The future of Digital Identity

Selfsovereign identity (SSID) systems have been in development for some time and although research has been ongoing since the start of the century many people mark the creation of Soverin and Uport as the first dedicated SSID projects (in 2015 and 2017 respectively). Since then there has been a big focus on standardisation of concepts and data formats.

The following components of a verifiable credentials system:

• Distributed Identifier (DID): This is an identifier that represents the verifiable credential. It has the format “did:method:value”   where the method is the specific way that the DID is accessed and managed and the value is a unique key value. DIDs are based on a DID document (that has the data representing the person/business) and can be resolved to return the underlying DID document.
• Key Identifier (KID): Identifies the (cryptographic) public keys should be used in the verification process of DIDs.
• SSID Wallet: The blockchain wallet where the private keys (PKs) connected to public keys linked to the SSDID are stored. These PKs are used to sign transactions and can be stored in local wallets (for a more distributed model) or centrally (for a more centralised system) or a system can be created where keys are derived and stored in both local and central wallets.
• DLT Network: The transactions that are signed related to the verification of identity (and the associated processes) are transmitted to a blockchain network, this creates an immutable record of the transaction and provides a “trust anchor” to either the verifiable credentials identification process or the interactions with other related processes. It is possible to use either private or public blockchain networks for this purpose.
• Zero Knowledge Proofs (ZKPs): A cryptographic function to be able to prove that a particular (digital) object exists without giving away the details of the object itself. Used in SSID systems to prove that   

The following activities are performed by the following (essential) actors in the SSID system. Other actors can be added (Governance Authorities, VC Registry Authorities etc.), but they are not essential for the workflow of creating, verifying and revoking credentials.

• Issuer: Issues the credentials, manages DIDs and revokes credentials.
• Verifier: Validates the authenticity of the credentials via a trust framework.
• Verifiable Credential Holders: The person or entity that holds the credentials in their wallet.

Verifiable credentials using a trust anchor (that is cryptographically verified) can be used in any system that wants to use an identity. We have however collected a list of common use cases that we have seen in the market.

• Digital passports
• Age validation for adult services and goods
• Cross institution/service client onboarding
• Secure identification for financial service actions
• Education and training certifications
• Healthcare records provenance
• Supply chain provenance
• Voting and government identification systems

How secure is the internet and how secure are VOIP protocol calls when it is so easy to impersonate someone and/or hack their accounts via assisted technologies such as deep fakes. How important is that when you connect to your online banking services, you know 100% that you are definitely connecting to your bank (or vice-versa when your bank verifies your identity)?. Many people think that this is the biggest challenge we have to face in the next 10-20 years, and this is the focus of Web 3.0.

Web 3.0, or the distributed web, is a new model of the internet based on trust. Whereas Web 2.0 (the semantic web) used large identity providers (Google, Microsoft, Facebook/Meta etc.) Web 3.0 defines a model whereby individuals have the rights to hold their identifiable data (via verifiable credentials) and can choose how and who they want to share their data with. Verifiable credential wallets and SSID are components of this vision for a more secure and trusted internet.

But it is not only the technology communities that are pushing for the use of verifiable credentials, governments are too. The European Union issued a significant new regulation in regard to electronic identification and trust services called the electronic Identification, Authentication, and trust Services regulation (eIDAS). This regulation builds a framework for how electronic identification can be used and must be adopted by businesses and institutions in the EU and is tightly linked to verifiable credentials. This combined with the fact that the European Blockchain Service Infrastructure (EBSI), designed and maintained by the European Commission, has designed a standard for digital identity wallets called the European Digital Identity Wallet, shows that at least in the EU digital identity is being taken seriously and major public administrations are developing frameworks and solutions.

GFT has been working on SSID projects for the last 5 years.  We have been involved in the most ground-breaking projects in countries’, implementations of the European Digital Identity Wallet, (where we were the first to implement SSID solutions) and also research for clients in the DC4EU verifiable credentials initiative. In the subsequent series of blogs we will do a deeper analysis on the GFT projects and explain the different approaches to SSID that we have been working on.