity solution.
- Given the various hacks over the last decade, data security has become crucial for any fast-growing business.
- The bounty for providing the most secure platform has, however, created dearth of innovation, making it difficult to identify the top solutions.
- Here are the top 3 decentralized solutions and how they are ranked.
Share this article
Many leading companies within and throughout the blockchain space are ramping up their efforts to decentralize user identities. Though promising, users are now faced with many different decentralized identity solutions and may not know which one to pick.
In the following guide, Crypto Briefing will introduce readers to decentralized identity (DID), the leading projects in this sector, and a framework for choosing the best solution.
Instead of a centralized issuer and storage, DID solutions spread out the issuance and storage of information that make up an identity across various entities.
This information could include a user’s height, weight, eye color, favorite Spotify playlists, and even social security number. Decentralized identity solutions are very comprehensive and sometimes offer incentives to attract new users, similar to how airline mile points can be earned for signing up for new credit cards.
Unfortunately, centralized solutions trade security for convenience. It only takes a short Google search to learn about all the various data breaches around the world. Just a small vulnerability in a website’s front end can lead to total catastrophe. What’s more, users are powerless to protect themselves from these breaches.
Hackers can then use the personal information gathered from these attacks for further gain. In an ever-digitizing world, just a few pieces of key information can quickly lead to identity theft or worse. Using decentralized iterations of these services is oftentimes far more secure.
Here’s how they work using blockchain technology.
Instead of storing your personal information on a single server, blockchain technology encrypts this data and spreads it across multiple nodes. Usually, this encryption comes in the form of a two-key password called a private and public key. The only way to access the personal information in question is by matching the two keys.
The personal key could be a string of hard-to-remember numbers and words or even biometric data, like a fingerprint or a user’s face. Conversely, the public key could be a larger organization that is tapped into the public blockchain network. Not all identity solutions work in this precise manner; the above is a simple explainer to introduce the idea. There are many variations of the same throughout.
No matter the variation, a DID-enabled interface could be very similar to common interfaces today. The key difference, however, is how that data is stored and protected. Applying military-grade encryption technologies to data security also opens more use cases for what can and should be stored in these kinds of networks.
The value of the information in question cannot be denied. When Equifax, one of the United States’ largest credit reporting agencies, was hacked in 2017, the fallout was enormous. But there have been other breaches involving hospitals, insurance companies, and massive social media sites.
Thus, the demand for making these platforms more secure is lucrative.
That’s why so many decentralized identity solutions have since entered the market. These days the top solutions come from Ontology, Sovrin, and Bright ID.
The Decentralized Identity Market
Let’s take a look at three major decentralized identity projects for comparison.
The Sovrin network is an open-source solution for managing digital identities online.
Governance is handled by the Sovrin Foundation and the Sovrin Trust Framework, and dozens of organizations help support the network by running validator nodes and handling consensus.
Sovrin enables selective disclosure of the information using zero-knowledge proof cryptography, meaning users can reveal specific aspects of their identity profile (such as date of birth) while omitting others. This form of disclosure helps prevent identity theft by keeping non-pertinent information encrypted.
Sovrin predicts that trillions of DIDs will soon exist for various purposes and claims that its network can scale to this level as it does not use a consensus protocol to create an immutable blockchain, significantly reducing the load for validators. The network uses two rings of nodes (validator and observer nodes) and light cryptographic proofs called “state proofs,” which can be processed on more basic devices such as smartphones.
The architecture Sovrin has built is impressive and effective, but not without its drawbacks. While open-source, Sovrin uses a permissioned blockchain ledger for its network, meaning not just anyone can access the network. This solution is not fully decentralized and is less censorship-resistant than the other solutions listed below. Sovrin validators or “stewards” could, in theory, collaborate to block users or censor information, a potential point of failure for a decentralized identity solution.
The fact that the blockchain is not immutable leaves the data vulnerable, in theory, to being edited or erased.
Ontology – ONT ID
The Ontology offering is a permissionless Layer-2 solution that can be implemented on any blockchain. It follows the strict World Wide Web Consortium (W3C) implementation standard for DIDs. The W3C is the governing body of standard-setting for the entire Internet.
Like Sovrin, ONT ID also supports Zero-Knowledge Proofs (ZK-Proofs).
Selective disclosure is a highly effective privacy-preserving technology. It can be instrumental when dealing with sensitive data. Protocols that use this technology let users share only the most essential data needed within an operation. This creates a secure, digital-first environment for many day-to-day needs.
For instance, if a user needs to share her identity to verify concert tickets, she can use the ONT ID service to only share her first and last name. Any other data such as date of birth or social security number would not be disclosed. This adds to ONT ID’s privacy-preserving abilities.
Moreover, what gives ONT ID an edge is that it comes bundled with a suite of mutually compatible services.
Complementary Ontology solutions that are live right now include:
- ONT ID System, which provides a decentralized digital identity framework.
- DDXF (Decentralized Data Exchange Framework) provides a way of exchanging business information or any other data type in a decentralized manner through tokenization.
- OScore, which provides credit and reputation scoring calculated based on a user’s ONT ID.
Partnership-wise, Ontology has partnerships with one of the world’s leading car companies – Daimler, credit scoring projects, freelance employment organizations, Microworkers, and cross-chain aggregators.
BrightID is a social identity network aimed at reducing spam and increasing the fairness of online interactions. Network users share data and sign that data with cryptographic keys. Doing so creates sovereign digital identities which other users can verify to create a community of trusted participants.
IDChain, an Ethereum-based proof-of-authority blockchain, powers the graph. In essence, the network will analyze user activity and identify people with unique connections to each other. Users can form their own trusted sub-network of people they’ve interacted with, and the more a user interacts with this network, the stronger their verification process becomes.
Should enough people use the network, it would be possible to greatly reduce spam and bad practices from anyone using fake online profiles on social media. While the underlying technology is sound, Bright ID verification methods focus on humans verifying other humans, meaning that there needs to be a critical mass of users early on, making the goals of BrightID perhaps less feasible than those of Sovrin and ONT ID.
However, the project already has a solid foothold in the DApp space, with partners like Aragon, Giveth, Gitcoin, and 1Hive already voicing their support.
There are many other competitors beyond the three mentioned in this guide. Still, each solution should outline the benefits they provide to meet your specific needs. Here’s a summary of what to look for:
- The W3C stamp of approval.
- Interoperability between decentralized and centralized entities.
- Privacy-preserving technologies.
The more robust the decentralized identify solution one uses, the safer one’s personal information will be.
And just as this decades data breaches have shown: Trust takes years to build but seconds to be destroyed.