Traditional Identity Systems

Identity management systems are an integral part of modern business operations, giving involved parties the ability to possess, issue or verify the identification of themselves, users or customers. In most applications, identity verification is needed to authorize permissions or access to something being held by some entity—think of a banking app asking for a log-in before providing a user with account information. Historically, traditional identity systems have been used as a vital conduit for consumer interactions in banking, healthcare, administration, information technology, education, and a bevy of other industries. 

There are key roles necessary for an identity system to run properly, and involved parties can fill more than one of these roles depending on the specifics of the implemented system. In a given system, there is:

• The person who is required to prove their identity (the credential holder)

• The organization that created the credential that can establish identity (the credential issuer)

• The organization that validates identity through a credential (the credential verifier).

Using these roles, identification can be issued in a physical form, such as with passports, or in a digital form, like a web page log-in. While these two iterations have existed as the status quo, there is a growing movement of blockchain-based identification systems, which forgoes a lot of the risks and headaches that pervade the other two forms. 

There are two main ways in which an identity system can operate –a siloed model or a federated model. Siloed models combine the roles of the issuer and verifier, and are typically utilized in situations where an entity needs to verify identification to allow the credential holder some sort of access. This is similar to “signing in” at a gym, or using a library card. This can be useful when an entity wishes to have more control over their data or the methods of identification, typically in scenarios where an entity is giving individuals access to something it owns or holds. Siloed models traditionally have two distinct parties in a given interaction, the holder (i.e., the individual), and the issuer (i.e., the entity), with the knowledge that the issuer also has control over identity verification, and this role is not some third party. Federated models, on the other hand, keep the roles of issuer and verifier distinct, meaning there are (at least) three parties involved at any given time. Federated identification models are similar to checking IDs at a bar, or verifying college diplomas for a job application. In both scenarios, the holder (the individual) has a form of identification, which is issued by a secondary body (i.e., the state, an institution), and is then verified by a third entity (i.e., a bouncer, HR), typically in some sort of interaction between holder and verifier. 

Deficiencies in Centralized Identification 

Integrating blockchain technology with identity systems forgoes the security and privacy risks that permeate traditional methods of identification-- paper and digital IDs both face non-negligent security risks. For instance, it is easy for someone to steal or lose a birth certificate or driver’s license; in terms of digital identification, it is easier to hack a centralized database with identification information when it is located on one server. With traditional siloed models, the entity stores their necessary credentialing data, and with traditional federated models they are stored by a third party-- both of which leaves personal and private data prone to leaks, hacks, and potential data loss. This is especially a concern with sensitive information, such as medical or financial records. 

Role of Blockchain in Decentralizing Identity Systems

Both the siloed and federated models can utilize blockchain technology by putting credential and identification data on a decentralized ledger that is securely available to relevant participants, impossible to change, and near-instant to verify. There have been a number of initiatives to decentralize identity systems in order to increase security and verifiability, with the added bonus of removing the choke points that exist in traditional systems (things such as server outages, lost paperwork, or identity theft puts the onerous on a single entity). Decentralized identity systems can also widen access to more people who have historically been neglected in traditional identity systems. For instance, in Ghana, the blockchain start-up BenBen has implemented a digital registry to determine the legal ownership of land titles. BenBen is working with property owners, banks, and state institutions to certify who owns what and where; this eased many inefficiencies from the previous system, as the average time to receive to confirm land entitlement was one year. This has been reduced to less than 3 months with BenBen’s efforts. 

A decentralized identity system can also empower credential holders to own their private data. Attitudes around data have been shifting in recent years, and legislation (e.g. GDPR) has gained traction in places that aim to keep up with the evolving perception of consumer data, privacy, and ownership. A decentralized identity system would give the credential holder the flexibility to share information as they please in a secure manner.