Michele Nati, Head of Telco and Infrastructure Development at the IOTA Foundation, will participate in panels on Decentralized Identity and Self-Sovereign Identity at the European Identity and Cloud Conference 2021.
To give you a sneak preview of what to expect, we asked Michele some questions about what he will bring to the panels.
Are we entering a new era of identity with decentralized identity?
Absolutely. Yes, we are changing the way we generate identities, we manage identities and we verify identities and we access services. So the European Commission is already looking forward on how to change this. There are new regulations, that are currently under discussion on how to reform the identity space, especially, state identities moving from a centralized approach toward a more decentralized approach where identities can be issued by government, but also be verified across different government without direct interaction of offices, adding bureaucracy, adding administrational burden. And on top of that collect credentials and attributes that allow people to show who actually they are in a trusted way, what attributes their identity brings forward to access services, i.e., to be verified for age restriction whenever it's needed. So this can happen now in a much more decentralized way rather than centralized.
So the European Commission itself is looking at how to expand and adapt the initial eIDAS network, which was a network between member states to create and issue state identity for digital services that was still relying on a centralized concept. And now it's moving towards a decentralized view. Now they start to look into employing ledgers – as they call them, where we know there are distributed ledger or blockchain technologies – to be the underlying trust rather than the members themselves, that guarantee a person is who they claim to be when they travel, when they move, when they try to access services across different states in Europe.
And that's just the start. We see this way of people moving and being trusted across a border as well across countries, across oceans hopefully. Things like this are happening also in other countries, in other continents. And one of these reforms of eIDAS will also culminate with what is the introduction of actually digital wallets. Digital wallets that people will carry with them with their mobile phone, to carry not any more currency, not any more credit cards, debit cards, or tokens like somebody is doing for payments, but carrying their identities, their identity credential that they can present, that they can use to access services.
So, imagine I go to a doctor and I want to show what I actually need assistance for in a foreign country. There is no more need for the doctor to go and look for this in my origin countries, to make phone calls but get this from my wallet as a credential that everybody can trust because it's been issued by central trusted authority in my country and verified using a ledger (like IOTA).
The current status quo revolves around centralized, federated identities. As decentralized identity initiatives gain momentum, do you see the two forms of identity coexisting? How do you see this confrontation playing out?
So that's a very good point. And it’s also actually one of the reasons we still see a bit of a delay in the new concept of decentralized identities moving forward. Because the idea before was all or nothing. So one identity or the other, and that's not actually the way I see this going forward. The way it's a complementarity. Of course, there will be cases and scenarios where identities like this concept of self-sovereign identities can be self-issued. So identities decentralized now self-sovereign is basically an identifier that is immutable on a ledger and a public key in terms of cryptography.
A private key is always controlled by the subject who created the identity. So there is no more need for a government – let's say – to create that identifier, it’s the number of my passport let’s say. So anybody can create that and can start to collect credentials, but there will be use cases in which it will be enough to collect a credential that states: “It's me.” And they have some features or attributes like: “I live in a country” or “another country” that can come from other identities that can sum up and say: “I can say that Michele lives in this country or that country because of interaction with him”.
But there will be also use cases where I need some other authority that have done proper KYC of me that have verified all the aspect of my identities or legal or any other position like state identity that can say: “Actually, Michele is who he claims to be”. Credit card issuer, debit card issuer that will do KYC. So this will create not a different identity. It will create a credential that sits on top of this decentralized system that adds more value to my attributes because it comes from an established authority that have done controls, have done proper KYC. It’s a bit more value, a bigger value. So it's a different level of assurance when I interact with a third-party.
So long story short, there is no competition, in my opinion. There is a complementarity, there is integration of this technology and what the identity was in the past, and new identity will be in the future with a central point being the person controlling it. But there will be still a role for centralized identity providers to start to issue new credentials and empower citizens and people to manage them and present them. So, there will be the need of course, to re-invent some of the business models that exist in the domain. But of course, I see this as a complimentary landscape that will come together for a greater good.
You will be part of a panel discussion at EIC – centered around the application of decentralized identity in eCommerce. Could you provide a sneak peek into the topic of discussion?
Absolutely. We [IOTA Foundation] are working on this project called ENSURESEC. It's a European project founded under the Horizon 2020 Framework. It's an innovation action. So you actually try to establish new technology and test their viability in the market for creating innovation and creating also better processes. And we are actually tackling the eCommerce infrastructure having in mind also to create a more seamless way for the digital single market infrastructure that Europe is building up in a way that is trusted across countries. And the one way that we see one of the barriers – basically the difficulties – for small and medium companies to basically be part of an eCommerce marketplace, because they have either to rely on third party and they have to build their customer base. When this comes, they bring also a lot of data about their customers, especially if you think about small and medium enterprises selling age-restricted items or items that are only being sold (like drugs and medicine) and dispatched [only] to people that have the right requirements. That all of this requires the small company to either be with a bigger player, or be able to evolve a new infrastructure that is secure to maintain all this personal data, all this sort of information that exposes the risk of cybersecurity [threats] for them.
So with decentralized identity, we are exploring the opportunity for them to still have the same knowledge of their customers, still able to verify age still able to verify any other feature before providing whatever the customer is aiming to buy with decentralized identity and verifiable credentials. So this knowledge, this information is not anymore a burden for them to create, so they can speed up and lower the body of friction to be part of a digital single marketplace. So this is one example.
We are also testing decentralized identity, not only for persons, but also for a company itself. So if a company has to open up an eCommerce store, again they [will] need to prove they have enough cover of any liability. This information also requires checks and what is best then a bank – that also has a knowledge of the logging book, accounting book of an SME – [to] issue a credential toward the marketplace operator for the company to operate in a way that's seamless and the proof that a company can receive finance credit and trade finance, and so on and so forth.
So, there are a few ways we are exploring this to use decentralized identity in creating a more, let's say dynamic, frictionless eCommerce infrastructure, and still maintain the security that eCommerce should provide. Because these days more than before with the COVID experience, lockdown, we rely on eCommerce much more than before and more and more will be in the future.