Decentralised identity (DCI) is a revolutionary approach to identity management that puts people in control of their digital identity information. Sometimes referred to as self-sovereign identity, it eliminates the need for users to provide unnecessary amounts of personal information to access a service online.
Identification: biographic information, photo, PIN code, etc.
Eligibility: entitlements, permissions, privileges, etc.
Affiliation: employment status, membership status, account status, etc.
Other extended attributes: rules about how/when/where a credential is intended to be used, account balances, and credit score.
Proof of purchase: property deed, car title, sports & concert tickets, insurance
Membership: citizenship, employment, association/club, residence, subscription
Achievement: educational diploma, professional certification, titles & distinctions
According to the 2022 Verizon DBIR, over 80% of breaches started with compromised credentials. In contrast, DCI uses robust identity verification methods prior to issuing a cryptographically signed credential to ensure that personal information is secure and cannot be shared or altered without the owner's permission. The information is stored with the owner, primarily on their mobile device and in a digital wallet.
Ownership of data. Credentials are stored in the user's mobile device, fixing the choice, consent, and control in the hands of the user. Users are empowered to take advantage of more and new services while staying protected from unnecessary tracking, data abuse, and potential breaches. It also minimises the risk for service providers who no longer need to store stale copies of the user's PII.
Multi-use credentials. Credential issuance is not based upon a narrow set of identity proofs like a government-issued ID or a vaccine card. A credential can be issued to include any claim that an authority can verify or that they mint. This can include any claim, attribute, or facet about a user's identity, authorisations, affiliations, or purpose.
Eliminate friction. Once a user verifies their identity, a credential may be issued so that the user never needs to go through the verification process again. That credential may be shared with entities other than the issuing authority, thanks to credentials benefitting from industry standards.
Verifiable credentials apply across several industries including:
Financial services can use verifiable credentials to reduce check cashing fraud through robust identity proofing mechanisms once and issuing a verifiable credential for the future. Banks can also offer business partners to leverage these same credentials for strong identification and to access affiliate services.
Government services can use verifiable credentials to replace many paper-based documents, including birth certificates, fishing licenses, real estate documents, and driving licenses. Verifiable credentials could also secure voting systems and ensure only eligible voters can vote.
Retail and ecommerce can use verifiable credentials to verify the age of customers, such as for purchasing age-restricted products like alcohol and tobacco, and for loyalty programmes that include accessing services and benefits from business partners.
The increased mobility of users and their demand for personalised, unified omnichannel access experiences has stretched today’s Identity and Access Management systems beyond their limits. Meanwhile, the need for organisations to collaborate more to compete and build communities of trust and value for those same users affordably and securely, cannot be met by existing federated IAM solutions. By implementing DCI, organisations can improve existing experiences, create opportunities for new, valuable experiences, and increase engagement and collaboration with business partners.
Decentralised identity is a paradigm shift in the digital landscape and revolutionises how users interact with organisations.
Joe leads the company's customer identity and access management solutions marketing team, in charge with providing clarity to prospects, customers, and partners. Joe has over ten years of leadership experience driving innovation in Security, Information Technology, and the Internet of Things. He holds an MBA from Johnson & Wales in Providence, RI and an undergraduate degree from Concordia University in Montreal, Canada.
At Ping Identity, we believe in making enterprise experiences both secure and seamless for all users, without compromise. That’s digital freedom. To achieve this, the PingOne Cloud Platform turns you into an experienced artist who can bring exceptional journeys to life with a simple no-code canvas. You can deliver password-less authentication, protect user privacy, prevent fraud, architect for zero trust, and much more. For more information, please visit www.pingidentity.com.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now