Self-Sovereign Identity

Digital Citizenship
March 10, 2020

Self-Sovereign Identity

Identity management systems have seen a gradual evolution from government issued IDs to email providers and social media accounts.

Key Insight

Identity management systems have seen a gradual evolution from government issued IDs to email providers and social media accounts.

Why It Matters

The average person uses between 27 and 130 unique online accounts. Companies like Google, Yahoo, and Facebook built their business models on managing troves of data on behalf of their users, but users suffered from large-scale security breaches.

Case in point: The Yahoo hack impacted every single one of its 3 billion accounts. Last year alone saw 15 high profile data breaches affecting 2 billion accounts across government, healthcare, finance, and technology sectors involving organizations like Facebook, CapitalOne, Singapore’s Ministry of Health, and Bulgaria’s Revenue Agency.

Examples

Blockchains and distributed ledger technologies introduced a new approach to identity management: self-sovereign identity, a system in which the user is central to the administration of her data and owns her data outright. It is interoperable and transportable across applications, devices, and platforms. Self-sovereign identity has two primary benefits. There’s increased security, because decentralized identity solutions, in theory, are much harder to hack. And there’s also increased control; because an individual manages her identity, she owns her data and can therefore decide what information to share and with whom—and, hypothetically, how to monetize it. Self-sovereign identity is a trend that touches on paywalls, authentication, and royalty tracking, as well as digital advertising. Identity systems help individuals validate reputation, manage risk, and gain access to groups. Many rely on third-party “identity providers” such as governments, Facebook, or Google. Digital identity management has been a central point of vulnerability for individuals and corporations alike, with hackers using phishing emails and personally identifiable information (PII) to reset passwords and break into accounts. In 2019, Microsoft launched Identity Overlay Network (ION), a decentralized identity solution. It’s a collaboration between the Decentralized Identity Foundation, IBM, Aetna, Mastercard, and Accenture. Samsung has also created a decentralized identity project with a consortium of South Korean enterprises.

What’s Next

Self-sovereign identity will likely be adopted in phases. The Brave Browser, for instance, gives users more control over their data as they surf the web. While not a “self-sovereign identity” platform, the Brave model illustrates how users could capitalize on their data if they had more control over their digital identities. With Brave, users get paid 70% of the ad revenue from the ads they watch and they can then choose to share their identities with the sites they visit—for not.

There’s strong incentive for businesses like Google and Facebook to consider this trend because of rising data breaches and security hacks that impact users. Identity is closely tied to data, which means these businesses must consider a business model shift if self-sovereign identity solutions become widely adopted.

The Impact

Since interoperability is a defining feature of decentralized identities, companies should look for partners instead of attempting to launch an identity product on their own.

Watchlist

Aetna, Accenture, AdEx, Brave Browser, Comcast, Decentralized Identity Foundation, Facebook, Google, IBM, Mastercard, Microsoft, Netflix, Spotify, Samsung, UPort.