KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
So my name is Alan Bachman. I'm an enterprise research architect. I have 20 years of experience working in it, mainly with fortune 100 companies before becoming an enterprise architect. I worked in various roles from business systems Analyst to technical project manager. This allowed me to fully understand the pains of introducing innovation and trying to gain adoption. I am the co-chair of the idea pronounced technical working group, and I wanna share some updates around today's topic.
So today we're gonna talk about an identity flood and introduce idea which stands for accountable digital identity association. We'll get into their approach to unify identity movements. People have a lot of accounts and identities getting blockchain. Backed identities is becoming much easier with movements such as mobile driver's licenses, yet security and privacy problems can still occur. If you don't have control over all of those identities, giving you another identity is like throwing another log on the fire.
Having one unique digital address, prevents your information and protects it from being associated with multiple accounts so that they're not getting out of sync or out of control. We know that decentralized IDs or DIDs are the fundamental unit of the system, but they're not participant friendly to make this better for human adoption idea issues, a special identifier called a digital address. This is issued to an individual by a certified digital address issuer after your KYC or know your customer processes have been followed.
The creation of a digital address to unify is a crucial step in ensuring that there is both trust and accountability within the audio ecosystem, addressing some of the privacy root concerns. We need global digital address issuers, which could be from any industry. They could be financial service providers, providers, government agencies. And of course, any of the organizations that are central to the trust economy to prevent digital addresses from being misused as correlation handle digital addresses must not be retained by participating service providers.
After that resolution, their role is specifically limited to facilitating the participant onboarding processes in the future. There could be an expectation that we want everything to have a unique identity. So Adia is a nonprofit organization dedicated to the creation and promotion of a new and better system for creating, managing, and using digital identities and sharing personal information. Its vision is that security and prayer privacy are fundamental rights of the user and trust and accountability is a necessity for a functioning business in society.
It's built on privacy by design principles while providing strong, authentication, secure data sharing in a range of identity services, including the capacity for consent based participant accountability. There are four purposes idea will not issue or will not own user identity or keep the identity data users should retain personal identity data without consolidating consent is needed for data activities and will be captured. And this should not require users to adopt or acquire advanced technology to participate.
As I mentioned earlier, I am the co-chair for the technical working group, which embraces open standards from bodies, such as phyto, W3C, and dif the IDF specification is designed to be easy to use with existing identity management systems. It incorporates KYC and phyto processes. It is interoperable with other decentralized identity systems and above all, be easy to adopt and use by participants, including those without access to data enabled devices. So where did, where did this come from?
Well, the journey started in 2020 and today consists of 30 companies that are issuers and relying parties. There has been time dedicated to formalizing the capabilities and vetting them by exploring several multi-industry proof of concepts. Starting in May, 2020, a few months ago, this consortium was renamed from the DD Alliance to audio for better positioning. We are on track to releasing specification 1.0 in June for community review participation and to help it progress. I can't stress this enough.
It's very important to raise awareness of this effort and to attract the identity industry to be part of this success. So when you look at this slide, think about a family tree. It shows the relationships and how people are described from their birth and all of the common events that occur such as birth certificates. Government issued identifiers such as a social security card residency in a town or a country graduation from a school, getting a driver's license, getting a title from a job and so on. It's hard to gather and know what that person did in their community.
And what credentials did they have and so forth. There are quality challenges to self attested credentials that extend the duration of the verification processes in ADIO what's different is that people are not asked to do a prone and time intensive self-reporting tasks to make claims about themselves. And they instead get a simpler experience where their identity comes from a trusted issuer credentials are given to you by authorities using proper identity vetting methods and idea establishes a trust anchor, allowing for updates and revocations too.
This can prevent fraud and evolutions of consensus to flesh out bad attestations, protecting your privacy also means making it harder for non established wear to muddy the waters. I'm also a boy scout leader and I'm taking my son to camp this summer. And every year I have to go through a stack of paperwork with my background information, my health checks that I do all the right scout training.
And I, I assemble this from all these different sources, half of this information doesn't change year over year, but the vetting process isn't flexible enough to show my entire Providence, which could protect my privacy while making sure that camp has the best talent available. I look forward to using this technology in my personal life. So let's talk about the components that make up the actual ecosystem.
So ADEA is a decentralized network of networks integrating regional directories, interchanges issuers, service providers, and users with unique trust anchors, all entities within the architecture are represented by bids. The focus of the ecosystem is to do three things. First and foremost, provide a lookup at the time of initial onboarding to make sure that there are no duplications of identity.
Second, provide the trust framework and a source of truth to facilitate the accountability in the event of fraud. And lastly facilitate value settlements across different identity systems. So when we look at the global directory on the top left here, it is one primary root of trust system with one or more distributed or delegated shared instances. The regional directory is one or more services serving a scope such as a geopolitical region or country. Each directory serves to uniquely identify each participant via digital address or a collection of attributes.
The interchange is a composition of services providing foundational functionality, such as digital address, service identity, escrow credential, broker, and payment broker for entities in the ecosystem on the next slide, we're gonna zoom in on this a little bit more digital address services, an agency providing services to entities within its domain. All interactions between entities are facilitated through agents and services provided by that agency.
And an issuer is an entity representing both identity, such as a DV department of motor vehicles or a non identity credential issuer, such as a university service providers can act as relying parties. And this could be a retailer. A user is a holder, and that has one human identity in the region. So here's a, a zoomed in view. And we're gonna look at the interchange. This representation shows that governance is being layered amongst all the capabilities, even as insur, as assurance levels change. It's important to ensure that things are fully vetted before any onboarding occurs.
Since the digital address service is truly connected. It can also be done at business models, such as PayPal that can detect log and invoke exceptions to rules.
Privacy, preserving accountability is provided by the identity escrow services identity data is presented to the identity escrow service and a credential from an approved issuer. The escrow service stores, the data and issues. An escrow credential to the participant. Each escrow credential is obtained by the participant, contains a unique ID upon connecting to a new service. The participant presents the escrow credential, the service, validates the credential and then retains the unique ID.
Should the participant violate the terms of the service or otherwise require accountability for their actions? The service will present the request and evidence to the escrow service verifiers and participants may enlist the use of a credential broker. This broker can serve several functions in the process of aiding a credential presentation. The credential may be translated between formats verifying one format and creating that another is readable by the verifier. The broker can do the legwork of applying governance frameworks in checking the credential issuer for validity.
This is particularly helpful when interacting with an exchange provider, not previously known to the verifier, the broker must involve the participant agent and in the process obtain consent to share the user's credential during the exchange of the credential, the broker may also facilitate payment to the parties involved in the credentials, issuer inflow.
So to summarize, we talked about making it easier for existing systems and services to have a pattern that allows them to be an issuer building for the future, by creating a network of networks, becoming a preferred option that people want to use, they want to embrace in their lives. That is flexible enough to work in multiple industries of their life and promoting this industry and promoting this to industry experts such as yourself for collaboration. Thank you for listening to my presentation and please check out the website and email address listed on the top, right?
And we look forward to your participation to help.
