Digital identity

How to represent ourselves in the digital world

We are born in a certain place at a certain time. We are assigned a name. This is our first identity. It is a formal, centralized identity, kept in State archives. It does not really say much about us.

Our inevitable encounter with the World Wide Web makes us assume other identities:

• Spotify knows our music taste perfectly well

• Netflix our movie passions

• Amazon our buying propensities

• Google our information needs

This federated identity is fragmented, broken down into many digital sub-identities, not communicating with each other. We do not really own these identities; they can be taken from us overnight at the total discretion of the business company that monetizes them (we are the products, not the users).

The third iteration of the Web, or Web3, fostered a novel definition of decentralized identity. It allows you to own your identity storing on a blockchain or a peer-to-peer network like IPFS or Arweave.

An attestation is a claim made by one entity about another entity. For example, the driver's license issued to you by the Department of Motor Vehicles (one entity) attests that you (another entity) are legally allowed to drive a car.

With decentralized identity solutions, you can claim and hold your attestations without relying on central authorities, like service providers or governments.

The various players in a decentralized identity ecosystem include:

• Users: individuals who own and use pieces of identity information. Users can keep various attestations in their cryptographic wallet in the form of soulbound tokens

• Issuers: organizations and institutions that issue attestations to users. For instance, an academic institution can issue a Computer Science degree to an individual, signing the attestation with the university private key.

• Verifiers: third-parties who need identity information to establish trust and grant access to services. For example, a software house might want to verify that a potential employee has a Computer Science degree. The verifier uses the public key of the issuing university to attest the validity of the degree.

An overview of the decentralized identity ecosystem. Source: Affinidi.com

A further step ahead might extend decentralized identity to social identity.

Social identity borrows from Georg Simmel's view that a person's identity is embodied in what is known about them by others, rather than with formal identity verification.

Notably, Simmel's work dates back to 1908.

Social identity believes any successful identity system must be humanistic, flexible, social, and decentralized:

1. It must be humanistic in the sense that it allows individuals to prove their unique humanity without requiring them to behave like machines.

2. It must be flexible in the sense that it allows individuals to present a wide range of subsets of their identifying information in different contexts, as appropriate and required, without immediately implying to present the rest of their information alongside this.

3. It must be social in that it recognizes that nearly all data of any value is shared across individuals and the patterns of sharing must be properly managed rather than striving for absolute privacy.

4. It must be decentralized in that most identifying information should not be stored by a small number of data hubs, nor should most protocols for validating such information flow through such data hubs.

All in all, we identified four types of identity:

1. formal identity: our identity is represented by a code or number

2. federated identity: our identity is formed by the private services and applications we regularly use

3. decentralized identity: our identity is witnessed by the attestations of the experiences we have collected

4. social identity: our identity is embodied in the relationships with our social peers