By Travis Spencer CEO of Curity

There’s been significant hype around the concept of the decentralized web with technologies like blockchain and cryptocurrencies making up Web3 and taking center stage in the discussion of our digital future. Whilst it’s been difficult sometimes to escape the hype and buzz around these technologies, little has been offered in terms of substance. The ‘crypto-winter’ of 2022 did dampen a lot of noise about these technologies, particularly where crypto is concerned. 

However, we are now beginning to see how the decentralized web concepts are enabling important steps forward that support the case for decentralized identity. This is a new paradigm shift that puts users in control of their identity data. 

What is decentralized identity? 

Decentralized identity is an emerging concept based on nascent technology that enables users to have greater control over data and digital identity. However, whilst still in its early stages of development, we’re seeing global corporations, and some government institutions, begin to explore this new area of innovation in identity management. Microsoft launched its own decentralized identity solution in 2022 and JP Morgan has publicly talked about their investment in applications for decentralized identity management

Additionally with Decentralised Identifiers (DIDs) and Verifiable Credentials (VCs) now officially recognized standards by the World Wide Web Consortium (W3C), we can expect further development and progress towards decentralized identity management. 

What are Decentralised Identifiers and Verifiable Credentials? 

 The two key design goals of DIDs are privacy and decentralization. They enable organizations or individuals to generate their own identifiers and verify their identity without involving external authorities providing them greater control over their data and digital identities. 

DIDs, therefore, lend themselves well to VCs. VCs have many similarities with physical credentials such as passports or identity cards.  Credentials in this digital form are tamper evident and verified cryptographically. This makes them not only far more secure than their physical counterparts but also more efficient, as they can be transmitted rapidly, making them more convenient when trying to establish trust at a distance. 

The subject of a VC would be commonly identified via a DID. Compared to DID documents and publicly available certificates, VCs are personal and securely stored by the credential holder in a digital wallet for example… By keeping VCs private, the holder can control the timing and context of when to share a credential, and it can do so without requiring another authority.  

Preparing for this new future

DIDs and VCs are exciting developments for digital identity, providing important building blocks for decentralized identity management systems and strong authentication. For organizations, it’s vital that they are not left behind by this new paradigm shift. Time is of the essence, and organizations need to be looking to start piloting this technology in 2023. Those organizations that are nimble in their approach and adapt fastest will be best placed to succeed. 

However, it’s important to understand that DIDs and VCs are not silver bullets for solving all problems. This transition to decentralized identity management systems will require significant harmonization and interoperability between organizations and industries globally. Some of this will be achieved by emerging standards and enhancing the existing ones.  Moreover, a firm understanding of these new features is key, and avoiding some of the pitfalls will be important. For example, one common myth is that DIDs require blockchain. Neither the DID standard nor technology requires using blockchains or distributed ledgers. Other examples of verifiable data registries are decentralized file systems, databases, or peer-to-peer networks.

Communicating these changes to users will be crucial in encouraging adoption and realizing the full potential of decentralized identity. Whilst we have mentioned the steep rise and sudden fall of Web3 technologies, they did reveal important consumer behaviors. Specifically heightened awareness of their own data privacy and the desire for greater control over personal data. Clearly communicating the reduced exposure of such data to compromise or theft that can be prevented by these new applications and technologies will be crucial to future adoption. 

We are seeing the development of new features that have the potential to revolutionize how organizations handle digital identity. As this innovation continues to occur at an ever-increasing rate, organizations face no other choice but to prepare themselves for this new brave world.