Overview
The digital identity system is responsible for bringing humans from the real world to the digital world.
Digital identity is a fundamental human right. It must be owned and fully controlled by the human, not by a centralized third party.
The digital identity system is a boundless concept. It consists of:
- Digital identifier(ID): used to identify humans in the digital world. It can have multiple identifiers.
- Authentication methods: used by humans to prove that they own and control a digital identifier.
- Authorization methods: used to verify that a human has the right to issue different types of digital operations.
- Attestation system: attest to anything around human digital activities.
- Reputation system: when humans practice their digital life, they build their digital reputation.
- Credentials system: issue digital claims around some entity such us humans.
- Profile
Digital identity: simple explanation
The digital identity system is responsible for identifying users in the digital world through an identifier and verifying that the user owns an identifier via an authentication procedure. We can apply authorization rules around issuing digital operations within a human digital identifier.
The evolution of identity on the internet
Centralized(Siloed) identity
In this model, the user has a digital identity with each digital system. In more detail, the user has a digital identity that is issued, managed, only known, and discoverable to a particular digital system. We often have a few centralized digital identifiers like usernames, email addresses, and phone numbers that we use to create many digital identities.
It requires registration with each digital system to define how it will identify humans in the digital world. The registration process demands a digital system to create a new digital identity(specifying a digital identifier and the parameters an authentication procedure needs).
Multiple centralized, trusted third parties own human digital identities. Centralized companies control our digital identity. They act as intermediaries that manage our digital identity.
Federated identity(Third-Party IDP)
The main idea is to choose a digital system to manage your digital identity, which you can then share with others.
Social Login: Using an existing digital identity from a social media platform like Facebook, Twitter, or Google, humans can share their digital identity with any service provider instead of creating a new one.
Single Sign-On(SSO) in enterprises: an identity provider(IDP) exchanges digital identity data with a service provider(SP). You have one digital identity(one digital identifier) within the company you‘re working on, and you will use the same one with all applications and enterprise platforms inside the company.
Multiple standards define protocols and data formats for exchanging digital identity(authentication and authorization) information between different digital systems, such as SAML, Oauth2, and OpenID Connect.
A few companies(Facebook, LinkedIn, google, ...) act as intermediaries to manage our digital identity. They own our digital identity. Human digital identity is under the control and authority of a few companies. They can decide to delete you from the digital world whenever they want. They have all the authority over our digital identity and digital existence.
An example of Siloed and Federated identity:
Identity introduced by Bitcoin blockchain
Bitcoin Blockchain introduced an address as a human digital identifier. An address is generated from a private key based on public key cryptography(PKC). The identifier is controlled via the ownership of a private key.
Bitcoin Blockchain uses digital signatures to authenticate digital operations(transactions) within an account identifier.
It is a digital identity that is not managed by an intermediary like centralized and federated digital identity.
It is a decentralized digital identity. It isn't owned and controlled by a centralized, trusted third party. The human owns its digital identity.
Bitcoin Blockchain introduces two main decentralized components that redefine “ownership” from the first principle: a decentralied digital identity owned by humans and a public good infrastructure(decentralized and governed by humans) that computes state transitions based on human transactions.
Self-sovereign identity (SSI)
Self-sovereign identity—commonly abbreviated SSI—is a new paradigm for digital identity on the internet. It allows users to self-manage their digital identities without depending on a centralized third party (an intermediary).
The “trust triangle” at the heart of all human trust relationships in the SSI ecosystem
There are three main participants in the SSI system:
- Holder: Someone who creates their decentralized identifier with a digital wallet app and receives Verifiable Credentials.
- Issuer: Party with the authority to issue Verifiable Credentials.
- Verifier: Party checking the credential.
A decentralized identifiers (DIDs) is simply a new type of globally unique identifier—not that different from the URLs you see in your browser’s address bar. But at a deeper level, DIDs are the atomic building block of a new layer of decentralized digital identity. DIDs become a W3C Recommendation.
Verifiable credentials (VCs) are a standard format for the digital representation of credentials that are cryptographically secure, verifiable through machines, and that guarantee privacy by enabling methods such as selective disclosure.
Digital identity in the blockchain era
Bitcoin Blockchain was introduced in 2008 as a P2P and decentralized value transfer system(payments) on the Internet. One of its main components is a decentralized digital identity system. It is based on public key cryptography (PKC) and digital signatures. It isn't controlled by a centralized, trusted third party.
An address is a unique identifier that identifies a human account in the blockchain(derived from a private key based on PKC). We authenticate transactions via digital signature, where a transaction is signed with a private key associated with an address.
Blockchain introduces a new identification system and authentication procedure for humans to issue digital operations: it is one of the blockchain's decentralization aspects.
A decentralized identification system is a key to a human-centric digital identity(owned and fully controlled by the human). The identification system of humans in the digital world can be provided as a public good. Another key is an authentication procedure independent of any centralized trusted third parties. We can classify different digital identifiers and authentication procedures based on their degree of decentralization.
Ethereum and other Blockchain protocols use the same digital identity approach introduced by Bitcoin with different technical implementation techniques.
Ethereum introduces the account abstraction idea. It opens the door to a new era of digital identity innovation within the Blockchain ecosystem