Decentralized Identity (DCI) has evolved over more than a decade and is reaching the tipping point for widespread adoption and triggering massive innovation in how businesses and governments interact with customers, consumers, employees, or citizens.
From centralized identity siloes to decentralized identity wallets
DCI, also referred to as SSI (Self-Sovereign Identity), is a concept that differentiates fundamentally from established models. Commonly, organizations manage identities of the individuals in their own systems, creating siloes of identities and causing individuals to register with many different parties. Everyone experiences this on an almost daily basis when using the Internet. While some identities such as the ones of LinkedIn, Facebook, Google, or Apple can be reused, they still are centralized and not ubiquitous.
In contrast, DCI leaves the identity and its attributes with the individual. Based on standards, that information can be flexibly exchanged with other parties. So called verifiable credentials (VCs) provide information for instance about the name, the email address, the postal address, the employer, the employment status, or any other information. The concept of DCI is open and does not limit what could be provided with VCs. This is essential, because this enables using DCI for any type of use case, especially because also things, devices, or organizations could (and will, over time) have their decentralized identities.
DCI builds on a concept of issuers that issue VCs, holders – commonly the individuals – that hold VCs, and verifiers that consume VCs. The VCs are stored by the individual in so-called wallets. Over time, the term wallet may turn out to be misleading, because we potentially will have way more information in the form of VCs in the wallet than we have cards in our wallets today. Also, the use cases will become much broader.
Decentralized identity: More than just verification, onboarding and authentication
DCI today is frequently seen as a means for having a verified identity, based on human-assisted or fully automated IDV (Identity Verification) processes, on hand that is reusable. This enables trusted interactions with other parties such as organizations or governmental agencies.
The VCs then provide additional data and can for instance simplify the onboarding process such as registering with an eCommerce site. Based on the verified identity, the secure wallet, and the ability to open that wallet, authentication processes can become simplified.
However, looking just at these aspects is only scratching the surface of the potential that DCI holds. The potential is much bigger. VCs can be used for process automation and optimization. Envision onboarding of externals to a project. This process can become fully automated based on the name, the employer, the employment status and some other information. Or envision applying for a loan at a bank, based on other VCs, ranging from the verified identity to the monthly salary statements, marital status, proof of existing real estate, and so on. The costly AML (Anti Money Laundering) and KYC (Know Your Customer) processes in banks would sink massively, as well as the cost for approving (or rejecting) loans. Process cost optimization is a massive potential of DCI.
But there is more. Consent could be managed by VCs that allow the use of certain information by defined parties for a defined purpose and limited time. People could share health data in a controlled manner as VCs. The potential is virtually infinite and allows for breakthrough innovation in the digital economy.
Breakthrough potential: Disruption in business that does not break IT
DCI can become disruptive to the business, with organizations that leverage the potential of DCI winning by delivering new, innovative services, but also optimizing their processes and thus cost. We expect that with the recent eIDAS 2.0 regulation, which amongst other changes mandates EU member states to provide DCI wallets, the EU DI wallets (EU Decentralized Identity) to every citizen and to adopt this technology for eGovernment use cases, there is a driver for significantly increasing the speed in adopting DCI approaches. These wallets are a foundation for implementing further DCI use cases.
Fortunately, disruption in business does not equal disruption in IT. DCI adds to what exists. When a customer is registered via DCI and purchases goods, this is still reflected by records in the ERP system of the organization. When someone is onboarded, there still might be an entry in an internal directory.
Just adding DCI to the forefront of the organization will not allow leveraging the full potential, though. Consuming VCs to make decisions, from access authorizations to process automation, requires changes in the backends. In many cases, this will be an evolutionary process.
With the immense potential of DCI, it is the latest time that organizations start evaluating that potential and think about the innovation that it can bring to their business or the way governments serve their citizens. This must involve everyone in the organization, not just the identity team.
As a guest of Ergon Informatik, Martin Kuppinger, Principal Analyst at KuppingerCole Analysts, will talk about this topic more in depth at the it-sa Expo & Congress in Nuremberg on October 23rd.