This presentation is discussing a buyer's guide to decentralized identity. And it's a process to take you as an organization through the process of shortlisting vendors, who would potentially collaborate with you on a decentralized identity project. The hope is here that we deliver and open this event today with the right information, to have a strong background for the presentations to come, but also to keep us grounded practically.
So with that, we will be discussing today the decentralized identity market, how that is developed, what technology considerations we have, and also what the promising use cases are. We'll then move on to the report itself. We title it a buyer's compass, which again, walks you as an organization through the process to shortlist vendors. And then we'll end with some star gazing looking at the possible future developments as technologies and use cases mature.
So to begin with let's look at the market drivers and digital identity is a natural result of digital transformation.
I know this may seem very logical and straightforward and not worth a second thought. We should spend a little more time with this because if we really look critically at where we are in digital transformation, none of us have fully gone through this process yet, because the more we depend on digital services on digitizing processes and making these optimizations, the more we realize that there is a gap, namely, that digital identity has not caught up with the rest of the changes that we're making.
And so the more we go down this path of digital transformation, the more we realize our need for a, a nuanced and sophisticated way of managing digital identity.
There are some pain points as well in traditional IAM systems. Some of those being the honey pot of identity data that is known for attracting unwanted attention. And we also can look at this from the individual and the user standpoint, who often has to manage hundreds of personal accounts and no matter how many officers try and make this argument, we are not rational human beings.
We will reuse passwords and cut corners to make things a bit easier. Individuals are also sometimes put in the uncomfortable position of being unsure, who actually possesses their data. If it has been shared farther, then they have actually granted permission for, or if permission was asked at all.
And there's also an increased in complexity, which comes with the increasing number of mobile and IOT devices. And this complexity comes at a few different levels.
You have the complexity of a single human being operated in different roles as an private individual, as an, an employee or as a consumer, working with multiple different devices in those different roles. And of course these different devices all need their own unique digital identity. Moving on to another very strong market driver is the public demand and outcry to protect privacy and bring more transparency. And this is very much echoed in global regulation and this coincides with the public rise of blockchain. And I would argue that this is not an accident aside from the whole Bitcoin thing.
It makes perfect sense that many of us first heard of blockchain at the same time that people work demanding more privacy and transparency because blockchain does offer and provides a very promising platform to work with here to protect those aspects. So we need a solution here. We need a solution which creates different identity infrastructures, which returns the control of private information to the user. We need a solution which can provide digital document integrity with digital identities, which are truly machine readable.
And in this time we really need something which has a streamlined user experience.
So in order to equip you with all of your buzzwords to get through the day, I thought I would jump through these terms, which I will be using in my presentation and many will be using as well. You'll hear me most often call this idea decentralized identity. And this is an identity system that is not managed by central organization, but it also doesn't necessarily mean blockchain. There are other DLTs which could fit under this umbrella. When you hear blockchain identity.
This means that the identity solution is delivered with blockchain as part of its architecture. And finally, we have self sovereign identity, which is a philosophical concept where an entity is the soul holder of their identity attributes.
Let's move on to the use cases beginning at the, the top, you see ID management, and this is a very broad, wide ranging use case, which envisions an identity ecosystem where an individual has a digital ID, which they can bring to multiple different organizations or entities which organizations can use between them.
Next, we have new customer onboarding and reusable KYC. These are particularly useful for financial institutions and is a very, can bring a lot of value to these processes, which are essential to building the customer relationship, but can be a deterrent. We also have risk adaptive multifactor authentication, and finally proof of attribute, which is a very interesting use case. Looking at protecting the privacy of an individual who needs to share information. And so with this use case, I would be able to prove to you that I am above a certain age without actually sharing my birth year.
So moving on to the buyer's compass, this is the report that we put together to assist organizations who are interested in a new technology, in a new solution, and want to go about equipping themselves to go forward with that process. So we have a standard methodology with this type of report. We begin on the left hand side with functional criteria. We look at what a solution would need to bring to the table in order to deliver a complete solution to you, the organization. So these are the technological aspects of a solution.
This is also paired by the nonfunctional criteria regarding the vendor status. And then we compile these together into a matrix with our separate use cases and identify which criteria are needed to create a full solution for each separate use case. We then take a look at the technical prerequisites and the organizational prerequisites.
So what your organization needs in order to launch and implement a solution.
Well, and finally, we end the report with some questions to ask the vendor, and this includes questions to help assess the alignment between a vendor and your use case to make sure that this is a partnership which can go forward with success. So let's look a little more in depth at these different sections. So here's a smattering of the functional selection criteria, these technological aspects.
And if you look in the upper left corner, you see verifiable claims, this is a really key aspect, and it is an interoperability standard put out by the w three C that regulates how information is shared between entities to make sure that everything is standard can be read and understand, read and understood. Rather moving on to the item, to the right zero knowledge proofs. This is what enables this final use case. The proof of attribute use case to work.
And then as a final item, let's look at the center column at the bottom multiple device synchronization.
So in order for a decentralized identity solution to really gain traction, it needs to gain a wide user base. We need a critical mass of people using it in order for that to happen, we need usability. And what do we use more than anything today, multiple devices. So we need the ability to access our identity information from any device which we own, but also if there's an update or a change to that information, it must be synchronized instantly with all other devices. So here are the nonfunctional selection criteria regarding a vendor status.
I'll briefly mention a few like the size and maturity of a vendor, the deployment models, the price, things of this nature that an organization should consider. And now let's take a little longer look at this election criteria matrix with the use cases. So on this slide, you can see the blue banner, which holds all of the use cases, identity management, new customer onboarding. And so on along the left side, you see the selection criteria. And what you can do is select your use case, which is most applicable to your organization.
And question, which criteria do you really need in your vendor who would provide the solution for you? So let's take identity management. As the example, first is verifiable claims. This is incredibly important to a wider identity ecosystem where you need a digital identity, which can be used between many entities and between each other. So an interoperability standard, such as this is essential for such a solution.
Next, we have zero knowledge proofs, the ability to share information or prove that information is correct without actually sharing that information. This offers huge privacy benefits, but a solution could be offered without having this feature. So we've rated it as a medium importance to this use case. The same goes for self sovereign control. It also has a medium rating, and we would argue that again, although it provides huge privacy benefits, a solution could be offered without this principle being included in it, decentralized protocols.
This is in some ways self-explanatory, if you have a decentralized identity ecosystem, you want a decentralized protocol with it, but more questions need to go into this, which is the level of decentralization. This will have effects on your scalability and other aspects along the way. And finally, your multiple device synchronization. We touched on this briefly, but this is key for usability and usability is something we need to achieve a critical mass for a larger identity ecosystem. So we have some technical prerequisites, one that I would point out is a multi-speed IAM.
And so this allows you to toggle back and forth between your legacy systems and to your digital services and for your organizational prerequisites, I would also point out your business case. And so you have to be very careful whenever you're exploring new technologies and applying those two use cases, which have been around for a while, it must be very clear that you have a valid business case first and that a new technology is the best way to solve that business case and that you're not chasing after new technologies.
So along with this security awareness training is a very positive thing to include for your team. Having defined responsibilities, rating the risk of a system, things of this nature are important for your organization.
And we end the report with questions to ask the vendors.
And this is a really important section because we recognize that many organizations who want to include a new solution, which they haven't worked with before need to have the right knowledge in order to ask the right questions and make these judgements of assessing a vendor's maturity, the alignment with their use case, some critical things about the technology that maybe they haven't worked with before.
And so here are a few of the questions that we include in the report such as is PII data stored, if so, where most decentralized identity vendors, no longer store public information in the blockchain, if they ever did at all. And this is a great step in progress, but it is ultimately your responsibility to know where this data is and how it is being used. So take the time to really understand the process, how it is being protected, what the, where it is being stored, things of this nature next, how does decentralization impact scalability?
Again, in some of the earlier implementations of blockchain ID, there was a large trade off between decentralization and scalability that if you were fully decentralized, that required a different consensus consensus mechanism, which then reduced your scalability. And then if you reduced the level of decentralization had more trusted nodes within your organization or delegated, then you could increase the scalability because the consensus mechanism required less work.
So be aware of this trade off and talk to the vendors because many are doing a lot of work in this area to make this trade off less and let them walk you through what they're doing to address this topic. Next is the solution compatible with external digital wallets and digital IDs.
Again, we need any digital ID management system to be compatible with many different IDs. There are existing national IDs, thank IDs, things like that, which should be able to work with this. And finally, what options are there for information recovery? Unfortunately, there is no password recovery with many decentralized ID systems, as we've heard with cryptocurrencies and this poses, a huge challenge for usability vendors are addressing this. So ask them what their method is, how they can support users who perhaps get locked out of their accounts.
And finally, I have some predictions for the future that I would like to bring you along with me as we stargates. So the main prediction is that these technologies and use cases will mature. There's a lot of hope and potential here, and I think it will keep increasing part of that. And a good indicator of this are the verifiable credentials, which are these standard developed by the W3C. So these will be included more and more often in solutions and solutions.
We will see will more and more include blockchain like technologies and going beyond the blockchain to find the most optimum architecture next is that KYC will be a top use case as it is in high demand. And it offers very high value here. And lastly, that privacy will continue to be a driver in this second gen and in this segment. And this is very important to remember, because regardless if you ultimately decide to work with decentralized technologies or not, this privacy and transparency concern from the public is grounded in reality and will have to be addressed one way or another.
So when you keep abreast of decentralized technologies, you also keep abreast of the, the public considerations on this. So with that, I thank you so much for being here today for this keynote and for the rest of the presentations to come. Thank you.
