Pioneers Create Infrastructure for Self-Sovereign Identity Online - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

09:00 AM
Connect Directly

Pioneers Create Infrastructure for Self-Sovereign Identity Online

Several organizations are assembling the technologies to enable self-sovereign identity, a way for individuals to control who they are online. Blockchain is one of those essential components.

The General Data Protection Regulation (GDPR) and Facebook's data privacy leaks have focused greater attention on the issues around the data privacy of consumers. These headlines come at a time when plenty of organizations are collecting your data, and there is not a single set of rules about how that data must be handled. Do you own your own personal data about yourself? Can you even control it or know what's out there?

Internet identity is a related topic. Who are you on the Internet? Are you your Tinder profile? Your banking profile? Your educational certifications and credentials? Your profile as a citizen, as documented in your driver's license, voter registration, and other state records? You are all those people. And you probably don't want those profiles to be intermingled.

Kaliya Young, Identity Woman

Kaliya Young, Identity Woman

Besides the question of managing your many online identities, there's another big question -- who owns and controls them?

The rules and the infrastructure of Internet identity are being crafted now. There's a movement underway to give individuals control over their own data rather than cede control to credential-issuing authorities such as employers, governments, and social media network providers. It's still in the early stages, and there are a lot of moving parts, and a lot of organizations working on it.

But now is the time to pay attention, according to Kaliya Young, also known as "Identity Woman," who offered her perspective on the movement during the session, Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure Using Blockchain, at Interop ITX this month.

Young pointed out that the early development of the physical infrastructure of roads and railroads have had a lasting impact on transportation infrastructure, as early routes became established routes. Standards and protocols are essential components of these infrastructures. For instance, she said, it was complicated and difficult for the railroads to keep accurate train schedules at the beginning of their operations when each local jurisdiction set its own local time. There was no Eastern Standard Time or Pacific Standard Time. There were local times in each city, and they may have differed by 12 minutes here, or 23 minutes there. Creating standard time zones in 1883 improved the infrastructure of the railroads.

Today, it's all aboard to craft the infrastructure for identity.

Now, people have pieces of their identity stored in many different apps online, and those pieces of your identity are overseen by the apps that host them, from banking to social media to professional sites. All these online venues store different aspects of your identity, and you don't necessarily want to share your banking identity with Tinder. In addition to these, your identity is associated with the credentials you hold -- for instance a driver's license issued by your state government, or your diploma issued by your higher education institution. Not every institution needs all this information about you. But the ideal scenario is for you to have an easy, secure, verifiable way to communicate only the relevant pieces of your identity and credentials to specific entities, such as your bank, your prospective employer, or your government. This kind of approach is called self-sovereign identity.

Young has been part of the movement working on self-sovereign identity for several years, and there are a number of technical components to creating a system to enable this. Indeed, she said that self-sovereign identity is now possible because these technologies are now available, including smart phones, cloud computing, public key infrastructure (KPI), shared ledger technologies (also called distributed ledgers or Blockchains), open standards for decentralized identifiers (DIDs), PairWise or directed identifiers, and open standards for verified claims.

Young said that self-sovereign identity systems are still under development, but there are currently working wallets in labs. Here's how it works. A person gets an app on their smart phone called an edge wallet and sets up a relationship with a service provider to support their cloud wallet. (The cloud wallet provider can be changed at each person's discretion, as needed.) Using these tools you generate a decentralized identifier or DID -- a really, really long number -- which gets published to a Blockchain. Each person proves that they own their long number with a public key attached to it. The wallet itself contains a private key that proves the person is the owner of the public key. Then all the identity information -- your bank account information, your college diploma, your Cisco certification, your driver's license -- is stored in your cloud agent.

Young said that you can ensure a separation of all your different online identities by maintaining different DIDs for each one. Each DID is stored in your wallet.

The Internet Identity Workshop has been working on identity issues, meeting twice a year since 2005 at the Computer History Museum in Mountain View, California. The next meeting is in October 2018. Young also pointed to this W3C work on decentralized identifier (DID) methods, and several other places to go for DID information and efforts. Another organization at work on the issues around online identity is the Decentralized Identity Foundation, whose members include RSA, Accenture, IBM, and Microsoft.

You can't really go out and set this up now for yourself or your organization. But the work is underway to create the infrastructure for it and put the pieces together to create the system to realize the vision -- "a world where people and organizations own and control their identifiers and their identity data."

Jessica Davis is a Senior Editor at InformationWeek. She covers enterprise IT leadership, careers, artificial intelligence, data and analytics, and enterprise software. She has spent a career covering the intersection of business and technology. Follow her on twitter: ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
CIOs Face Decisions on Remote Work for Post-Pandemic Future
Joao-Pierre S. Ruth, Senior Writer,  2/19/2021
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
CRM Trends 2021: How the Pandemic Altered Customer Behavior Forever
Jessica Davis, Senior Editor, Enterprise Apps,  2/18/2021
White Papers
Register for InformationWeek Newsletters
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll