Do you remember John Smith? We met him just a few weeks ago, in this recent tale about the multiple facets of his life. We used this imaginary persona to represent the concept of identity, examining how John’s relationships, hobbies, and everything else in his existence is determined by who he is in every path he walks down.
Identity is a resolutely human concept. Many animal species live in organized societies (elephants live in herds, wolves form packs, lions exist in prides, and so on.) But while each animal instinctively knows what their place within their society is, they have no self-awareness. In other words, they don’t recognize themselves as individuals as humans do.
In the modern world, human identity can be broadly categorized into two categories: Social identity, and digital identity. The former refers to our relationships (siblings, friendships, romantic, etc.), our vocations (the job we do), political affiliation, hobbies, leisure activities, and so on.
Digital identity is also who we are, but in a rather more intangible space: online.
What constitutes digital identity
Let’s throw a widely accepted definition out there. According to Wikipedia, ‘A digital identity is information on an entity used by computer systems to represent an external agent. That agent may be a person, organization, application, or device.’
When we met John, we learned about his hobbies. He likes to fly drones with his son during weekends (John is, in fact, the founding member of his local drone enthusiast club). And we also learned that he plays football online with some of his college buddies. And of course, John has an account with his bank, and a local grocery store, among many others. All these are part of John’s digital self. His digital identity.
Broadly speaking, all the data and information involved in someone’s digital identity can be divided into two categories: Digital attributes and digital activities. Digital attributes include someone’s date of birth, official documentation (passports, driver license, etc.) serial numbers or other identifiers, a person’s medical records, banking details, etc. The second category -digital activities-, includes a person’s posts on social media, for example, purchase history, ‘Likes’ and comments, etc. The combination of these two categories constitutes someone’s digital identity.
The sheer amount of things that we can do online these days generates a lot of data and information, which companies use for various objectives: From package deliveries to targeted marketing and advertising, credentials issuance, etc., much of a person’s life, including personality, interests, political leanings, hobbies, and daily habits can be gleaned from their online presence. This increasing online existence is a double-edged sword. On the one hand, the internet enables a relatively easy and convenient way to do shopping, pay bills, look after our banking, and so on. But there is a darker side to all this.
There’s always someone out there ready and willing to commit identity fraud.
Digital identity in the context of Self-Sovereign Identity (SSI)
Sit back and think for a moment. Cast your mind back a few years, and try to remember how many newsletters, how many forums, how many forms you’ve filled out since you first had access to the internet? How many times have you entered your name, your address, even the name of your first pet, or your hometown? Now think how many times you’ve clicked that ‘Sign with Facebook’ or ‘Sign with Google’ buttons. These buttons are handy, quicker, and attractive in their ease. But so it’s the dark side of the Force, if we trust in galactic folklore. The problem with these buttons is that, once you click on them, you’re dropping a breadcrumb. And when you access whatever site or resource that button acted as the gateway for, you drop another. From that point on, every page you browse and everything you look at becomes another breadcrumb in a trail that leads directly to you. And you can be sure, these companies are watching. And so are the ‘authorized’ or ‘selected’ third partners that they do business with.
And of course, bad actors are always watching, and waiting.
Let’s circle back to John for a moment (he’s proving quite versatile, isn’t he.) John has an eclectic digital life, hasn’t he. Drone clubs, online football games, his banking and shopping activities, and so on. All these facets suggest that John is a motivated and active member of society.
But there’s a catch. Each and every aspect of this online activity requires a set of credentials that enables him to access his hobbies and business accounts. Recent research suggests that an average person has to contend with 70-80 passwords in their lives. That’s dozens of credentials that must be remembered, if they’re to be of any use.
The inherent problem of this multiplicity is compounded by the fact that many, if not all, of these credentials are handled and managed by third parties. This is itself a major drawback as it might lead to wide-scale fraud, as we recounted in a previous article.
So what’s the solution to the identity conundrum?
The answer lies in the concept of Self-sovereign identity (SSI). We have talked about SSI before. We have talked about the benefits of SSI for finance and the enterprise. There’s a wealth of material that you can read and use to learn about what the SSI framework represents. But here we are exploring the relationship between digital identity and SSI.
Take our friend John as an example. He’s keen on diversity in his life, when it comes to leisure activities. And he also has to contend with the usual business of running a home. Shopping, paying bills, that sort of thing. And even though he’s an active and willing participant in all this, there’s a major drawback when it comes to how his digital identity is handled. For you see, he is not really in control of his credentials. Banks, utility companies, the major retailers he regularly shops in. Even the service provider that enables John to access his emails, or log on for a quick online game with his buddies. These centralized entities are the ones that control John’s credentials. He is, in a matter of speaking, just along for the ride.
SSI offers an individual-centric approach to digital identity that enables the person to own (and retain control of) their own credentials. In John’s case, should he avail of SSI, he would be the one who would offer consent and permission to use those identity credentials, not the other way around.
So when it comes to identity, be more like John. Choose SSI.