“It is fair to say that today’s Internet, absent a native identity layer, is based on a patchwork of identity one-offs.”
– Kim Cameron, former Architect of Identity at Microsoft
The right to identity is a fundamental human right that exists from the moment we are born and lasts for life. This right is recognized in international law through various conventions and declarations such as the following:
Convention on the Rights of the Child (Article 8): “Children have the right to an identity – an official record of who they are. Governments should respect children’s right to a name, a nationality and family ties.”
Universal Declaration of Human Rights (Article 6): “Everyone shall have the right to recognition everywhere as a person before the law.”
These human rights instruments are describing what is called legal identity. The Inter-American Development Bank (IDB) defines legal identity as “legal civil status obtained through birth registration and civil identification that recognizes the individual as a subject of law and protection of the state”. Simply put, legal identity is the status of bearing rights and duties. People obtain these rights and duties, which form legal personhood, through specific acts carried out by the state.
At the most basic level, legal identity consists of a person’s first name, surname, birth date, biological sex, and nationality. These attributes, which are usually recorded in documents such as birth certificates, enable people to hold rights and duties specific to their status (for example, child, handicapped, and refugee). Every person has the right to the following identifiers from birth:
Name and surname: Parents must declare the name, surname, and birth date of their newborn child to authorities. When the state records this birth, the child’s legal status is formalized and filiations (legal relationship between parent and child) are established
Nationality: Children obtain nationality by blood (jus sanguinis) and/or by birth (jus soli). Most people hold the nationality of their parents. In some cases, people obtain the nationality of the territory they are born in, even if their parents hold a different nationality.
The Key Concepts
The main idea behind legal identity appears to be the realization of rights. However, this depends on the ability of verifying parties to determine a person’s status which, in turn, is dependent on evidence. Determining the rights that someone is entitled to and demonstrating personhood involve the following concepts.
Claim: Assertion made by the person, such as personally identifiable information and facts about one’s capability or group membership (for example, “My name is Bruce Wayne and I am a citizen of the USA.”)
Proof: Document that provides evidence for the claim (for example, birth certificate and utility bill)
Attestation: Statement from a third party that validates the claim (for example, a university may attest to the fact that an individual earned a degree from that institution).
This is why the notion of legal identity as requiring some form of documentation is important. Documents provide official records of a person’s existence and make that person legally visible. Moreover, they enable individuals to integrate into society and gain access to the following:
Essential social services: Health care, education, welfare, and other social services that enable economic empowerment.
Judicial protection: Injury that is inflicted on a person who possesses legal identification could constitute a crime. If accused of criminal behavior, that person would be subjected to criminal law and treated in accordance with the rights of the suspect.
Conversely, people without legal identification are essentially not protected by thelaw. This might limit their access to government services and prevent them from enjoying other rights. For refugees, this might disqualify them from registering as internally displaced persons (IDPs), which is required for accessing humanitarian assistance. In some jurisdictions, individuals can also be apprehended, fined, and imprisoned for failing to show identification documents.
Given its nature, legal identity does not easily translate into cyberspace. This is unfortunate because digital identities are now part of everyday life. People constantly access Internet-based services that perform user authentication. Non-human entities such as companies and devices, particularly those involved in exchanging sensitive data and monetary value, also require digital identities to match data with the stated sources and destinations.
What is a digital identity? According to the Inter-American Development Bank (IDB) a digital identity is a set of attributes that distinguishes an entity from others in a computer-based environment. Entities can be people, organizations, systems, and devices. Digital identities are subsets of an entity’s overall identity and are usually created for specific purposes, such as using an application or interacting with another entity. In other words, each entity has only one identity but can have multiple digital identities.
At present, digital identities are difficult to manage primarily because the Internet does not have a built-in mechanism for identifying connected users (individuals and groups). Some organizations attempted to add standardized identity services but very few were successful. As a result, most Internet-based service providers still create workarounds that involve local accounts with site-specific access credentials. Kim Cameron, former Architect of Identity at Microsoft, stated it best: “It is fair to say that today’s Internet, absent a native identity layer, is based on a patchwork of identity one-offs.”
Current Identity Management
Existing approaches to digital identity management involve central repositories. Most online identities are created by large service providers such as Google and Facebook. Because these companies own the repositories, they exercise a large amount of control over the stored identities and the data that was used to create them. This model causes major problems for users such as data monopolies, security vulnerabilities (centralized hacks), and jurisdictional politics.
Because of these issues, using distributed ledger technology (DLT) has become a trend in the digital identity space. Many believe that this decentralization can make self-sovereign identities a reality.
The concept of self-sovereign identity revolves around enabling entities to create, store, and manage their own digital identities. With the help of cryptographic tools, identity creation and authentication can occur regardless of location and other traditionally limiting factors.
Some might find the concept difficult to grasp but it actually is quite similar to how people currently manage legal identity. We keep their birth certificates, passports, and other legal documents at home instead of in third-party repositories. When necessary, we share specific data or copies of documents with verifying entities.
To understand the concept better, we can refer to the 10 Principles that Christopher Allen outlined in his 2016 article “The Path to Self-Sovereignty.”
Existence “Users must have an independent existence.”
Digital identities provide access only to specific attributes of an entity. The overall identity can never wholly exist in digital form.
Control “Users must control their identities.”
Control means the ability to refer to, update, and hide data.
Access “Users must have access to their own data.”
Systems must enable easy data retrieval and prohibit entities from acting as gatekeepers.
Transparency “Systems and algorithms must be transparent.”
Anyone must be able to examine how the technology functions.
Persistence “Identities must be long-lived.”
Entities must be able to decide how long their identities should exist.
Portability “Information and services about identity must be transportable.”
No single third-party entity must store and manage data.
Interoperability “Identities should be as widely usable as possible.”
Data must be constantly available and capable of crossing political borders.
Consent “Users must agree to the use of their identity.”
Data must be shared only when the owner provides consent.
Minimalization “Disclosure of claims must be minimized.”
Systems and entities must disclose the minimum amount of data necessary to accomplish tasks.
Protection “The rights of users must be protected.”
The algorithms used to authenticate identities must be independent, censorship-resistant, force-resilient, and run in a decentralized manner.
Identity at Unitychain
At Unitychain.io we are implementing the standards outlined by the Decentralized Identity Foundation (DIF) to enable Decentralized Identity (DID) management on our platform. Implementing the DIF standards will enable DIDs registered and created on our platform to be interoperable with other platforms and applications. This will also be a necessary step in order to provide cross-chain interoperability.
Furthermore, DID will be used in our system as a sybil prevention mechanism to keep the network secure, to enable democratic network upgrades, and for on-chain governance. One Individual. One Node. One Vote.
Stay tuned for our next article about the mechanics behind Decentralized Identity.