KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
My name is Abby and I am on the board of directors with the idea foundation. I will talk about it in a minute. So the title of my presentation is enhancing user online security will improve decentralized identity governance and the keyword governance is here. Okay. So today when online, when it come to digital identity, we really have, well, I don't wanna say crisis, but almost a crisis. There is a lot of misinformation and there is a lot of difficulty if you really want to prove your identity online. So there is fraud.
If somebody is knock at your door as a relying party, you don't know who's on the other end. It's a very easy to fake identities or assume someone else identity, or, you know, take over someone identity. This is very true in terms of current KYC methods, know your customer methods that rely on knowledge base authentication or identity attributes that is hackable. So anytime there is dis joined between improving your identity attributes and a declaimed identity.
When you go to relying party, there is a problem in terms of identity fraud, the enablement of identity fraud, the current COVID crisis have proved that we need the flexible, trustworthy mechanism to prove your identity online. This has become a must as the, the virus stays with us. And on top of the ease of identities, stealing identities online, also, you have a lot of misinformation and fake news. And I have some examples here about the Pacific Northwest three octopus.
You know, there is one site that's on the slides that can give you private, plenty of more informations about examples of fake fake news. The problem here, the root cause of the problem is your digital identity. Online is not easy to prove, and it's not easy to say it is authentic. Anyone can claim your identity.
So, you know, this leads to identity theft, the standard databases that all your identity attributes become target. So they are hackable and your data leak and sprinkles all over.
So, you know, as long as there is no binding between you and your data from authentic sources, in a way that's provable that you control that data, we have this problem. So we need to able to enhance and the online user digital identity experience by inserting in their trust and accountability. And this does not mean that you will not could or could not be anonymous. Privacy enhancing is a key component. So you need to be trusted.
You could be accountable and also you could be anonymous, but also you need to be able to be a part of the game of proving your identity online, as opposed to outside of it, at least from a user perspective. So how can we, how can we do that? A lot of the users today and your relationship with line party is account oriented. So you create an account and then you become the account.
As opposed you, as a person have multiple accounts and your relationship is sprinkled across multiple providers from, you know, there is multiple examples, every data or service provider, you have an identity with that silo and your identity information. There is protected at various level of, of assurance. Not all providers have the same roles and recreations in terms of providing and protecting your information and your relationship data. There are a lot of leakage, you as user unique data all the time, and this is not good for you because you could become traceable.
You become a commodity plus also your identity become hackable and, and attackable, but the good thing you is is, was the advance of distributed ledger, like the blockchain and other technologies. Decentralization is coming here to the rescue by the, we have the foundation of a new stack of standards that enable us to provide and solution for this problem.
Anyway, that's consistent with the overall goal of what the user want, protecting their user data, their privacy, their anonymity, but also their security and enhancing trust on both ways between the user and also the relying party. It's a two-way street. You need to trust whom you're talking to. You don't want someone just, you know, on drive by night type operation. They just open a website, they get your data and they leave. You need to trust who you're talking to on the other side. And the relying part, you need to know it is you, that is being dealt with from their side.
So we are having both foundations with decent centralization. And the idea here is, you know, we can use those technologies to start moving forward, to provide secure and trustable, additional identity and online interaction. So this is the foundational, why the accountable digital identity association started. It came in in 2020, and the founding members of idea are the core founding members from the federal Alliance, which I hope that you are aware of because fi created one of the strongest based authentication layer.
And we have plenty of good companies for now that are doing the foundational technology and specification for ed and division of ed is to provide in the digital world and a trusted privacy enhancing user identity. That is, you know, that, that enable online interactions based on, on, on, on trust and accountability.
So the, a lot of the background of idea came from the observations that we had when we, and we are still part of the final solution. Final provided a very strong credential and the credential, you know, is on basically it's fishing resistant, it's oil enabled with very good concept in terms of local biometric representation. You know, it really eliminated the need for, to use a shared secret.
However, having a strong authentication credential is not good enough on its own within the overall picture of having digital identity interactions, because the, if you credential strongly the wrong identity, you still have a strong credential, but used by the wrong identity. So identity vet need to be dynamic and catch up to the advances that were provided by the federal Alliance in terms of a stronger authentication.
So, you know, this is, this is the, some of the background of, of, of the idea and how it came in. It's pretty well known knowledge that the next stage in solving the user authentication and interaction online is how can we credential you and boost strap you into digital identity ecosystem in a trusted manner. The solution has provided by idea, it has a core anchor in it, and the core anchor is called the digital address. So I think of the digital address is some string that is unique and it's assigned to your entity. The entity is spawn multiple identities. So you is the entity.
You can have multiple identities, but the creation of the entity and the spawning of the entity is what's needed. So the digital address is get boost drafted through a trusted into an ecosystem is no different than what happened today in the reward. When you are born, you get an address birth certificate. If someone say this doctor and this hospital on this date, you were born, and then depending on which country you are in, there are multiple additional attributes that get in.
You know, in some cases the name of the parents get added in some cases on the name of the mother, in some cases, depending on the location and the country, you will get the biometric data also like, you know, your fingerprint or maybe your DNA and other stuff associated with that birth certificate. So you get spawned as a human being into the real life, by someone, with authority, giving you an initial entry point, and this is your birth certificate and the digital address. I played that role.
You get spawned into that digital life by having a unique digital address and that address, you have bindings in it. And those bindings will use multiple technologies to enable you to have multiple identities and interactions using the decentralized identity specification from W3C in a way that's decentralized and disposable.
So, you know, it does not mean you are Correl relatable. If you have a digital address, you have, this is the core identity to prove that you are there, but your relationship and abstraction di is another layer that you use proper identifiers that are onetime usage, and, you know, they are decentralized. So why we do that? The user need to know one address, which is their digital address provider address. And that address is kept with the user is not shared on the log, on the way the protocol work. So your relationship is a trust anchor between you and trusted in point in the system.
And you as a user will always know where to go. It solves plenty of the problems that we have with otherized solutions, which is basically when you want to, how can you jump without having a self-assertive claim, or if you can start with self-assertive claim, but how can you quickly upgrade it to become, you know, a really, you know, trustworthy claim is not just self asserted. If the relationship with your line Porwal require higher assurance level, you can quickly do do that.
Also the way the architecture work, it addresses one of the key limitations of the centralized identities, which is wallet and management wallet interability is a key problem. And there is some dependencies on the actual ledger, how the wallet is done. So the wallet in, in, in, in idea is a cloud wallet. And it's done in a way where it preserve anonymity, where, who access, what on, and which credential is always, all transactions are trouble point. So also there is a binding between you and the wallet. ACA wallet recovery is problematic.
You know, the, if you change devices, you get into a problem. How can you move your credential from one wallet to the other? All of this gets solved through abstraction, and basically the cloud version of the cloud of the wallet. That's strongly bond to a user through a device and fiber authentication. So there is tight coupling in here.
You know, if you have a wallet and someone know how to open your wallet does not mean your identity is lost to whoever was able to access your wallet. So we solve a lot of those problems and there are other governance that ensure that data stays with the provider and other stuff end of the day, what the digital address does it try to affect the root cause of, of the digital identity in, you know, and trust and accountability.
So with all of this, you know, you could have a true identity thing in a way that's interoperable, is it used and what to correct entities, meaning that can enable an ecosystem for the user to interact securely, whether it is anonymous or non-anonymous, but with the way where the identities are, all they are all trusted in an ecosystem since you can think of it as a subscription type based service. Okay.
Whoever get to be part of the system is onboarded and the providers and the issuers are onboarded through the governance framework that give you trust and accountability from both end you as a consumer or as a user, or as, you know, an entity on, on that platform. So, you know, this help into moving the user into, into a system it's into that is trust trustworthy. And we understand from the ADI that this cannot be done by one company, it's a community and it's a direction of coming forward and how, how we can do the interaction securely as we go.
So there are many, five core principles for the data is not you, your personal data and your interactions are not on by the association or by the, the data actually does not move in our architecture. The data stays with where the data is, all what you do as a user is provide access on a contract basis, basically smart contract on a limited time for whoever want to need, they need to use it for whatever purpose and you consent for that.
So, you know, this is the key foundation. Data stays where it is. There is no data movement. So you reduce the risk and of, to the data and user know who and will consuming the data. And there is a proof for that because it's consent based and contractual and the issuers of verifiable credentials. We have multiple models that we support.
One model, the issuer of the value credential can they, they, they keep the credential with them. And another version of, of the model, the issuer can issue it to what we call it, an escrow service, where you can take the credential credential out of the system and you own it as users. So we support. Can You hear me just a short reminder, two minutes left? Oh my goodness. Okay. Thank You. Okay. Yeah.
So, you know, we have the user consent and then the issuers come in with the proper value chain. So basically, you know, it, the, to get this adopted, it has to address all ends of the equation.
So let me, so how it goes within the, within the, within the architecture, there are, think of it like the ni system. There are directory services where the issuer are part of it and the service providers are part of it. And think of it like DS from a user perspective, it interact through a, I connectivity through digital address service and digital address. Service will know where the user is, is through searches in the directory. The user is unique among the directory. The directory are spread among regions. Like you have to.com for the Ms you know, and system.
And the user is found and bounded to their identity. The uniqueness of the user is guaranteed because the identity attributes that are checked are the one that are core to the iden, to the person. There are methods and governance rules to do identity resolution.
Whether, you know, you have head and mess in terms of digital address. We, we address all of that within the governance profile. Okay.
So, you know, interchanges can work and they can do specific purposes. Some can do identity validation, some can do identity based type services, and some can do payment type services. So the digital address service can have multiple, you know, multiple phases. We don't restrict that. So the overall system it's regions, it's direct of directories, and it's all connected from a user perspective.
Once, you know, your core digital address provider does not matter where region, which region you are doing business with, because you always go back to your core identity, resolver. It become like, like a broker.
So, you know, whoever is trying to deal with you or what they need to know about you is that digital address, a provider that you are dealing with. We have a roadmap of specifications. You can check it on our website. We already released first version and it's open for people to comment on and also to come in and join and participate in the organization.
So, you know, I, I I'm done, I hope I made it on time.
