Distributed digital identity, decentralized identity, blockchain, and distributed ledgers: what do they mean and how can they help keep my company secure?
What is a digital identity? A digital identity is information that combines all your personal online activities and data. Examples of what would make up your digital identity include usernames, passwords, online searches, date of birth, and social security number.
What Is the History of Digital Identity?
Digital identity is a critical and ever-present part of our lives. Identities play a role in almost every aspect of our lives, from business to commerce to entertainment. Additionally, many jurisdictions are turning to digital identity as civic documentation to cover identification purposes outside of the private sphere.
The history of digital identity has followed security, privacy, and usability questions, with different technologies attempting to address various aspects of these categories. One of the central challenges to digital identity has been centralization.
Centralization brings a host of problems to administrators, enterprises, and users alike:
- Central Points of Failure: Centralized identity relies on central control over the implementation of that identity, which often means on-premise databases of login credentials (typically usernames and passwords or PINs). If that database is hacked, then those credentials are compromised and all user information has most likely been exposed.
- Usability and Security Practices: Centralized identity schemes force organizations to either adopt outside identity management systems or implement their own—a reality that has led to a fragmentation of identity management. Users have to remember individual credentials for multiple systems, leading to poor security (from simple or reused passwords) and identity theft.
- Lack of Ownership: The question of digital identity ownership is a lively one, with different regulations and business practices vying for control of private information. Centralized identity management requires that organizations mediate control between digital identities and users rather than placing ownership in the users’ hands.
Modern identity and access management have worked toward addressing some of these issues, primarily to support a connected, cloud-based, and secure digital world.
One of the emerging technologies to address these issues is single sign-on. The goal of SSO (also known as federated identity) is to facilitate authentication across multiple systems using a centralized repository of identities and policies.
Generally speaking, there are a few protocols through which SSO works:
Security Assertion Markup Language
SAML is an open markup language used by identity providers to format and transmit authorization credentials to other platforms or service providers. The idea is that a centralized SSO provider manages identities through a server and formats SAML authentication through an XML-based token system that connects identity providers and service providers (the organization handling your identities and the company with which you want to authenticate).
As the name suggests, OAuth is more an authorization approach than an authentication method, but it can be used as part of an SSO scheme. Unlike SAML, where federation happens from a centralized identity provider across multiple service providers, it’s more often the case with OAuth that a user in an authorized session with one provider can access another provider from that session.
Of course, it bears stating that SSO is a smaller part of the larger discipline of IAM explicitly focused on how to provide federated identity and authentication without compromising security.
The problem with SSO and IAM, in general, is that they only address a small subset of issues with centralized SSO or OAuth. To start with, SSO systems still have security issues, and a compromised identity provider will still pose a risk to all users. Additionally, none of this addresses the issue of identity and data ownership.
To take steps in facing some of these lingering issues, developers and scientists are working toward developing distributed identities.
What Is Distributed Identity?
Instead of creating localized or platform-specific usernames that rely on a single organization or consortium of participating organizations to manage, decentralization uses technology to place ownership of identity data into the hands of the users that information is supposed to represent.
How is this possible? The truth is that there isn’t a clear-cut answer yet but rather a collection of technologies that are stepping up to introduce decentralization into IAM as a whole:
- Blockchain: Originally introduced in cryptocurrencies, like Bitcoin, as part of the nascent “Web 3.0,” the blockchain has been isolated as a uniquely powerful technology that provides an immutable, decentralized ledger of ownership. Under a blockchain, users have programs called wallets that store information and denote ownership, and this ownership is not dependent on a central organization to manage.
- Decentralized Identifiers: Created by the World Wide Web Consortium, DID is a scheme of identity decentralization outside of blockchains proposed as a general protocol for managing identity. With DIDs, users can control their data, be protected by cryptography, and authenticate with participating organizations.
The blockchain, in particular, is part of what is currently being dubbed Web 3.0, emphasizing decentralization of control over information. It works by creating a ledger that the users of that network control through their participation, protected with cryptography.
Why Is Distributed Digital Identity So Important?
Right now, data ownership and protection are critical questions for large enterprises, governments, and end users alike. The General Data Protection Regulation is one of the most stringent privacy and security jurisdictions globally, due in no small part to its driving mission to place control of private data into the hands of consumers.
But giving users control over their digital identity and their personal data is no small task. Data is often seen as ephemeral, and users in many places (including the United States) have willingly given up control over their information to large corporations.
A distributed identity system could allow users to take control of their digital identities. Several governments have already begun to develop distributed forms of digital identities to support their citizens.
The European Union, for example, has started creating a self-sovereign identity framework built on DID and blockchain to modernize government ID for citizens. Countries like Germany, Uruguay, and Finland have started issuing electronic IDs and bank-issued eIDs to serve as national identification.
On a smaller scale, distributed identity can still benefit enterprises internally. By leveraging distributed identity systems, enterprises can connect user IDs with several different service platforms and authorization policies without reinventing or replacing existing identity systems. Additionally, enterprises can then adopt their schemes or extend existing ones offered through government agencies.
Strong Authentication and Distributed Identity with 1Kosmos
Distributed identity isn’t just a powerful new technology or the future of identification—it is a business imperative that will eventually shape how enterprise organizations integrate and adopt different types of managed services, cloud applications, and internal security measures. By working with user-owned, self-sovereign ID, businesses can mitigate some of the most significant weaknesses of centralized identity (security and usability) while expanding their ability to adapt and scale with new technologies.
BlockID from 1Kosmos provides secure authentication and promotes identity ownership through a few critical features:
- Private and Permissioned Blockchain: 1Kosmos protects personally identifiable information in a private and permissioned blockchain and encrypts digital identities in secure enclaves only accessible through advanced biometric verification. Our ledger is immutable, secure, and private, so there are no databases to breach or honeypots for hackers to target.
- Identity Proofing: BlockID includes Identity Assurance Level 2 (NIST 800-63A IAL2), detects fraudulent or duplicate identities, and establishes or reestablishes credential verification.
- Streamlined User Experience: The distributed ledger makes it easier for users to onboard digital IDs. It’s as simple as installing the app, providing biometric information and any required identity proofing documents and entering any information required under ID creation. The blockchain allows these users more control over their digital identity while making authentication much easier.
- Identity-Based Authentication: We push biometrics and authentication into a new “who you are” paradigm. BlockID uses biometrics to identify individuals, not devices, through identity credential triangulation and validation.
- Interoperability: BlockID and its distributed ledger readily integrate with a standard-based API to operating systems, applications, and MFA infrastructure at AAL2. BlockID is also FIDO2 certified, protecting against attacks that attempt to circumvent multi-factor authentication.
- Cloud-Native Architecture: Flexible and scalable cloud architecture makes it simple to build applications using our standard API, including private blockchains.
To discover the self-sovereign identity and BlockID, read more about 1Kosmos as a Distributed Digital Identity Solution. Also, make sure to sign up for the 1Kosmos newsletter to receive updates on 1Kosmos products and services.