Quick Take on Decentralized Identity and the Importance.

This is a Quick Take on decentralized identity (DID), and which features and capabilities the identity solutions in today’s world should have in place. This Quick Take is a segment of Dragonchain’s weekly Super Happy Dragon Lucky livestream on YouTube with our Founder & Architect Joe Roets.


The first part of our decentralized identity that's pretty obvious is the privacy capabilities. And if we look at that, it mostly means the CCPA and GDPR regulations that businesses are required to follow in certain areas, if they are holding user data. Any decentralized identity system has a couple of key features that contribute to that capability. But the interesting thing about it is, why would a business care to use decentralized identity? There's complexity, it's a different way of doing business. Very important is the liability that you have if you're holding sensitive data, particularly if you're holding a lot of user data because you end up creating a honeypot for anybody that would want to use that data. Or to steal that data, even if it's just to embarrass you, you're vulnerable to that. You have to be extremely wary and you have to make sure that your engineers are keeping everything patched and doing all the best practices. You still might lose because somebody from the inside can attack. There are a lot of different angles. Decentralized identity helps you to protect the identity of customers and your employees. Because those identity components, the data itself, by and large, is not going to be stored on your servers, it's going to be stored by the customers themselves. Decentralized to the customer. That's really important for a business as well as a personal user.

Atomic and Granular Factors

In short, this means that all of the pieces of your identity can be separated. That is your first name, your last name, your actual physical address, Social Security Number (SSN), any other identifying number that your country assigns to you, and your date of birth. These things can be separated and provided individually with a level of proof to someone you're wanting to do business with, like a website. Or theoretically in the end to your bank or to your other service providers. The fact that I don't have to give them my entire passport or my entire driver's license is really powerful because I can self limit things. Is it worth giving this company, my Social Security number, just to do business with them? No, I don't want to give that to somebody on some random website. Beyond that would be those same Factors but as derived data.

Derived Factors

We call them derived Factors that it would not be my birth date, but that I am over 18 years of age or that I am over twenty-one. Or if I'm renting a car and I'm a male, that I am over twenty-four years of age. It could be any of those. Or if I'm wanting a discount that I am over sixty-five. Things like that. It's really interesting. It can be stuff like voter eligibility that we determine that if you're in the US and you're over 18, you are a resident of a certain district, and so on. That's an eligible voter. It could be the county you're in, even though that's not on your driver's license. The city, state, or the county can be derived. Astrological signs even. It can be OK if your birth date is this year. So therefore you are whatever you are. And some of those are really important because you can expose what is necessary legally to that entity without exposing the source data. I don't have to give you my actual birthday. You only need to know that I'm over 18. That's all you care about.

Reuse and Monetize Pieces of Information

The next piece that is very interesting is once these Factors are in place, that we have the ability to reuse them. Think about it, first of all, it's particularly convenient for the user because they've already done this verification. They've already gone through and taken a selfie or whatever else is required, like taking a picture of your passport. You don't want to do that very often because the more often you do it, the more likely somebody is going to capture it. It's also interesting because a business that is adopting decentralized identity can see, OK, I don't have to get a passport or document verification on every single user, even though they might have done this for some other company in the past. Almost everyone certainly has done that in crypto as an example, but a lot of other systems as well. That cost is much, much lower because we don't have to go to the third party to get the verification. The verified data is already there from a source that you trust as a third party. On top of that, the fees that are collected, even though they are lower than if it was brand new, original verification, those fees can go in part to the company, the business that paid for the original verification of that person.

So if you went to Company A and you did a verification, let's say it cost them a certain amount of money and now you go to Company B and they just need the same Factors you already have or some part of them, some subset. You can now give them those Factors. The first company can basically recapture some of what they spent in getting that first verification done. So everybody has incentives to re-use Factors. It is much more convenient for both companies that were involved. There's a definite payoff. Really nice stuff. That's a big part of it.

Identity Providers

Another big part is, if you're very dogmatic and want pure decentralization, then decentralized identity can do some level of that. But most systems will be pretty pragmatic in that you're going to have a third party verifier that makes a business of checking the passport or checking a driver's license. They have all the systems to verify that this is not counterfeit or anything else. On top of the fact they can do various forms of facial recognition to make sure, OK, that's your driver's license. Do you match? Just like if you were in person, that's how you do that. You can have third party providers that do various types of checks.

The public records checks, they do document verification. They do any crazy number of various types of banking regulated verifications all over the world. All of those have to be a part of any decentralized ID framework. The other side of it that a lot of people don't look at what would be self verification. That is, the user can verify things themselves. I can prove to you that this is my email, that this is my Twitter account or any other social. I can prove to you that as far as you're concerned, that my nickname is Joe. There's no real way to verify that but it doesn't matter. We just know that this person declared that they would use this name as a nickname. Very interesting stuff. My favorite color that you could theoretically let them self declare that. The other bit of it is a company that can integrate their own agents as verifiers. That is if I have a hospital or a healthcare organization and I have a bunch of clinics that when someone walks in the door, I can have my people that are at the desk verify that. OK, I actually saw this person's driver's license and I saw they are this person. Those verifications can also be included so that if someone doesn't provide the type of verification you need, you can do it on your own and you're going to trust yourself and your own people to some level. So really good stuff.

Proof of Human

And this is a concept that has a lot of different layers. But it's verifiable and measurable proof that a user is a human, is not a bot, is not impersonating someone else and is the actual person that you think he or she is. This isn't a bot, it really is this Joe and this is THE Joe. It's a really powerful thing. We have a bunch of different angles on doing this. Some of them are based upon document verifications, but some of them are also based on other network components that we're looking to build. So really interesting stuff. That leads heavily into an intuitive recovery system where when you think about decentralized identity we don't want to make it so that only technophiles can adopt this. This is kind of a niche of a niche where you're talking about crypto people, you're talking about blockchain stuff you're talking about, identity and security.

Rocco, the co-host of the show interrupts: ‘Grandma safe, I like that’.

The whole point of this is that it's organic. It's very understandable to normal people. They don't have to understand how it works. They just have to understand how to interact with it and how to use it. That's it. We've made a number of really, really good inroads here. We have some pretty unique technology and software. So that's where we're headed with that.

Reduce The Risk of Data Breach

All of this, for a business when you're talking about adoption, not only do we think it's cheaper to use, but this is probably the biggest thing that's been consistent for the past decade, which is data breaches. Which you have every single large organization has had breaches all the way from the federal government. You had all of the people holding top secret clearances that were compromised. Nation state. You have I can't remember all the companies tried to Target, Nordstrom, all of the banks. I think maybe Hilton. A bunch of really big companies. And the problem is they're holding all that data. If you ask me, a lot of them have been sold since the early 2000s with which you need to integrate with Facebook. You need to get the whole user graph plugged in so that you can leverage that data. That's how we'll give you money. The VCs were pushing that heavily. All of these companies are holding data that's really a liability. They aren't Facebook. They're not advertising to these people. Maybe they're selling the data, which is worse. Hopefully not. I guess a lot of them probably are. One way or another to reduce costs, risks, legal liabilities. In the end, it's better for your customers and better for the business. That's the big, big piece of it.

Smart Devices and Identities

Another key component, which is sometimes easier to understand, sometimes it's harder to understand, is smart devices. The ability to apply identity to any Internet of Things (IoT) smart device, which would be a handheld, mobile. Or a sensor even. The reason that matters is because there are so many of these out there, and they're going to be tied to humans, and some of them aren't going to be tied to humans. But they are going to be given access to things that are particularly sensitive. You're going to need to know that this device really is the device that it says it is. There are a lot of attack vectors there. It's a really big key component of a decentralized ID platform, in my opinion.

Fast API Integration

The other side of it is integration. You really need something your developers and engineers can work with. It's a RESTful API because integration is going to be one of the most important pieces of this. If you need to use the identity to log into a website versus open a door. You're going to have to be able to integrate with traditional systems as well as blockchain systems. One way or another, we're going to be publishing the API soon. But right now everything is RESTful API, integrated and documentation available upon request. We've recently spun off MyFii. Factor will soon be open sourced. In the end MyFii is going to give us the ability to do those real world verifications of any type of identity. That's pretty much anywhere in the world. We'll be rolling out various features really soon. We have a couple of integrations ongoing. Pretty important, pretty powerful systems.