The internet has connected people across the world with an efficiency, reliability, and consistency that was previously thought to be impossible. Through the power of personal computing machines like laptops and smartphones, we are able to stay constantly online, receiving messages from our friends and emails from our favorite websites and blogs. To connect with other people on the internet, we congregate on social media sites, group messages, and email chains. Many of these experiences share a commonality: they require you to prove to some degree who you are in order to gain access to them. The more someone can prove about who they are, the more trust you have in who you are dealing with, and generally, the richer the experience can become.
The most common way we identify ourselves online is with usernames and passwords. Usernames are your primary digital identifiers, the same way your first and last name are used to identify you in the real world. Your password is your secret, the thing you share in order to prove that you are who your username claims you are. In the early days apps and websites rarely communicated with each other, which left the responsibility on the user to manage a separate username and password for each website they had an account with. As a result, passwords often got frequently reused by users, not to mention easily forgotten and stolen by nefarious actors.
While there have been advances and improvements in this area, identification and trust remain a big issue on the internet today. After the initial rise of usernames and passwords, digital identity technology evolved to solve the inconvenience of managing a bunch of passwords on your own, a model often referred to as Federated Identity. You have probably seen these buttons on login pages you visit like this one, which say “Login with Facebook,” “Login with Google,” etc. In this model, these companies act as your identity provider, or IdP. When you click a button, you’re opting to use the identity account you have with that provider in order to log in to another, unrelated service. For example, when you click “Login with Facebook,” your username and password for Facebook serve as your primary source of identity. Facebook then shares your identity and your data with third party apps and services that you want to use and you get to skip having to maintain another username and password. While this model requires less effort to manage your identity, it does mean you have to place a lot of trust in the provider and control over your identity. In addition, while convenient in the short term, using something like your social media account to login everywhere means you must keep an account with them in order to keep using all the other apps you have connected your account to. Considering the very real potential of having your account disabled for any number of reasons, some of which are outside of your control, and the inability to change account provider for fear of losing your data and or access to linked services, this solution is incomplete at best.
What if we had an identity system that was native to the internet? One that enabled users greater control over their digital identities, where these identities were portable between providers, and less susceptible to identity theft? This is where decentralized identifiers, or DIDs, come in. Instead of using a username, phone number, or email address as your primary identifier, you use a DID, a unique identifier that represents who you are in a given context. Any individual user will have many, many DIDs — more on that later. These DIDs are not managed by any one company or website like a Facebook login. Instead, they can be anchored on decentralized networks such as Bitcoin and Ethereum, or they can be shared privately amongst two or more people. Instead of passwords, DIDs use private keys, which are secrets that only the owner of the DID has access to. Private keys are stored on devices under a user’s control and are used to prove control over a DID the way a password proves control over a username. Fundamentally this model changes how we authenticate. Instead of your secret being something you know, like a password, this new model makes your secret something you possess, like a key.
The collection of all of your logins, data, and your usage of apps and services — you can think of this as your digital footprint. The internet currently has over 3 billion users and growing. With so many people and so much at stake, DIDs are an important piece of infrastructure that provides a way for users everywhere to take greater control over their digital footprint.
DIDs offer a new form of digital citizenship which is controlled by you and you alone. Instead of your identity being composed of accounts or identifiers that are borrowed from providers, it should be as inherent to your digital rights as freedom and autonomy is to being a human. As DIDs are more broadly adopted across the web, they give rise to a more resilient internet, where your digital identity is not borrowed from a provider, the way domain names and social media accounts are, but rather controlled by you and thus the basis of a new kind of verifiable digital trust. This makes the internet not only a more reliable tool but a more robust platform for creating richer digital experiences. It represents a dynamic shift to a more human-centric model for identity, working alongside and eventually replacing the disconnected, tech-driven model we have today.
MATTR is proud to be involved in the open-source communities surrounding the development of DIDs and their increasing adoption. Recently the work around Decentralized Identifiers has reached an important milestone, with the establishment of the Decentralized Identifiers working group at the World Wide Web Consortium (W3C) and the publishing of our first working group draft. In being a member of the DID working group, we are excited about this opportunity and working with like-minded organizations to progress what we regard as a vital piece in the future of digital identity.