Our Identity Predicament
Today, we are not in control over our identity. Our personal information is often shared without our awareness. We are at risk of identity fraud but we don’t have to be!
As citizens, our personal data resides in large centralized systems of record (SOR). Hackers are highly motivated to attack these centralized systems because a single successful hack can yield information from a large number of accounts. Which puts many people at risk. The implications are that:
- Citizens have become fearful of rampant identity theft
- Hackers have recognized the monetary opportunities associated with a successful hack
- Hacked institutions are at risk of brand damage, paying for costly hacker prevention systems, fraud, and time lost.
IBM advocates for a global shift from centralized systems of record to decentralized, citizen-controlled identity vaults. This shift emphasizes an elimination of the third party control points placed around identity. We believe every citizen should have their own private identity vault where they are in control of their personal data. To achieve this view, we seek to empower businesses, organizations and government agencies with the required technology to support this disruptive sea of change towards decentralized identities. Success will be realized when every person, organization, or thing can have its own truly independent digital identity that no other person, company, or government can take away.
Imagine if every person, place or thing was uniquely identifiable on the Internet in a manner analogous to how IP addresses and domain names are discoverable today.
Imagine a world where your information cannot be shared without your clear, explicit consent at the time of transaction (not buried in terms & conditions). You can control who can access what information, when, and for how long. This is a privilege you can revoke at any time.
Imagine a world where you can control the flow of personal identifying information.
Self-Sovereign Identity (SSI) is lifetime portable digital identity for any person, organization, or thing that does not depend on any centralized authority and can never be taken away.
Trusted Identity Solutions
Transparent and assured identification of all things (humans, legal entities, etc) is a universal and general purpose business function that crosses industry and geographic boundaries.
We all desire to protect data and resources by clearly, quickly, and accurately identifying and verifying users. Trusted Identity Solutions should:
- Support the full lifecycle of identity spanning from initial application through transactional use
- Provide robust and reliable identity enrollment and establishment mechanisms
- Provide secure and capable identity credentials
- Offer strong identity authentication and verification mechanisms
Digital Credential Concepts
In 2012, IBM Research embarked upon an effort to develop and validate a secure digital credential ecosystem. Our basic video depicting the art of the possible helps to introduce the potential benefits of digital identity solutions. Since that time, the technology supporting digital identities has matured. Open standards and open source technology is now available that can be leveraged to help realize the SSI vision.
Identity credentials are used in all aspects of our daily lives. As we begin to gather digital credentials on our devices, the use of these credentials will expand beyond their original intended use to help shape our personal reputations, grounded in an infrastructure of digital trust. Over the last 5 years the identity industry has begun to migrate towards the SSI vision and the global industry is working toward interoperable and open solutions. IBM Verify Credentials provides a portfolio of SSI tools to help bootstrap this industry trend. It represents the evolution of IBM's original investment in the patented solution named IBM Mobile Identity towards an SSI compliant offering.
The Trust Over IP Foundation has defined a reference architecture based on four layers of the technology and governance stacks.
Layer 1 is the public utility (or ledger) layer. IBM Verify Credentials currently supports any Indy-based ledger but also plans to support other ledgers in the future.
Layer 2 is the DIDComm layer, where trusted and privacy-preserving peer-to-peer communication is established.
Layer 3 is the Data Exchange layer, where the issuer-verifier-holder trust triangle is established.
Layer 4 is the Application layer, which integrates the lower levels of the stack into real-world applications.
Interoperability at various levels of this stack are key. As a founding member of the Trust Over IP Foundation, IBM is a leader of the Saturn-V working group which is formalizing and performing interoperability tests between various vendors and publishing results.