Trust, Authentication, and Cooperation

The challenge of establishing trust and authenticating the credentials of individuals or organizations has deep historical roots. In any collaborative endeavor involving individuals or entities, mutual knowledge about each party becomes imperative. However, acquiring this knowledge and validating it presents distinct challenges. While gathering information is a straightforward task, authenticating that information requires placing trust in the source of that information or a trusted third party who can vouch for their claims.

In a world characterized by localized economies, this process was relatively straightforward, as people within communities were well-acquainted with each other. However, as individuals began to cooperate beyond the boundaries of their immediate communities, the necessity for third-party authentication became apparent. For example, during medieval Europe, heralds were entrusted by all parties to validate the names, lineage, and other qualifications of knights. With the emergence of modern nations and the expansion of global trade, the task of establishing trust grew more challenging, necessitating authentication methods that could transcend geographical boundaries. Paper certificates filled this role, as people collectively agreed to place trust in these documents when signed by a reputable authority, such as a government or university. The trust in these documents, like passports and driver’s licenses, relied on the issuing entity’s commitment to ensuring that no misuse of the documents or a holder’s identity occurred.

In today’s digital landscape, these traditional documents face significant challenges in terms of online and offline authentication, particularly with the possibilities that lay in artificial intelligence. These authentication documents were designed for a paper-based world and worked well in those boundaries, much like how horse-drawn chariots served their purpose during Roman times. However, in today’s digital world, they have many limitations:

• Paper-based documents offer limited proof of identity; they are challenging to digitally verify and, paradoxically, susceptible to fraud.
• Assertions about an organization or individual are equally static and hard to update over time.
• Privacy of those assertions is binary. Either you are able to see the whole document, including information that is not necessary for the transaction, or you can’t see anything. There is no middle ground.
• These identity documents are controlled by the issuing authority, not by the entity it identifies. If this authority becomes “unavailable” for any reason — such as during a time of war or revolution — individuals may find themselves unable to verify their identity or qualifications. If the institution that certified an individual goes bankrupt, who will validate their credentials? Relying on the continued existence and credibility of the issuer places a significant burden on individuals.

New technologies are emerging to displace these old systems. While traditional documents inspired trust, digitalization provides the opportunity to create new threads of trust. A decentralized model for identity, known as Decentralized IDs (DIDs), coupled with Verifiable Credentials (VCs), offers a near-seamless method for automatically verifying claims about individuals, organizations, and even commodities.

What Are DIDs?

The concept of self-sovereign identity is not new. As the digital world expanded, the need for a privacy-focused, user-controlled identity system grew apparent. About seven years ago, a group called IIW^[1] began exploring the use of blockchain for identity purposes, leading to the creation of the concept of DIDs^[2]. The World Wide Web Consortium (W3C)^[3], the organization responsible for maintaining the web’s structure, recognized the importance of introducing an identity layer to the internet — a missing piece of the puzzle. Consequently, DIDs emerged as a standardized solution.

DIDs represent a paradigm shift. They herald the end of identities controlled by centralized entities. With DIDs, users become the true owners of their digital identities, holding the keys to their personal information in the vast realm of the internet. DIDs revolutionize not only ownership but also the way we manage, represent, secure, and utilize our identities. They introduce a new approach to privacy management and provide a fresh framework for personal and business interactions on a global scale.

So, what precisely are DIDs? They are a novel form of identifier that enables verifiable, self-sovereign digital identities. They are entirely under the control of the DID holder, independent of centralized registries, authorities, or intermediaries. Think of a DID as your digital fingerprint, operating like an exclusive keychain. Traditionally, whenever you needed access to a place, such as a website, you received a key or password from a key provider, like Facebook. Now, envision having a universal keychain where you possess all the keys, and no one else can duplicate or confiscate them. This is the power of DIDs — a universal keychain for the digital world.

The DID architecture comprises a universally unique identifier generated in a decentralized manner, along with the following components:

• DID Documents: When discussing a DID, one is often referring to a DID document. This document, akin to a personal profile card, contains information about the DID, including public keys, authentication protocols, and service endpoints.
• DID Methods: Similar to how different countries have distinct rules for issuing passports, various systems have their own rules governing the creation, retrieval, modification, and deactivation of DIDs. These “countries” and rules are delineated in DID Methods, tailored to each registry system which can be a blockchain or other decentralized system.

• Verifiable Credentials: Using a library card as an example the VC not only confirms your identity but also maintains verifiable information, such as your borrowing history, one can hold verifiable credentials referring to a DID. These credentials provide proof of specific claims, such as “has never lost a library book,” without disclosing all the details.

Own Your Identity

In prior identity models, your identity belonged to the issuer, whether an organization (such as your workplace), a government (as indicated in the fine print of your passport), or an identity provider (e.g., Google). In the self-sovereign realm, individuals assume control over their identity identifier, which they create themselves. The decentralized network ensures that the ID remains universally unique and immutable.

A Decentralized Identifier (DID) consists of a unique combination of numbers, letters, and symbols that can be validated to confirm your identity in both digital and non-digital realms. With your DID, individuals or entities can issue Verifiable Credentials (VCs) to acknowledge your status, whether it’s ownership (e.g., a land deed), achievements (e.g., a degree), health status, or even personal information like your name and age when needed for verification.

Consider this scenario: Joe works for an organization promoting educational equality. The organization offers a scholarship to Alia if she can prove her enrollment in a university. Here’s how DIDs come into play:

Alia shares her DID with the university, which, in conjunction with its own DIDs, provides her with a VC confirming her student status. Alia can then share this VC without disclosing any additional information, and Joe can grant her the scholarship.

By using DIDs, our private information transitions from being owned and managed by government, university, insurance entities, etc., to being self-owned and self-governed. This transformation has a profound impact on our communication with others, introduces numerous new use cases, and provides a framework for easily verifying information.

Four Key Aspects of DIDs

1. ‍Empowerment through Ownership: When your data belongs to you, you are no longer subject to the control of a centralized party, such as the government. This holds significant relevance in today’s world, particularly for immigrants from conflict zones or unstable countries who often find themselves without an “identity” in new nations or when dealing with various aid organizations. According to the World Bank, an astonishing 1.1 billion people lack legal identity today, with far-reaching consequences, including limited access to healthcare, financial services, and vulnerability to human trafficking.‍
2. Eliminating Trust Costs: Trust, or rather the absence of it, takes a considerable toll. DIDs eliminate this cost by providing a verified, indisputable, and unalterable source of truth. For instance, consider the case of hiring a new employee with impressive credentials. To verify that her diploma is genuine and not created by an AI, traditional methods would require significant verification efforts and costs. However, with DIDs, her credentials can be readily and reliably verified.
3. ‍Privacy and Security: DIDs empower individuals to share only the information they choose, enhancing privacy. The robust identity verification and authentication mechanisms inherent in DID protocols mitigate the risks of identity theft and fraud, creating a secure digital environment.
4. ‍Interoperability: DIDs facilitate seamless integration across platforms and systems, enabling interoperability among diverse applications and networks. This fosters frictionless collaboration, drives innovation, and expands opportunities for all. One compelling application is an Environmental Product Passport that traces the environmental impact of batteries across the supply chain. Mavennet’s flagship product, Neoflow, exemplifies this, leveraging DIDs in collaboration with the US Department of Homeland Security to build traceability for energy.

Real-World Impact

DIDs are not merely a concern for tech-savvy individuals; governments worldwide are increasingly embracing these standards for their own identity programs. Here are a few examples:

• The US Department of Homeland Security (DHS) actively promotes Decentralized Identifiers (DIDs) to enhance identity management and document security. Through its Silicon Valley Innovation Program (SVIP), the DHS funds projects aimed at creating tamper-proof digital versions of vital documents like Green Cards. The plan is to incorporate DIDs and VCs into many identity documents issued by the DHS, such as passports and green cards.
• The European Union (EU) views DIDs as a means to achieve digital sovereignty and enhance data privacy for its citizens. Initiatives like the European Blockchain Services Infrastructure (EBSI) reflect the EU’s commitment to developing a pan-European model in which DIDs empower citizens to securely manage and share their personal data across various services, aligning with the broader goals of the EU’s Digital Identity Framework.
• In Canada, efforts are underway to explore digital identity frameworks that enhance transaction security and privacy. The Digital ID and Authentication Council of Canada (DIACC) and related organizations are laying the groundwork for a unified digital identity approach, with the Pan-Canadian Trust Framework (PCTF) setting guidelines. DIDs play a central role in discussions about creating a secure, user-centric identity ecosystem in the country.

Apart from governmental and individual identity use cases, standardized decentralized identity offers numerous other possibilities, including:

1. Refugee Identity Management

Millions of refugees worldwide lack official identification, making it difficult for them to access essential services, assert their rights, or prove their identity. By issuing DIDs to refugees, aid organizations can establish digital, verifiable, and enduring identities for each individual, enabling access to services, confirming family ties, and securely storing educational or professional credentials. DIDs ensure that a refugee’s identity is no longer contingent on a physical document susceptible to loss or destruction.

2. Land Rights and Ownership

In many developing countries, land ownership disputes arise due to poorly maintained, easily altered, or corrupt land registries. Integrating DIDs with a blockchain-based land registry system can irrefutably link land ownership to an individual’s or community’s digital identity. Such a decentralized system ensures that ownership records remain unchanged and legitimate, even in the face of local disputes or political instability.

3. Financial Inclusion

Over a billion people globally lack access to financial services due to the absence of formal IDs. Without bank accounts or credit histories, their economic potential remains untapped. DIDs enable financial institutions to onboard individuals lacking traditional identification, with digital IDs also recording financial behaviors. This allows people to build credit histories, access loans, and other essential financial services, fostering economic growth and empowerment.

4. Privacy-Preserving Voting

Eroding trust in voting systems has become a global concern due to fears of tampering, fraud, and voter disenfranchisement. DIDs have the potential to revolutionize voting by providing each eligible voter with a unique, verifiable, and tamper-proof digital identity. Citizens can vote securely from any location, with their identity verified through their DID while remaining anonymous to safeguard privacy. This reduces the risk of vote tampering and enhances accessibility to voting.

5. Insurance

In many parts of the world, farmers rely on their crops for survival. However, the claiming process for insurance in cases of drought or floods can be time-consuming, leaving farmers in dire need of funds. DIDs can streamline this process by enabling insurer-farmer contracts based on climate conditions. These contracts can offer immediate payments based on predetermined “world states,” such as the amount of rainfall during specific months.

‍

Owning your identity on a distributed platform bestows upon you a range of rights in both the physical and digital realms, rights that cannot be denied and can be easily authenticated.

In our upcoming post, we will demonstrate how to adopt and develop DIDs on the Stellar network with DID:STLLR.

‍

[1] Session Topics from the Internet Identity Workshop since 2005, Decentralized Identity.

[2] Decentralized Identifiers (DIDs) v1.0, Core architecture, data model, and representations W3C Recommendation 19 July 2022

[3] https://www.w3.org/