Evolution of Identity

Centralized Identity- The vast majority of Internet identities are centralized. This means that they are owned and controlled by a single entity, such as an eCommerce website or a social network.

Within its own domain, centralized identity works fine, but it has struggled to keep pace with the rapid growth and variety of online websites and services with which today’s users interact. Most seriously, because the user doesn’t own their identity record, it can be taken away at any time.

Federated Identity- Federation has been one answer to some of the problems of centralization. At its simplest, federation gives a degree of portability to a centralized identity, for example enabling a user to login into one service using the credentials of another. At a more complex level, it can allow different services to share details about the user.

Federation is common within large businesses, where single sign-on mechanisms allow a user to access multiple separate internal services such as HR, payroll etc, with a single username and password. In the consumer Internet, federation is visible in services such as Facebook Login, where websites enable users to create accounts and sign in using their Facebook credentials.

User-Centric Identity- User-centric identity is most frequently manifested in the form of independent personal data stores at one end of the spectrum, and large social networks at the other end. However the entire spectrum still relies on the user selecting an individual identity provider and agreeing to their often one-sided adhesion contracts. Some existing user-centric implementations are also susceptible to charges of unintended data leakage as they move data from one silo to another, trading the user’s willingness for increased convenience with the exchange of their personal data to a 3rd party. Because they are profit-driven businesses, the user becomes a product to be bought and sold, compromising independence and restricting true portability.

They rightly promote the values of individual control, permission and consent, and provide very effective user interfaces. The problem remains that, in a mature personal data store ecosystem, relying parties will need to connect to many such providers to reach a wide customer base, resulting in complex and time consuming integration without economies of scale.

Self-Sovereign Identity- Self-sovereign identity is the final step in this evolution. It is independent from any individual silo, and provides all three required elements: individual control, security, and full portability.

It removes centralized external control aspects from the three previous phases above. The individual (or organization) to whom the identity pertains completely owns, controls and manages their identity. In this sense the individual is their own identity provider—there is no external party who can claim to “provide” the identity for them because it is intrinsically theirs. The individual’s digital existence is independent of any single organization. Nobody can take your self-sovereign identity away from you.