--- title: "What is Decentralized Identity? and Digital ID Fundamentals." permalink: /getting-started/ toc: false last_modified_at: 2020-11-02 ---
The Internet was created without any way to identify the people who used it. The Internet was a network of machines. Consequently, all the identity in Internet protocols is designed to identify machines and services. People used the Internet through some institution (their company or university) and were part of that institution's administrative identity system. This can still be seen in the format of email addresses that identify both recipient and sender as someone@someplace. As the Internet grew to include people who weren't formally associated with an institution, every Web site and service created their own administrative identity domains. The result is the fractured plethora of identifiers, policies, and user experiences that constitute digital identity in 2019.
Abstract The desire for increased control over our identity has catapulted the idea of “self‐sovereign identity” into the forefront of digital identity innovation, yet the term lacks a rigorous definition beyond specific technical implementations1. This paper explores what self‐sovereign identity means independent of technology: what people need from independent identity capabilities. I want to understand how such a system enables both individuals whose identities are in play (subjects), as well as those who use those “identities” to correlate interactions across contexts (observers). I start with grounding individual sovereignty in the Enlightenment and identity in its core function of correlation, then propose core characteristics of a self‐sovereign identity system. My eventual goal is to model the technology‐independent requirements of a self‐sovereign solution suitable for realizing UN Sustainable Development Goal 16.9: “Providing every last person on the planet with a legal identity by 2030.”
We cannot decentralize many interesting systems without also decentralizing the identity systems upon which they rely. We're finally in a position to create truly decentralized systems for digital identity.
The evolution of online identity:
— Tykn (@Tykn_tech) October 27, 2020
1. Siloed Identity: All services hold your data.
2. Federated Identity: Brokers hold your data.
3. Self-Sovereign Identity: You hold your data.
Self-sovereign identity is the next step beyond user-centric identity and that means it begins at the same place: the user must be central to the administration of identity. That requires not just the interoperability of a user’s identity across multiple locations, with the user’s consent, but also true user control of that digital identity, creating user autonomy. To accomplish this, a self-sovereign identity must be transportable; it can’t be locked down to one site or locale.
This lack of secure, portable, user-controlled identity has some dire consequences. It means that a person’s identity and personal data only exists within the context of each specific website or application he or she uses. Stop using the site or application and the person’s digital existence is meaningless. And a user’s control over their identity and data must be exerted on a site-by-site, app-by-app basis.
The ability to prove who you are is a fundamental and universal human right. Because we live in a digital era, we need a trusted and reliable way to do that both in the physical world and online.
Creating a unified decentralized identity ecosystem requires addressing a set of fundamental user needs and technical challenges:
- Enabling registration of self-sovereign identifiers that no provider owns or controls.
- The ability to lookup and discover identifiers and data across decentralized systems.
- Providing a mechanism for users to securely store sensitive identity data, and enabling them to precisely control what is shared with others.
Are you curious about the Digital Identity Ecosystem? If you have been looking for a good, reliable and easy-to-understand source of information and haven’t had any luck, then this article is for you.
The Sapir–Whorf Hypothesis, also known as the principle of linguistic relativity, posits that language constructs our reality and worldview. While the hypothesis has been contested over the years, language is unarguably fundamental to the models of the world we build in our heads — and in our systems.
What is the difference between authentication (authN) versus authorization (authZ)? While these two fundamental security terms are often confused with each other, the only real similarity is they both begin with the letter “A” and are linked by an account. In concept, one verifies the account (authentication) and the other sanctions (authorization) the account to perform a task. Because these terms are so fundamental, it’s crucial to understand the difference between them, and the implications for each when the concepts are blended
Identity and Access Management (IAM), also called identity management, refers to the IT security discipline, framework, and solutions for managing digital identities. Identity management encompasses the provisioning and de-provisioning of identities, securing and authentication of identities, and the authorization to access resources and/or perform certain actions. While a person (user) has only one singular digital identity, they may have many different accounts representing them. Each account can have different access controls, both per resource and per context.