Innovate Identity were delighted to be part of The Paypers Web Fraud Prevention, Identity Verification & Authentication Guide 2018/2019. You can read the full copy here 

A vanguard of a bright new digital identity world, or an over-hyped innovation?

The digital identity industry worldwide has been subjected to a series of over-hyped innovations – new technology and new approaches that each promise to be the vanguard of a bright new digital identity world, but seldom deliver on the hype. This leaves senior decision makers unsure what to believe, and whether substance lies beneath the perennial excitement of innovation.

The latest approaches to emerge have been the concepts ofself-sovereign identity (where you control your personal identity data locally, often on a device and with a personal key of some kind) and shared ledger technologies (where a common digital ledger of transactions and data is updated across all the scheme users). Both individually, and applied collectively, they have generated huge conversation and excitement.

But what evidence suggests that these approaches may succeed, when so many others have fallen by the wayside?

The moment feels right for self-sovereign

Self-sovereign feels like an approach that is emerging at the right time. Whether born by the new move towards providing people with better control over their personal data or merely in alignment by chance, self-sovereign feels very ‘of the moment’.

When the hype is carefully peeled back, the natural alignment between a self-sovereign approach and the recent direction of data protection regulation is laid clear, with both providing for

individuals to have greater control over how and when their per- sonal data is used. Self-sovereign is a child of its time, and as such its relevance can’t be easily ignored.

Shared ledger technology can unlock the potential of self-sovereign

Self-sovereign, as a concept, is blind to technology. However, the synergy between shared ledger approaches and the self-sovereign ethos is readily apparent. Neither self-sovereign nor shared ledgers are dependent on each other; other forms of personal attribute storage and transmission are available.

However, the ability of self-sovereign and shared ledger combined to maintain a common, trusted record of attributes and events, putting users in direct control of their personal identity data, and simultaneously removing the need for large central entities to provide the attribute exchange is a potent and perhaps unique combination.

Self-sovereign and shared ledger are fast emerging as credible ways to assist those suffering identity challenges

The lack of a means to demonstrate one’s identity, to assert who you are at crucial times, is a major issue around the world for a billion people or more. The UN Sustainable Development Goals seek to ensure a legal identity is available to all by 2030;digital identity is one (perhaps significant) means to achieve that goal.

Providing every individual with a way to demonstrate their identity would be a big step forward. In particular, the shared ledger approach, where individuals can ‘build’ a trusted identity over time, even in the absence of traditional identity credentials, is a potentially very positive development.

Overall, the positives may outweigh the negatives,but significant barriers to adoption still remain

✓  Self-sovereign and shared ledger approaches could be used across a wide range of relying parties and for a huge variety of uses, given the right regulation and commercial models.

✓  Self-sovereign has great potential to reduce the growing regulatory burden, recently created by the consent regimes of GDPR and other personal data regulation.

✓  The use of shared ledgers can build a unique identity even for those with no access to more traditional and formal means of identifying themselves.

X The current deployments often lack interoperability. This reflects the lack of commonly accepted standards and serves to fragment the market.

X A lack of regulatory certainty creates market uncertainty and a barrier to adoption, particularly for highly regulated industries such as financial services.

X Digital identity schemes need both attribute providers and relying parties within their trust framework, with banks often playing a part in both roles. Self-sovereign schemes do not start with a ‘ready-made’ roster of relying parties – and without a sufficient level of utility for the end user, digital identity schemes of any design are doomed to failure.

? An unanswered question at this stage is whether a significant number of individuals actually want (or even have the capacity) to manage their personal data themselves. The future of self- sovereign identity solutions depends on the appetite and adoption of users.

What next?

It is too early to reasonably predict the future success or otherwise of the self-sovereign approach. However, the principles it places at the heart of the approach – recording consent and what trans- actions take place, enabling the individual’s control over their personal data, empowering the individual to call forth their own identity attributes – accurately reflect digital identity challenges today.

However, as with shared ledger, there needs to be further explo- ration and test deployments. Regulators, in particular, need to demonstrate their understanding and create a path for innova-tion to flow to the market. Industry ‘sandboxes’, such as thatintroduced by the UK Financial Conduct Authority, are a positive development, somewhat de-risking the testing of new solutions. They also allow regulators to consider new approaches in practice, how they might be appropriately regulated, and the potential need for new industry standards.

While in practice neither self-sovereign nor shared ledgers provide a general panacea for identity, both approaches have hugely exciting potential, particularly when combined. But, ultimately, only the identity market will decide if they will achieve the widespread adoption needed to deliver on their undoubted promise.