Identities

History of Identities

The characteristics of human identity have evolved significantly over time. In the past identity was attributable to physical markers such as reputation, word-of-mouth and physical documents such as birth certificate, passport or driver’s license. These documents provided us with a sense of societal belonging, interaction and accountability within communities.

The advent of the Internet sparked a revolution and many characteristics of our identity migrated to the digital realm. The early era of the Internet introduced usernames, passwords, profiles and federated identity systems (ie single sign-on systems). These enabled us to represent ourselves and to interact with others in the online world, but the shift introduced new challenges around data centralization, privacy and data security.

Era	Method of Identification	Description
Physical Era	Reputation, Documents, Credentials	Identity was tied to physical characteristics, word-of-mouth reputation, and documents like birth certificates, passports, and licenses. These forms provided a sense of belonging, societal interaction, and accountability within communities.
Early Digital Era	Usernames, Passwords, Federated Identity Systems (e.g., SSO)	The advent of the internet introduced digital identities, allowing individuals to represent themselves online. These systems faced challenges regarding data centralization, privacy, and security.

With the advent of the internet, identity moved into the digital world. The early digital landscape introduced usernames, passwords, and federated identity systems (e.g., single sign-on). These systems enabled individuals to represent themselves and interact with others online, but they introduced challenges regarding data centralization, privacy, and security.

Evolution in Web3

The rise of blockchain and a growing appetite for decentralization have resulted in the introduction of decentralized identity (DID) and self-sovereign identity (SSI). These concepts, which are rooted in core blockchain architecture, have dramatically transformed the landscape of digital identities. This shift ensures that users maintain control over their digital identities with a strong emphasis on the key principles of ownership, privacy and portability.

Decentralized Identity (DID): A Key Component of Web3

A decentralized identifier (DID) is a new type of identifier that enables verifiable, self-sovereign digital identities. DIDs are fully under the control of the DID subject, independent from any centralized registry, identity provider, or certificate authority. They are designed to be globally unique and persistent, functioning without the need for a centralized authority to validate their authenticity.

Here's an example of a Decentralized Identifier (DID) in its technical format:

{
  "@context": [
    "https://www.w3.org/ns/did/v1",
    "https://w3id.org/security/suites/ed25519-2020/v1"
  ],
  "id": "did:example:123456789abcdefghi",
  "authentication": [{
    "id": "did:example:123456789abcdefghi#keys-1",
    "type": "Ed25519VerificationKey2020",
    "controller": "did:example:123456789abcdefghi",
    "publicKeyMultibase": "zH3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
  }]
}

This example illustrates the structure of a DID document. It includes a context that defines the vocabulary for the document, an identifier (id), and an authentication section containing cryptographic material that secures the DID.

Self-Sovereign Identity (SSI): The Future of Identity Management

Self-sovereign identity (SSI) takes the concept of user-centric identity further by allowing individuals to own, control, and present their credentials in a peer-to-peer manner. This approach eliminates reliance on any central authority for identity verification and places the power of identity management back into the hands of individuals.

An example of how SSI might be structured is not provided in the initial request, but here’s how an SSI could conceptually appear:

{
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://www.w3.org/2018/credentials/examples/v1"
  ],
  "id": "http://example.gov/credentials/3732",
  "type": ["VerifiableCredential", "UniversityDegreeCredential"],
  "issuer": "https://example.edu/issuers/14",
  "issuanceDate": "2020-03-10T04:24:12.164Z",
  "credentialSubject": {
    "id": "did:example:abcdef1234567",
    "degree": {
      "type": "BachelorDegree",
      "name": "Bachelor of Science and Arts"
    }
  },
  "proof": {
    "type": "RsaSignature2018",
    "created": "2020-03-10T04:24:12Z",
    "proofPurpose": "assertionMethod",
    "verificationMethod": "https://example.edu/issuers/14#key-1",
    "jws": "eyJhbGciOiJSU0EtT0FFUCIsImI2NCI6dHJ1ZX0.."
  }
}

This structure includes credentials that can be verified against the issuer’s public key without relying on a central authority, aligning with the principles of SSI.

Moving Forward with Decentralized Identity (DID) and Self-Sovereign Identity (SSI)

The introduction of DID and SSI has provided a stack that prioritizes security, privacy, and user autonomy. Despite this progress, challenges remain, particularly in enhancing the user experience for managing identities and increasing interoperability among various blockchains and systems—both essential for widespread adoption.

To overcome these challenges and fully leverage the potential of DID and SSI, we have prepared a list of criteria that an ideal identity solution should adhere to:

Principle	Description
Existence	A DID must be linked to a physical identity, ensuring independent existence beyond the digital realm.
Control	Users should have full control over their identity, including referencing, updating, or concealing it.
Access	Users must have complete access to their data, with no personal information hidden from the owner.
Transparency	All components of a DID must be transparent about their operation, with open-source and free algorithms.
Persistence	A DID should be long-lived and can only be removed by its owner, though associated claims may change.
Portability	Identity attributes, claims, and services should be easily transportable by the owner, not by third parties.
Interoperability	A true DID must be globally adoptable and usable across different systems and platforms.
Consent	Users should freely agree to how their identity attributes and data are used, requiring explicit consent.
Minimalization	The disclosure of identity attributes should be minimized to only what's necessary (e.g., age verification).
Protection	The rights and freedoms of users must be protected against powerful entities, prioritizing user needs.
Provable	Identity claims must be verifiable, ensuring trusted third parties can validate the authenticity of the data.

Motivation

The development from tangible and initial computerized identities to entirely merged decentralised identity systems indicates both advancements and challenges. However, the existing decentralised solutions are often limited in terms of scalability, privacy protection, and decentralization. Therefore, it is necessary to tackle these prevailing challenges while capitalizing on the strengths of established protocols to spearhead decentralized identity solutions.

An ideal DID solution would thus meet all those principles holistically by giving users a transparent, secure and user-centric identity management system.