Five years after the introduction of the eIDAS European regulation on electronic identification and trust services for electronic transactions, let’s take another look at one of the key elements of digital trust: digital identity.
Digital identity: real data
Identity is a set of information which uniquely describes a person or thing, enabling two people or objects to be unambiguously distinguished from one another.
Dictionaries define identity as a set of information differentiating a person from others (date and place of birth, surname, first name, parents, etc.) In the physical world, it is the main information provided on a birth certificate. In industry, products are identified with a unique serial number.
Identification is the action of establishing the identity of someone or something using certain methods such as an ID document for a human being, a serial number stamped onto a plate for an industrial product, or login data (username/password, biometrics, facial recognition, etc.) in the digital world.
Federated digital identity?
Unlike in the physical world, where each individual has a single identity (social security or ID card number), users in the digital world can create several identities to access different digital services. The problem is that to access these services, the user creates a username and password for each account, which adds up to a lot of information to be memorized. The digital world isn’t mature enough to unify each user’s numerous identities. Currently, to access a new digital service, users have to create a new account, and therefore another digital identity.
Solutions for saving usernames and managing passwords have been introduced to make life easier for users. But they are often impractical for everyday use due to the wide variety of devices and associated risks in terms of device theft or loss.
Both cases are after-the-fact responses to the problem of users having numerous digital identities. Over the last three years, global and national identity federation initiatives have been introduced. One example is OpenID Connect technology which has already been adopted by Google, Facebook and Microsoft and used as a basis by France Connect, the French citizen identity federation initiative.
Unique digital identity: what if blockchain were the solution?
However, although identity federation is technically possible, it will be a while before we can create a unique digital identity to be used both to prove a person’s identity as a citizen (public services, banking, insurance, etc.) and for any other digital service. It will involve all stakeholders, on a global scale, agreeing on all the identity components, and having a central authority with the corresponding responsibilities.
In the same way as for identity documents, sovereign states create and guarantee the “regulatory” digital identity of each of their citizens, using their own choice of technology. So could blockchain be the solution for federating identities? By combining the principles of distribution and centralized arbitration in the case of conflict, this architecture opens up promising possibilities for unifying identities similar to in the physical world.
In all cases, digital identity will only provide a stable foundation for digital trust if it is combined with strong authentication mechanisms.