The big Identity challenge is design: ‘how to make Identity work’. That is, how to make Identity secure, easy to use, and cost effective for individuals, organizations, and countries.

The Identity Design Challenge starts from, and should be considered from, our current context. That is, start from what we have built over the last 50 years, not with some theoretical IT gee whizz idea.

Starting from the current context shows that we now have three distinct choices: Enhance, Duplicate, or Replace. These choices align with three Identity approaches that I have previously defined:

1. Enhancing access to current Identity Infrastructure is Networked Identity (e.g. Scandinavia)

2. Duplicating current Identity infrastructure is Credential Identity (e.g. EU Digital Identity Wallet)

3. Replacing Identity infrastructure is Decentralized Identity (e.g. SEDI from Utah)

In this newsletter I describe the current context and these three current choices. I then suggest that the answer is relatively obvious and invite you to consider what you would do, if you were in command.

Current Infrastructure

Our current Identity infrastructure is based on centrally-held Digital Identities from which Physical Identity Documents are issued to allow a basic form of Identity re-use:

That is:

• Digital Identity (DI) already exists and is held by Central Organizations. In the diagrams above and below, DI is red cylinder.

• Organizations issue Physical Identity Documents based upon Digital Identities centrally-held. The forms of these documents includes paper-based documents, plastic cards such as driver’s licenses, and chip-based documents such as passports.

• Our primary way of identifying ourselves to new parties is by using Physical Identity Documents.

• We have developed Identity Verification (AML/KYC) to semi-automate this process, but we still rely on Physical Identity Artefacts.

• Our primary way of identifying ourselves to organizations who know us (and hold our Digital Identities) is username and authentication. Due to the inherent weaknesses of the Internet, we have developed new techniques such as biometric authentication and multi-factor authentication, however while these have been beneficial the problems are far from being eradicated.

As this diagram shows, we already have Digital Identity! I will labour the point here – Digital Identity is identity stored digitally. And we have Digital Identity now – we do not need to invent Digital Identity, we need Digital Identity Re-Use (DIR).

Future Options

Digital Identity Re-Use Design Options

We have three DIR design options distinguished by where Digital Identity data is stored. The left side, Networked, simply Enhances the current state. The middle, Credential, Duplicates. The right side, Decentralized, Replaces. This is the crucial DIR decision point – use current, make a copy, or build a new one?

These are very different options. Digital Identity infrastructures have been built up over decades. To Duplicate is a huge undertaking and to Decentralize even more so. Why would you do either if you can simply Enhance the current state? Duplicate and Replace are highly complex, risky, and costly approaches.

Convinced? Not yet? Read on.

Networked Identity - Enhance

The diagrams above and below expand the initial picture to include the principal two roles performed by organizations (Identity Providers and Relying Parties) and to show new infrastructure (in purple) any new functional paths.

Core design principles of Networked Identity are:

• Authenticate against a secure Identity Provider and instruct a relying party.

• A network – all parties are connected to the switch in real-time.

• A Scheme - to participate, an organization must be a member of a scheme, a bit like a payments scheme.

• A protocol - communicating is structured around a protocol. Ideally, the protocol would be a general identity protocol that can be configured to support any type of identity transaction.

• Current technologies – no new identity paradigm is required, only coordination and protocol standardization.

Comments

• Functional now - BankID is already working in Scandinavia as an authentication network providing a common 2FA (second factor of authentication). While not full DIR, it shows the capability of Networking.

• Verified Relying Parties - scheme membership requires the accreditation of relying parties. This is an operational overhead and limits participation. But, in a world where fraud is endemic, verification of relying parties before they are allowed to participate seems to be what we actually need.

• Scalability - The architecture scales to the industry or national level. This gives many options for implementation ranging from a narrow industry commercial account access solution to a national age assurance solution.

• Ballpark cost for a medium size country: $100-$300m.

• Risk: lower relative risk due to known technologies

Networked Identity is ready to go, but is the world ready for it?

Credential Identity - Duplicate

Core design principles of Credential Identity are:

• Multiple processes: get a wallet, establish an identity on the wallet, load credentials, authenticate a relying party, deliver credentials etc.

• Verifiable Credentials (VCs) are a safe and verifiable way of distributing Digital Identity.

• Digital Wallets ensure that individuals have control over their own identities.

• Duplicated Digital Identities – the same data is held in the Identity Provider and in the Wallet.

• Loosely coupled systems that interact with each other.

• Standards will ensure interoperability.

Comments:

• VCs replication is a risk – lost or stolen VCs can be copied and distributed infinitely. This weakness raises Credential Identity security risk, operational complexity, and associated mitigation costs.

• Duplication of all functionalities – besides duplicating data, Credential Identity duplicates authentication processes, life cycle management, data recovery processes, revocation logic, binding processes, and relying-party integration.

• All wallets must be as secure as a government server - every cellphone wallet app must be a mini Identity Provider.

• Local computing is against all current best practice – Credential Identity is moving away from mainstream cloud-centric computing.

• Data synchronisation required – a system to ensure that Wallet credentials are up-to-date.

• Repeated binding checks - credential systems must solve identity binding repeatedly, across devices and contexts, rather than once at source.

• App to app authentication required – loosely coupled apps must be able to check that an app they communicate with is legitimate.

• Network dependency – high-value identity requires current state, which pushes credential systems back towards network dependency.

• Evolving design – the design of Credential Identity is still evolving.

• Ballpark costs for a medium sized country: $500-2,000 million.

• Risk: material unresolved risks

Credential Identity is the most complex design ever produced for an element of a Digital Public Infrastructure . Why is the world pursuing it?

Decentralized Identity - Replace

Core design principles of Decentralized Identity are:

• No central control – Digital Identity resides with the individual.

• Cryptography provides the basis for security – Decentralized Identity gains its security from the use of sophisticated and new cryptographic techniques.

• Self-sovereignty – all power rests with the individual

Comments

• Two decades in the making and still counting.

• An evolving design – pure Decentralized Identity has evolved through self-sovereign identity, DID methods, blockchain identity, and zero-knowledge proofs.

• No operationally viable design has been produced that demonstrates population-scale identity.

• No proof that it will work – there is no proof that pure Decentralized solutions, based entirely on software and cryptography, will deliver the security required for population-scale identity. There is a high risk that Decentralized will evolve to a highly complex and expensive hybrid solution that requires central trust.

• Ideologically driven – Decentralized Identity seems more concerned with social issues than with technology feasibility.

Given progress to date, it appears that pure Decentralized Identity may well be impossible. Yet the movement reappears every few years in a new technical form, raising serious questions about whether the underlying architectural problems are actually solvable.

Summary

To state the obvious again: Digital Identity already exists but with serious issues. What we need is good Digital Identity Re-Use. We need to make a major decision among the options of:

1. Networked Identity that leverages existing institutional trust.

2. Credential Identity that attempts to redistribute that trust to devices and protocols.

3. Decentralized Identity that attempts to eliminate institutional control entirely.

Digital Identity already exists. The strategic question is not whether to create it, but how to reuse it effectively and securely. We can enhance the infrastructure we already have, duplicate it into wallets and credentials, or attempt to replace it with a purist decentralized model.

Only the first option starts from operational reality. The other two ask society to rebuild identity infrastructure at enormous cost and enormous risk.

If it was your planet, what would you choose?

All the best,

Alan