What are Decentralized Identities and why do we need them? Alina Khayretdinova, Senior Researcher at the Identity Management Team, Institute of Human Factors and Technology Management IAT of the University of Stuttgart, describes the path to user-friendly decentralized identity solutions in the DECIDE project.
“Imagine the following: you move to another country and need to establish your identity according to the local system – in other words, you need to get local driver’s license, open a bank account, receive a social security number, a medical insurance card, a student card, etc. To carry out each of these tasks, you need to register individually at every institution that offers these services, providing over and over the same kind of information in order to prove your identity. It goes further: when you need to access these services, you need to verify your identity again, be it by password, by card or other means.
“Our team at the Identity Management division of the University of Stuttgart (Germany), is addressing the idea of a universally recognized identity that can simplify the above mentioned process and far beyond from various angles. A Decentralized Identity is one of the latest approaches here: you have to verify your identity once to a third company and the related credentials will be stored in your digital wallet for your future use.
“Decentralized identities are a novel and promising solution to Identity Management (IdM) built on the Blockchain technology and are a Privacy Enhancing Technology (PET). Using the distributed ledger technology as the basis for decentralized identity means that there should be no central third party in control of the identity data. Self-Sovereign Identity (SSI) that could be seen as a sub-type of decentralized identity aims to put the user in complete control of the digital analogue of your identity.
Privacy-friendly or user-friendly?
“Numerous companies and projects (Microsoft, Sovrin, Jolocom, W3C Community Group for Decentralized Identifiers, etc.), whether big or small, are currently working to make this approach a product for trustworthy and privacy-friendly identification in digital interactions. Their technical architecture and proofs of concept show that it is possible to realize such Blockchain-based IdM solutions. This promises to lead the way for a new area of privacy enhancing technologies, which would bring us to a trustworthy and secure Internet.
“However, experience shows that although privacy enhancing technologies could be a major building block for ensuring privacy on the Internet and they have a high technical functionality and security, user adoption and diffusion of such solutions are not as high as one could wish.
“Most users are lacking an intrinsic motivation to deal with such security and privacy enhancing technologies, as they only seem to hinder them in achieving a specific goal by using a service: buy new shoes, connect with friends, find the best Ramen restaurant in town, etc. To carry out such tasks, most services require a user to share some personal data or to log in. This leads to a high amount of identities on the Internet for just one user. Therefore, logging in via Facebook (or similar platforms) to access online services more easily without having to re-register is a common practice where the perceived benefits outweigh the perceived risks.
“Digital wallets using DIDs promise an easy way to have a privacy protecting solution for users to manage their identities. However, if such an alternative solution is hard to understand, requires too many steps to be activated or provides few perceived benefits, the user will not adopt it. This is one of the major challenges that decentralized identities and other privacy enhancing technologies are facing today.
DECIDE – DECentralized IDEntity and User Experience
“The Open Call of NGI-Trust gave us an opportunity to challenge this issue and work towards decentralized identity solutions that are both privacy- and user-friendly by launching the project DECIDE – DECentralized IDEntity and User Experience. In DECIDE, we want to evaluate the usability and user experience of existing DID solutions based on the Blockchain technology.
“As the first step of this evaluation, we are conducting user tests of decentralized identity wallets that are currently in development to find out their practical applicability for end users and service providers. The second step of the process will be a prototype-based study: the project will develop a user-friendly prototype of a decentralized identity wallet that will be evaluated through a user study in order to validate the findings of the first phase. Moreover, we will conduct interviews with developers of the existing DID solutions and service providers to see the requirements and limitations of nowadays technologies.
“Based on the findings of the user studies and interviews, DECIDE will evaluate how decentralized identity solutions can master the standard processes of the identity management lifecycle, deal with standard issues such as lost and stolen credentials and establish the required trust levels. As a result, the project will issue design recommendations for the developers of decentralized identity solutions to help make decentralized identity technologies valuable both for end users and service providers in their business processes.
What will DECIDE bring to the decentralized identity community?
“The unique contribution of DECIDE into the decentralized identity community is the involvement of all relevant stakeholders of the multi-sided PET market. Especially regarding IdM solutions such as decentralized identities, we cannot solely focus the analysis on the end users, as they are not the only stakeholders that need to adopt the technology. This means that we have to consider the service providers’ requirements as well. They have to implement and operate the system, which induces significant investments in terms of money and other resources; therefore, they will only be willing to implement a specific IdM system if these investments are either very low and/or are likely to pay off. decentralized identity solutions must therefore fulfill the service providers’ business needs, e.g. regarding trusted interactions, and be compatible to their processes.
“We believe that project results will help the actual diffusion of privacy enhancing technologies in the context of identity management that enable trusted interactions in the digital sphere. In DECIDE, we aim to gain a better understanding of users’ mental models and service providers’ requirements and work towards the actual integration of outcomes in the existing and future decentralized identity solutions.
“This project receives funding and support from the Next Generation Internet initiative and was selected by the open call for proposals from the Partnership for innovative technological solutions to ensure privacy and enhance trust for the human-centric Internet – NGI TRUST.”
To know more about project DECIDE, contact Alina at: alina.khayretdinova@iat.uni-stuttgart.de
For more information on NGI Trust grants, visit: https://wiki.geant.org/display/NGITrust/Funded+Projects