Pioneers Create Infrastructure for Self-Sovereign Identity Online - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

09:00 AM
Connect Directly

Pioneers Create Infrastructure for Self-Sovereign Identity Online

Several organizations are assembling the technologies to enable self-sovereign identity, a way for individuals to control who they are online. Blockchain is one of those essential components.

The General Data Protection Regulation (GDPR) and Facebook's data privacy leaks have focused greater attention on the issues around the data privacy of consumers. These headlines come at a time when plenty of organizations are collecting your data, and there is not a single set of rules about how that data must be handled. Do you own your own personal data about yourself? Can you even control it or know what's out there?

Internet identity is a related topic. Who are you on the Internet? Are you your Tinder profile? Your banking profile? Your educational certifications and credentials? Your profile as a citizen, as documented in your driver's license, voter registration, and other state records? You are all those people. And you probably don't want those profiles to be intermingled.

Kaliya Young, Identity Woman

Kaliya Young, Identity Woman

Besides the question of managing your many online identities, there's another big question -- who owns and controls them?

The rules and the infrastructure of Internet identity are being crafted now. There's a movement underway to give individuals control over their own data rather than cede control to credential-issuing authorities such as employers, governments, and social media network providers. It's still in the early stages, and there are a lot of moving parts, and a lot of organizations working on it.

But now is the time to pay attention, according to Kaliya Young, also known as "Identity Woman," who offered her perspective on the movement during the session, Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure Using Blockchain, at Interop ITX this month.

Young pointed out that the early development of the physical infrastructure of roads and railroads have had a lasting impact on transportation infrastructure, as early routes became established routes. Standards and protocols are essential components of these infrastructures. For instance, she said, it was complicated and difficult for the railroads to keep accurate train schedules at the beginning of their operations when each local jurisdiction set its own local time. There was no Eastern Standard Time or Pacific Standard Time. There were local times in each city, and they may have differed by 12 minutes here, or 23 minutes there. Creating standard time zones in 1883 improved the infrastructure of the railroads.

Today, it's all aboard to craft the infrastructure for identity.

Now, people have pieces of their identity stored in many different apps online, and those pieces of your identity are overseen by the apps that host them, from banking to social media to professional sites. All these online venues store different aspects of your identity, and you don't necessarily want to share your banking identity with Tinder. In addition to these, your identity is associated with the credentials you hold -- for instance a driver's license issued by your state government, or your diploma issued by your higher education institution. Not every institution needs all this information about you. But the ideal scenario is for you to have an easy, secure, verifiable way to communicate only the relevant pieces of your identity and credentials to specific entities, such as your bank, your prospective employer, or your government. This kind of approach is called self-sovereign identity.

Young has been part of the movement working on self-sovereign identity for several years, and there are a number of technical components to creating a system to enable this. Indeed, she said that self-sovereign identity is now possible because these technologies are now available, including smart phones, cloud computing, public key infrastructure (KPI), shared ledger technologies (also called distributed ledgers or Blockchains), open standards for decentralized identifiers (DIDs), PairWise or directed identifiers, and open standards for verified claims.

Young said that self-sovereign identity systems are still under development, but there are currently working wallets in labs. Here's how it works. A person gets an app on their smart phone called an edge wallet and sets up a relationship with a service provider to support their cloud wallet. (The cloud wallet provider can be changed at each person's discretion, as needed.) Using these tools you generate a decentralized identifier or DID -- a really, really long number -- which gets published to a Blockchain. Each person proves that they own their long number with a public key attached to it. The wallet itself contains a private key that proves the person is the owner of the public key. Then all the identity information -- your bank account information, your college diploma, your Cisco certification, your driver's license -- is stored in your cloud agent.

Young said that you can ensure a separation of all your different online identities by maintaining different DIDs for each one. Each DID is stored in your wallet.

The Internet Identity Workshop has been working on identity issues, meeting twice a year since 2005 at the Computer History Museum in Mountain View, California. The next meeting is in October 2018. Young also pointed to this W3C work on decentralized identifier (DID) methods, and several other places to go for DID information and efforts. Another organization at work on the issues around online identity is the Decentralized Identity Foundation, whose members include RSA, Accenture, IBM, and Microsoft.

You can't really go out and set this up now for yourself or your organization. But the work is underway to create the infrastructure for it and put the pieces together to create the system to realize the vision -- "a world where people and organizations own and control their identifiers and their identity data."

Jessica Davis is a Senior Editor at InformationWeek. She covers enterprise IT leadership, careers, artificial intelligence, data and analytics, and enterprise software. She has spent a career covering the intersection of business and technology. Follow her on twitter: ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Pandemic Responses Make Room for More Data Opportunities
Jessica Davis, Senior Editor, Enterprise Apps,  5/4/2021
10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
Transformation, Disruption, and Gender Diversity in Tech
Joao-Pierre S. Ruth, Senior Writer,  5/6/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll