Decentralized identity is an incredibly flexible technology that solves fundamental problems in the way we manage digital communication. But this capacity to do more than one thing at once can be a source of confusion. Heather Dahl from Indicio will elaborate on this challenge in her Combined Session How to use the framework of a Trusted Data Ecosystem to simplify building decentralized identity solutions on Wednesday, May 11, at the European Identity and Cloud Conference 2022.
To give you a sneak preview of what to expect, we asked Heather some questions about her presentation.
What is decentralized identity?
I think it's important to answer this question to really break it down into two parts. And typically we define identity in association with an individual, their name, their address, their date of birth, and so on. And while that's the bulk of the work thus far in the sector, the true value, of decentralized identity technology comes when we realize identity is nothing more than a single data point. And it's associated with the data subject. The data point can be quite literally anything, and the data subject actually need not be a person, but it can be a corporation, a device the government, a physical object, and all the things that you use to describe that entity constitute its data. So with that in mind, decentralization is about giving the data subject control to the data associated with it, rather than having to rely on a single or even small group of authorities to attest to the fact that any given identity to a data point belongs to it. So if you think of SSO providers or even a single government entity, that's the sole source of proving something rather than a collection of sources that we used in the pre-digital age. So another way to think of decentralization is really like the analog world where some proof of data points like birth date or professional license that was given to you, and then you share it with someone who requested it. And while it seems like we can do that now online, the problem is this: The analog world of paper and seals and lamination had a means of determining whether the proof was trustworthy. It was slow, it was tedious, and it was full of friction. But physical things could be trusted in a way that JPEGs, PDFs, and email attachments can't be trusted online. So decentralized identity now gives us the trust of the analog worlds with the efficiency of the digital world and the ability to collect data points that we rightfully own and use the tech to prove the data's source. Its authenticity and its integrity and the fact it hasn't been tampered with or changed in transit.
Could you describe a solution built on decentralized identity?
So a decentralized identity solution is about the trusted exchange of information between the issuer of the data point, the holder or owner of a data, which is basically the data subject, and the receiver, which is a verifier. And when you look at it from this bottom-up perspective, you can identify a pain point where you need to be able to verify and trust some digital information that's critical to the business process. So at that point, it's easy to see some solutions pop up. What we're going to talk about actually at the conference is an example that was provided by SITA. And in this case, SITA, which provides technology to the global aviation industry, needed to be able to prove trust in medical data in order for a traveler to fly. And they worked with the government of Aruba. And through this decentralized identity solution, a traveler was able to obtain their medical information from a state health information exchange in the United States. They were able to provide either that proof of vaccination or test to the government of Aruba prior to checking in and receiving approval from that government and using the self-serve or app on the airline's app to check-in while also conveying the government's approval for their arrival. And in this case, you had the issuer that was both the Health Information Exchange and the government, the holder, which was the traveler, and then the verifier, which was also the government or the airline in this case. So you had a situation where you created a decentralized identity solution. But here's the key. The exchange of the data was done without any direct integrations. And so that created the decentralized methodology in which I talk about and it ultimately created what we call a trusted digital ecosystem.
What should you consider when implementing this solution?
Our experience has been the simpler it is, the better to start, because once you understand the power of decentralized identity, it's easy to see all the ways to exchange authentic trusted data and make a business process better. So the good news is even the smallest implementation of decentralized identity can bring massive value, even in a closed-loop environment where a single business is the issuer and the verifier, think like a bank issuing, an account holder credential that can deliver massive value to the organization, reduce fraud and save money. So when you consider building a trusted digital ecosystem, decentralized identity solution, think about starting small. Use it to bring value. And then that value when it's demonstrated internally or to a business partner, it has and will prove to attract others who want to participate with you. And in this way, policy, compliance, governance, and the tech can evolve naturally. Rather than building this massive round peg and then you're trying to fit it into a dozen square holes.
How do Trusted Digital Ecosystems change the way business is done?
Creating trusted digital ecosystems, provide companies with the software and the infrastructure that they can use to issue, share and verify the authenticity and integrity of any kind of data, especially where you need data repeatedly and efficiently. And you can do that without the high expense or risk of direct integration. That's really the decentralized model here. And so when we think about the framework of a trusted digital ecosystem, think about how you can use decentralized identifiers, software agents, verifiable credentials, and supporting infrastructure to verify data without having to integrate with or even communicate with the source of the data. Most importantly, what we find is that trusted digital ecosystems allow any entity to exchange information and verify it. And here is the key. It's immediately actionable at that point. And so when you have that immediately actionable information that allows you to build upon itself and create that aha moment for your organization, or your partners, then you are really driving that vision of giving individuals ownership over their digital identity in a privacy-preserving way. And then you can provide the products or solutions where others can adopt your verifiable credentials and bring those into markets and workflows and really prove the future of digital trust for all businesses and individuals.