View Source

BC: Blockchain

As we know , there are other technologies and companies looking for DI solution. Since many of them are popular technologies or huge company with significant investment, we should consider them as risks for our work. At least we have to be aware of what comes new via them to this ecosystem. So a classification is required.

Companies with centralized Identity on the way of decentralization (GAFAM)
1. Google
  1. Cloud identity refers to a set of technologies, protocols, and practices that enable managing and controlling user identities and access to digital resources in cloud-based environments.
    It empowers organizations to securely authenticate, authorize, and manage user access across cloud services and applications. Cloud Identity leverages the power of the cloud to centralize identity management, simplify administration, enhance security, and improve user experience.[1]
  2. Cloud Identity is an Identity as a Service (IDaaS) solution that centrally manages users and groups. You can configure Cloud Identity to federate identities between Google and other identity providers, such as Active Directory and Microsoft Entra ID (formerly Azure AD).[2]
2. Amazon
  - Amazon offers a cloud Identity to manage identity, access controls, and governance of organizations in any size and type. By migration to and modernize on AWS, security and IT teams can adopt modern cloud-native identity solutions and Zero Trust architectures to securely support hybrid workforce productivity, provide builders and customers access experiences with less friction, apply and audit permissions toward least privilege, and help meet stringent compliance mandates.[3] It means Amazon identity is still not distributed.
3. Facebook (Meta)
  - Meta wants to raise the privacy bar higher by de-identifying users while still maintaining a form of authentication to protect users and services. So, it leveraged the anonymous credential, collaboratively designed over the years between industry and academia, to create a core service called Anonymous Credential Service (ACS). ACS is a highly available, multitenant service that allows clients to authenticate in a de-identified manner. It enhances privacy and security while also being compute-conscious. ACS is one the newest additions to the privacy-enhancing technologies (PETs) portfolio and is currently in use across several high-volume use cases at Meta.
    At a high level, anonymous credentials support de-identified authentication by splitting authentication into two phases — token issuance and de-identified authentication. In the token issuance phase, clients contact the server through an authenticated channel to send a token. The server signs and sends it back. Then, in the de-identified authentication (or token redemption) phase, clients use an anonymous channel to submit data and authenticate it utilizing a mutated form of this token rather than a user ID.
    Meta has greatly simplified the nuances in the protocol. The signed token (token issuance phase) and redeemed token (de-identified authentication phase) cannot be linked. This property enables the server to authenticate the client in the second phase without knowing which specific client the token belongs to, thus preserving user privacy.[4]
4. Apple
  1. Apple provides organisations with various identity services to help manage passwords and usernames securely — both across user workplace and in the cloud. Apple uses security measures like authentication, authorization and identity federation, so that individual users can access their favorite apps and other resources without, for example, the additional hardship of setting up usernames and passwords for each one.[5]
  2. Apple uses Keychain App to protect sensitive data and can contain various types of data: passwords (for websites, FTP servers, SSH accounts, network shares, wireless networks, groupware applications, encrypted disk images), private keys, certificates, and secure notes. But pay attention that Keychain is not a blockchain-based App! It means Apple ID is still not distributed.
5. Microsoft
  1. Microsoft has been actively involved in decentralized identity solutions. They have developed technologies like Decentralized Identifiers (DIDs) and verifiable credentials to enable self-sovereign and decentralized identity management. It has contributed to open-source projects like the Decentralized Identity Foundation (DIF) and is working on initiatives such as the Microsoft Authenticator app.
  2. Microsoft Entra Verified ID Service is an issuance and verification service in Azure and a REST API for W3C Verifiable Credentials that are signed with the did:web method. They enable identity owners to generate, present, and verify claims. This forms the basis of trust between users of the systems.
  3. Microsoft Entra ID is a cloud-based identity and access management solution. It is a directory and identity management service that operates in the cloud and offers authentication and authorization services to various Microsoft services such as Microsoft 365, Dynamics 365, and Microsoft Azure.
  4. ION is a Layer 2 open, permissionless network based on the purely deterministic Sidetree protocol, which requires no special tokens, trusted validators, or additional consensus mechanisms; the linear progression of Bitcoin's timechain is all that's required for its operation. ION is designed for scale, supporting thousands of DID operations per second across the network. ION has been launched on Bitcoin main net and is based on a strongly eventually consistent architecture that enables embarrassingly parallel ingest, processing, and resolution of DID operations.(Related BC: Bitcoin)
Competing Technology
1. Ledger Technologies
  1. Blockchain based
    1. IBM: IBM is another company that has shown interest in decentralized identity. They have been involved in standardization efforts and have explored the use of distributed ledger technologies for decentralized identity solutions. It is including IBM Verify Credentials, which allows organizations to issue and verify digital credentials using blockchain technology. (Related BC: Hyperledger Fabric)
    2. Sovrin:
      - Evernym: Evernym company specializes in self-sovereign identity solutions and offers the Sovrin Network, an open-source decentralized identity network built on distributed ledger technology.(Sovrin has three networks for self-sovereign identity. Each network is based on Hyperledger Indy)
    3. Dock
      - Dock's Verifiable Credentials Platform equips IDV companies to transform Verified Identity data into reusable, fraud-resistant, and instantly Verifiable Credentials. Enabling portable Reusable Identity reduces your costs, unlocks lucrative new market opportunities with higher margins, and empowers your clients' transition into the era of government-issued digital identities.
    4. Chainlink
    5. uPort (Serto- Veramo)
      1. Consensys: Consensys company is a blockchain software technology company that offers solutions for decentralized identity, including uPort, a self-sovereign identity platform built on Ethereum.
      2. uPort uses the blockchain as an identity certification authority where a smart contract represents the digital identity of a user while allowing the revocation and replacement of that user’s keys. uPort identities can take many forms: individuals, devices, entities, or institutions. Uport identities are self-sovereign, meaning they are fully owned and controlled by the creator, and don’t rely on centralized third-parties for creation or validation.
      3. uPort project has split into two new projects: Serto and Veramo. Veramo is performant and modular APIs for Verifiable Data and SSI. You can create and manage decentralized identifiers + verifiable credentials without worrying about interop and vendor lock-in. Serto enables people and enterprises to utilize the newest innovations in decentralized technology to make data more portable, private, and valuable.
    6. ION
      - ION is a Layer 2 open, permissionless network based on the purely deterministic Sidetree protocol, which requires no special tokens, trusted validators, or additional consensus mechanisms; the linear progression of Bitcoin's timechain is all that's required for its operation. ION is designed for scale, supporting thousands of DID operations per second across the network. ION has been launched on Bitcoin main net and is based on a strongly eventually consistent architecture that enables embarrassingly parallel ingest, processing, and resolution of DID operations.
    7. BlockID:
      - 1Kosmos is a company that focuses on distributed identity solutions. They aim to provide secure and privacy-preserving identity management using decentralized technologies. BlockID is A distributed identity cloud service that unifies identity verification and password less authentication. 1Kosmos BlockID is a fully standards-based platform for complete user authentication. BlockID takes the strengths of decentralized identities, and adds layers of security, user biometrics, and hardware-backed YubiKey authentication to effectively protect access to systems. It is a certified solution for NIST 800.63.3, UK DIATF, FIDO2, iBeta DEA EPCS, ISO 27001 and SOC II. Compliant to GDPR standards. [6][7]
    8. World Mobile: World Mobile is a commercial company that has already implemented decentralized identifiers (DIDs) in their operations. They utilize DIDs to provide identity solutions in underserved areas.
    9. ShoCard : ShoCard is a blockchain-based identity authentication platform that aims to provide a trusted identity by protecting users’ identity. It uses distributed ledger technology (DLT) to bind a user identifier, existing trusted credentials, and additional identity attributes together with cryptographic hashes to be considered for similar to face-to-face transactions. ShoCard uses Bitcoin time-stamping for signed cryptographic hashes of the user’s identity information.[8]
    10. Non-Benefit:
      1. Decentralized Identity Foundation (DIF): DIF is an organization focused on developing open standards and protocols for decentralized identity. They work on emerging standard specifications and open-source code to drive the development of decentralized identity solutions. Members include Companies like Microsoft, IBM, and Consensys.
      2. DID Alliance: DID Alliance is an open industry association for decentralized identity (DID) services that ensure the credibility of digital identity.
      3. FIDO Alliance
        The FIDO ("Fast IDentity Online") Alliance is an open industry association whose stated mission is to develop and promote authentication standards that "help reduce the world’s over-reliance on passwords". FIDO addresses the lack of interoperability among devices that use strong authentication and reduces the problems users face creating and remembering multiple usernames and passwords.
        FIDO supports a full range of authentication technologies, including biometrics such as fingerprint and iris scanners, voice and facial recognition, as well as existing solutions and communications standards, such as Trusted Platform Modules (TPM), USB security tokens, embedded Secure Elements (eSE), smart cards, and near-field communication (NFC)
        Integration of FIDO2 architecture with blockchain (Paper)
  2. DAG based
    1. IOTA
2. Non-ledger Technologies
  1. YIVI (IRMA)
Marketing
1. Lack of delivering attractive service
2. Lack of advertise the workflow of service.
  - Ineffective Marketing of Extended Identity Services: Despite the technological advancements, our community might struggle to effectively market the benefits and capabilities of the extended identity services to relevant stakeholders. If the benefits and capabilities of the extended identity services are not adequately communicated, other parties may perceive them as less trustworthy or less suitable for their needs. This lack of trust could prevent broader adoption of the services and hinder collaboration between the research and education sector and other sectors, ultimately impeding the overall success of the initiative.
3. Fill a supply/demand gap takes long time
  - Identity programs often need to fill a supply/demand gap in a marketplace, needing to persuade both users and service providers to join their identity ecosystem, rather than use existing or alternative services. This can be true whether the service is centralized, federated, or completely decentralized.
    This means that often, digital identity services take much longer to scale than originally planned. Without sufficiently attractive and useful services onboard, the case for signing up may not be clear to citizens, and without sufficient volumes of verified users, service teams may not see the value in the identity service, and may wait for growth. Without sufficient uptake, for new services, the work required to make services truly self-service based on the trust in the identity, can be harder to justify. [9]
Environmental cost
1. Diesel needed for running a 450W Server per day. => 365 People that do not need to turn up somewhere will justify running the server.
Funding: A particular scarcity risk, due to lack of funding
1. Just users benefit it not issuer
2. Business-Plan definition is not complete
3. Supporting from Government or Institutes for research and development of DI

References:

[1] https://www.loginradius.com/blog/identity/what-is-cloud-identity-and-its-benefits/

[2] https://cloud.google.com/identity/docs/overview

[3] https://aws.amazon.com/identity/

[4] https://engineering.fb.com/2022/03/30/security/de-identified-authentication-at-scale/

[5] https://support.apple.com/en-ie/guide/deployment/depa64848f3a/web

[6] https://www.1kosmos.com/

[7] https://www.yubico.com/works-with-yubikey/catalog/1kosmos-blockid/

[8] Travel Identity of the Future—White Paper; Technical Report; ShoCard: Cupertino, CA, USA, 2016

[9] How to control your biggest risks in digital identity