Overview of the decentralized identity solution ecosystem and its value potential

This article was published by the Ontology Research Institute, author: Andrew Cahill, translation: ONTology.

Core Insights:

• Decentralized identity solutions are challenging the centralized identity management paradigm;
• Identity issuers, holders, and verifiers can benefit by migrating ID management processes to distributed ledgers and blockchains;
• Although product trials are still ongoing, if decentralized identity solutions achieve product-market fit, identity owners, application developers, and blockchain consulting firms will be well-positioned to capture corresponding value.

In today's society, managing digital identity is clearly still a challenge. Massive amounts of data are facing threats of attacks and leaks. On average, each internet user manages about 70-80 different usernames and passwords. Phishing techniques often lure users into disclosing their IDs and passwords. Statistics show that identity data breaches result in losses of up to $17 billion annually. Such examples are numerous.

These issues plague users with digital identities. It is estimated that around 1.1 billion people globally cannot prove their identity, hindering their access to critical healthcare, education, and financial resources.

However, what exactly do we mean when we refer to "identity"? It encompasses many types------

"Identity" comes in various shapes and sizes, from government-issued IDs (driver's licenses, passports, food stamps, and voter ID) to healthcare IDs (medical licenses, electronic prescriptions, and medical records), to financial IDs (KYC data, credit records), and social IDs (browsing history, social media interactions). Broadly speaking, they represent any information shared by users with specific individuals or entities at a particular point in time.

Regardless of what the actual ID represents, most identity management frameworks consist of three parties: issuers, holders, and verifiers. The issuer is the trusted party that issues credentials and verifies their validity. The holder is the individual who receives the certificate. The verifier is responsible for validating whether the ID represents the holder and whether it was issued by that issuer.

The issuance of a driver's license is a simple case of identity management. In the United States, the state-level motor vehicle department responsible for processing license applications and issuing licenses represents the issuer. The driver receiving the license represents the holder. Any person or organization using the identity to verify an individual's identity represents the verifier.

Like most multi-party transactions, this identity management relationship is built on trust. The verifier trusts the issuer, in this case, the motor vehicle department, which issues the identity and conducts field checks and verifications. The holder trusts that the motor vehicle department will protect and store their personal data. This is a case of trust existing among stakeholders in identity management.

More broadly, internet users delegate billions of personal data records, either explicitly or implicitly, to social platforms, financial service companies, healthcare providers, and nearly all individuals or organizations that provide services to users and verify their identities.

Most of these providers claim to offer "free" services, monetizing customers' personal data and online activities, creating repetitive, centralized databases that are easy targets for hackers. The costs associated with these centralized identity frameworks are difficult to quantify. Equifax paid $575 million to the US Federal Trade Commission (FTC) and state agencies to settle its 2017 data breach issues. However, this is merely the explicit cost borne by the company and does not account for the costs associated with the leakage of users' sensitive personal information. The opportunity costs related to allowing third parties access to users' sensitive information in exchange for "free" services are even harder to quantify.

Decentralized Identity Solutions

Most identity solutions follow the mission of "empowering users to control their own identities." But what does this actually mean? And how will it be achieved?

In short, it means using blockchain and public/private key cryptography to manage the issuance and verification of digital identities. Blockchain infrastructure can enable many functionalities. When users control their identity-related private keys, they can more selectively decide when, with whom, and under what conditions to share information. As electronic signatures encrypt authentication of identities without requiring manual verification of paper documents, counterfeiting credentials becomes more challenging.

The key technical difference between decentralized identity solutions and centralized ones is the decentralized identifier (DID). A DID is a blockchain-based ID used to connect identity owners (individuals, organizations) with blockchain-based public key addresses. They provide a fundamental trust basis for determining "who is who" in a decentralized information-sharing model, possessing four main attributes:

• Permanence: Never needs to be tampered with;
• Resolvability: Used to look up metadata;
• Verifiability: Can be cryptographically verified, with private key signatures proving its controllability;
• Decentralized nature: Does not require a centralized registry to publish and store relevant data.

The World Wide Web Consortium states that over 90 DID method specifications are currently under development, covering more than 80 different permissioned and permissionless blockchain networks.

The following diagram outlines the issuance and verification process of DIDs and IDs:

The specific steps are as follows:

1. The issuer registers a public DID on their chosen blockchain or distributed ledger;
2. The holder provides the issuer with the information needed to create the credential;
3. The issuer creates the credential, digitally signs the DID they created, and then provides the credential to the holder to be placed in their wallet;
4. When the wallet holder presents the digital certificate to the verifier, the holder creates a separate DID by effectively signing the DID registered by the issuer;
5. When the holder presents the digital credential to the verifier, the verifier can refer to the appropriate blockchain or distributed ledger to verify that the issuer indeed digitally signed and sent the credential, and that the holder is indeed the credential controller who signed the DID.

But what does this mean in practice? It means that issuers, holders, and verifiers all have the potential to benefit and enhance efficiency in current solutions.

Issuers can eliminate the costs associated with issuing easily tampered and forged paper credentials; holders can better control their IDs and decide when, with whom, and under what conditions to disclose their identity information; verifiers can more reliably ensure the authenticity of the identities provided and reduce the costs and risks associated with manually verifying IDs and storing sensitive customer information.

Furthermore, this significantly reduces the risks associated with centralized storage of customer data. In a decentralized identity system, information is dispersed and stored on local devices such as smartphones. In a decentralized data model, the risk of ID theft may be limited to an individual user and their wallet, rather than occurring in a large database that stores billions of personal information records.

At a high level, the decentralized identity industry can be divided into four parts to drive the process of practical application.

(i) Blockchain Infrastructure: Blockchains and distributed ledgers lay the trust foundation for decentralized identity solutions, including permissioned chains like Sovrin, where organizations have control over operational network nodes, and permissionless networks like Bitcoin, where any participant can operate nodes to achieve consensus.

The primary purpose of blockchain is to manage the issuance of DIDs and provide a distributed registry for cryptographic verification. DID methods are being developed on general-purpose blockchains like Ethereum and blockchain platforms optimized for decentralized identity management such as Sovrin, Veres One, and Ontology.

(ii) Standards and Interoperability: Organizations like the World Wide Web Consortium are developing structural and verification standards for how to construct and verify decentralized identity data, focusing on making solutions interoperable.

(iii) Consulting and Deployment: Blue-chip consulting firms and blockchain tech companies are bridging the gap between development and real-life decentralized identity use cases through educational resources and consulting services.

(iv) Wallet and Verification Services: Tech companies are developing wallet applications and verification solutions. Wallets are used to store personal identity credentials and the private keys associated with DIDs. Verification services enable companies to use decentralized identities typically stored in digital wallets to verify their customers.

Overview of Decentralized Identity Value

Clearly, there are several stakeholders in the decentralized identity ecosystem. Although product development and experimentation are still ongoing, the value inherent in decentralized identity solutions, once widely adopted, is worth careful examination.

At this point, the most obvious beneficiaries are individual identity holders. By controlling their identities, users can benefit in various ways. From a quantifiable perspective, this may mean receiving compensation for the leakage of personal information, such as browsing history, consumer preferences, or healthcare data. From a more qualitative perspective, the economic value of enhanced personal privacy protection is even harder to assess.

Tech companies developing wallet applications and providing verification services can also benefit from the ecosystem's development. Companies like Civic provide a value matrix that offers a prototype for a decentralized identity pricing structure: companies providing identity wallets and verification services can charge verifiers a fixed SaaS rate or a per-use fee for verifying customer identities.

Additionally, blockchain tokens associated with certain wallet applications, as shown in the table below, may appreciate in value. The use cases and designs of tokens vary by project but are typically used to incentivize users to engage with applications, transfer value within their respective identity and data networks, and, in some cases, grant a governance function. How these asset structures adjust and integrate into their respective ecosystems, all else being equal, may drive valuable growth for related wallets and identity networks.

Digital assets related to decentralized identity have risen alongside this year's overall bull market in digital assets but still remain far below historical highs during the 2017-2018 bull market. According to our research, Ontology, Civic, and SelfKey represent more active decentralized identity projects, all closely tied to digital assets.

Similarly, blockchain consulting firms can earn consulting fee income from the decentralized identity ecosystem. Blue-chip tech companies like Microsoft, Accenture, and IBM are leading the way in launching their own decentralized identity solutions, while Evernym and Consensys are helping enterprises build their own decentralized identity infrastructures.

Finally, blockchains that register DIDs, especially those optimized for DIDs, can benefit from broader ecosystem development. Decentralized identity solutions rely on blockchains or distributed ledgers to drive the issuance and verification of DIDs. All else being equal, the issuance of DIDs requires blockchain transactions, which may significantly drive demand for native blockchain assets to pay for related transaction fees.

Conclusion

Fully digitizing identity solutions is a common task being explored by governments, private enterprises, blockchain communities, and standard organizations worldwide. The main issues with current ID frameworks include concerns over centralized data storage, misuse of personal customer information, and individuals not being able to fully control their identities.

It is estimated that by 2030, the economic value that a fully digitized identity recognition system could unlock will reach 3% to 13% of GDP. Given the fragmented regulations and legal jurisdictions surrounding different types of identities, the likelihood of a single dominant solution is minimal. Decentralized identity solutions introduce a new framework for the storage and sharing of personal information. However, they are not a panacea and often shift the responsibility for information protection from companies to individuals. Every user with their own Bitcoin wallet knows that managing and updating private keys is no small task.

The success of these solutions will ultimately depend on their ability to generate strong network effects, which will take time to test. Their standards need to be collectively established and adopted by a broad range of industry participants. Issuers need to adapt to new frameworks for managing and issuing credentials; users need to adopt this technology, and in many cases, also adapt to personally safeguarding their credentials; businesses and verifiers need to adopt relevant technologies to facilitate the adoption of these credentials.

These tasks are daunting. However, it should be noted that the explicit costs associated with current centralized solutions are high, and the associated opportunity costs show no signs of decreasing.