KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Decentralized Identity is seeing a proliferation of activity -- so much that even experts struggle to make sense of it all. Even the names of the emerging specs have gotten wacky (or, technically, WACI...)
Decentralized Identity is seeing a proliferation of activity -- so much that even experts struggle to make sense of it all. Even the names of the emerging specs have gotten wacky (or, technically, WACI...)
So, yes, I'm Kim Hamilton, Duffy. I am director of identity and standards at center consortium. I've been leading standards development through the w three C credentials community group and the decentralized identity foundation for the last few years. I'd like to. So just a reminder, I'd like to start off with a reminder about what is decentralized identity, to be very precise about what we're talking about and I'll review what's been happening, why it matters and what's ahead.
So just a reminder about the term decentralized identity, it's often associated with the frightening and somewhat militaristic sounding term self-sovereign identity. And so what I'm referring to is standards technologies in principles with the goal of enabling individual control over digital identities and personal data. And so specifically some, some goals practically for the individual would be agency interoperability and portability of their data. We're gonna talk about credentials. So what do we mean by that?
That's a, a very mixed word in this space, but we're, we're referring to a broad category of, of digital statements. So they're basically a statement made by an issuer about a subject. It can be driver's license passport tickets to get on an airplane diploma, even vaccination certificates, which we'll get into. And specifically we're referring to w three C verifiable credentials, which make this flexibility and verifiability possible. So let's look at an example of a verifiable credential. So this is the, the part that you won't see that often the, the Jason formatted payload.
And so it's this document in which you can express some information in this one. We have, you see a university degree credential with some information about the issuer, the subject, what kind of award the, the subject got. So this structure, this full structure is called a, is a w three C verifiable credential. And so it's verifiable in a decentralized manner and we'll get into how that happens.
So within that to another key standard, that, that we refer to our w three C decentralized identifiers, and those are used often in a verifiable credential to identify both issuer and the subject they're different, different values. And so these are secure, flexible, and decentralized means of identifying some entity that allow that entity to prove control over that identifier.
And so the benefit of the verifiable credential data model is that anyone can check without necessarily need to go to the issuer that the credential hasn't been tampered with the issuer is who expected the status is current, meaning it hasn't been revoked. The recipient is who is expected, and that the credential is fit for purpose, meaning other custom business specific checks the with identity ecosystem enrolls. So the key difference here subject or holder is at the center of the exchange.
They can request the credential from the issuer who issues it directly to the subject who can hold it in their credential wallet. Then the subject can go and share the credentials with relying parties, relying parties, request credentials and proof, and then the subject can send it directly to them. Now the relying party can verify without contacting the issuer, which is shown here with the verifiable data registry at the bottom. Now issuers want to be able to update the status revoke or whatever, mark, some kind of indicators about credential life cycle.
So the verifiable data registry typical typically implemented on a distributed ledger is a way to do that. So it could store revocation lists, identity lists, things like that. So that's the lightning survey of the sort of context in, so as I'm saying here, things have gotten wacky. So I'm referring to a specific spec wacky that's pretty promising.
So the, I think the exciting development is that we are moving beyond the core data models for decentralized identities. So verifiable credential have been a release standard for over a year, decentralized identifier, just moved to proposed status. It's getting some pushback, but you know, this is all part of the process. So what I'll focus on is the, with the subject or holder being in the center and the issuer on the left side, relying party on the right, the, a lot of the aspects of verifiable credentials are quite new.
So this idea that this identifier that identifies in some way, the subject would be embedded in a credential, how does the issuer get that? And things that I mentioned, like, how does the subject prove control over the identifier?
Those are, are those need to be addressed because the verifiable credential data model did data model don't address that directly. And that's where the exchange protocols, these arrows between the issuer and the subject, and then the relying party and the subject come in. So two especially significant efforts happening while on the left side through D is the, what what's called the credential manifest spec.
So that's a way for issue to express, you know, what they issue and what prerequisites they have for issuing between the subject and the relying party, div presentation exchange, which is similar. But for the relying party, the relying party can say, I need these credentials from you. And it can specify things like this sort of schema and other requirements for proof. And then the subject can submit that to the relying party. There's another one similar to diff presentation exchange happening in W3C called the VP request spec. So both of those are seeing a lot of implementation.
You've heard many of us hand waving for years about how verifiable credentials enable privacy or measures or Z KPS. So one exciting development is that the BBS plus signature suite enabling data minimization has seen a lot of interest in a lot of implementation, another category of interest. So we need to speak the same language in our credentials to have interoperability. And that's been happening through the development of what we call vocabularies.
So traceability, vocabularies ones related to health, and also education are seeing a lot of attention from different standards groups and different vendors. And we're seeing a lot of those happening in prototypes. The other thing, so notice these, these little stacks that I'm drawing next to, you know, like in this case, we have credential manifests and then messaging communication over here on the credential itself, we have these different layers of, you know, signature suites vocabularies. So each of these layers represent a possible selection that an implementer might make.
And so we refer to these diagrams as layer cakes, not as appealing as the ones on the right over here, but we're seeing a lot more interest in activity around that in standards related groups. So one of those is the wallet in credentials, interaction or wacky specification that picks a selection of these technologies and standards and demonstrates multiple vendors implementing them, improving interoperability in that way. There's a similar effort in W3C. It's getting renamed because no one can pronounce it easily VC HTTP API, which is largely focused on enterprise APIs.
So the kind of back office issuance and verification APIs that you might expect to implement these at, at the business level, but then there's a lot of work happening to extend those to, to individuals as well. An area that I'm very excited about is a way to get these standards involved in open ID connect, which is a well known existing identity standard. And so we're seeing several suite actually of decentralized identity, open ID solutions. So one is called open ID connect for verifiable presentations.
So that's the subject holder to the relying party line, open ID connect credential provider, that's the issuer to the subject line and then self issued open ID provider. And that's a way for the subject holder to create improved control over their identifiers in their own wallet, down at the bottom, you see some logos for the, the groups where this effort is happening. The icing is as I called out in my last time here, the, the biggest concern at the time was that decentralized identity was a very technology first group of individuals. And there's a lot more to it.
There's best practices and there's there's policy things that, that we can't quite control and in a technical world. So fortunately there's a lot of improved awareness of best practices related to privacy. As I mentioned, data data, minimizing signature suites, improved anti correlation measures, and people are increasingly moving data off chain. You rarely see people issuing credentials to a chain anchoring to the chain, and then also even better. We're seeing engagement with policy makers on best practices for digital credentials and high stake scenarios.
So the good health pass blueprint is a really exciting example of that. It's based on w three C verifiable credentials, but it also recommends best practices for sort of very high stakes credential scenarios. Like COVID vaccination proof, things like that. So exciting development there. We're gonna close on some use cases, and these are opportunity to highlight some efforts that are especially exciting. I mentioned wacky already. And so I'm gonna draw attention to that again, that is being used in the vaccination certificate scenario.
So we're seeing this as a joint effort by bloom transmute ever, and more, and there is a spec called wacky presentation exchange that captures some network. It uses the w three C vaccination vocabulary BBS plus signature suites for data immunization. So multiple vendors working on that using best practices and proving interoperability and portability for recipients.
Lastly, we are seeing in the news increase, focus on regulation towards the cryptocurrency and defi space. So a lot of increasing efforts also to make, make that work. And so centralized identity solutions or traditional identity solutions are really not a good match with on chain transaction data. We risk having a real privacy nightmare. So fortunately decentralized identity comes in and it's a way to provide more efficient, effective, and privacy preserving means of identity assurance and compliance for these scenarios.
So for example, financial institutions can make ations about addresses saying proof of proof of KYC has been performed on the entity controlling this address, but it doesn't need to reveal additional data. And so there are a lot of cases like this where portable, verifiable credentials unlock new use cases. So for example, if I can get some sort of proof of, of reputation or credit standing, perhaps that unlocks new rates, and these can all be enforced in smart contracts. So there's additional details that will be coming out soon. This is related to my new affiliation.
So, and I know many other sort of companies are working on this as well. So this is a really exciting application of centralized identity. I feel like it's uniquely situated because in cryptocurrency people, the individuals are used to the problems of key management and the importance of, you know, not losing control over your cryptographic keys. So this is a really good area where the audience is very primed for, for using the centralized identity techniques. So that was it. I wanted to close early to leave room for questions. I have some references here.
I mentioned that w three C credentials community group and the decentralized identity foundation and my contact information here. So any questions for me.
