ThirdSpace ThirdSpace
ThirdSpace
Close 0 Reset Search Run Search What are you looking for? Type at least three characters to search. Filter Search Results
  • All Content
  • Blog
  • Case Studies
  • Event
  • Resources
  • News
  • Careers
  • Access Centre
  • Technologies
  • Workshops
  • Solutions
  • People
Load more
17 January 2020

Distributed identity: A beginner’s guide

  • Identity and access management
David Guest

Control over your digital identity could soon be back in your hands thanks to a new, distributed approach to identity management.

Identity within IT has been around for a long time. Specifically, within IT, identities have been used in applications such as finance, HR or other systems. When network systems became more prevalent (yes, this was back in the ’80s), what DID people do to sign in?

Usually an ID would be needed to sign-in to the network infrastructure (but probably not the PC) and access files or applications. Different applications would have different administrators, each with their own ideas about what an ID should look like.

More recently, IDs have become more like email addresses (UPNs) and are owned by the email domain owner. This could be gmail owned by Google, or Hotmail owned by Microsoft, or thirdspace.net owned by ThirdSpace.

How DID identity come to be so linked to the applications and mail services rather than the individual?

And why do I keep putting DID in capitals?

 

The dawn of Microsoft decentralised identity

Maybe personal identities shouldn’t operate this way. Instead, there could be a personal ownership of an identity.

This idea leads to distributed identity (or decentralised identity as Microsoft are calling it), often shortened to just DID. This is a concept that should allow for an individual to create an identity that can be used as a basis for authentication or validation of an exchange.

An example of this could be a university degree. Issued by a university to a graduate and linked to their DID. The graduate can then arrange for the degree to be stored digitally and then pass on details of the location to prospective employers. The employer is then granted access to the degree by referencing the identity.

“Once created, the identity could be validated by external entities; banks, universities, governments, or even other validated identities.”

The identity can be stored in a distributed, secured, trusted location, potentially based on something like blockchain technology.

Blockchain allows for data sets to be stored in a set of distributed datastores in an environment where the data cannot be modified.

It can be thought of as a set of entries in a double entry accounting ledger that is automatically copied multiple times.

The security around each entry (or block) would require a change to be made to all of the copies at the same time. Because of the way blockchain works, any change to an old entry would also require a change to be made to ALL of the following entries at the same time.

So, how does distributed identity work?

The identity can be initiated by an individual through an agent of some kind, either on a device or through a browser-based application.

Once created, the identity could be validated by external entities; banks, universities, governments, or even other validated identities. This could work in a similar manner to the more formal process used by banks to identify an individual (proof of address through documents). As DID gains more validation it can be accepted by more services.

The data that makes up the DID is controlled by the owner. Each identity request granted by the user allows access to specific sets of data, ensuring that privacy is included by design.

Microsoft have postulated over the interaction between the user and the decentralised systems based on an agent controlled by the user (the UA).

The information provided to the user is encrypted using Decentralised Public Key Infrastructure (DPKI), and the agent then allows the user to update specific attributes, or modify the access available to the services being used.

All of this should enable individuals to take control of their digital identities. Bringing together a view of the individual’s evidence and corroboration, along with the relevant details that they would like to share (or keep private) and a record of all the entities that have had access and the accesses that have been made.

One concern with this may be that, in the future, a digital identity may have a “score” that reflects how that identity has been verified and used. In the same way that a credit score today may influence the financial services that an individual may gain access to, a digital identity score may influence the digital services and access controls that an individual can access.

Another issue is the naming of the entity that is being managed. We already know that email names are becoming less and less relevant to actual individuals. Today, Google will let me have an account called “guestdavid67” or “guestd080” but not “dguest” or “davidguest”.

With a growing population and people not wanting to re-use addresses, there needs to be a standard method to provide a name that can be used by an individual that is easy to remember and standardised.

This is only one of the standards that will be required. Others will relate to the addition of testimonies, access to resources using the identity, claims around the identity, and the authentication of the user to access the identity service.

 

Conclusion

The adoption of distributed or decentralised identity is something that is almost inevitable. People will want to own their identity, have it in a form that can be used across a number of different services, and have it available on whichever device the identity owner wants to use.

Organisations like the Identity Foundation are pushing ahead with standards and are working with a very large list of organisations:

With a list like this the progression is likely to be quick, so this technology could soon be available to everyone in the near future.

Next, hear about Microsoft’s plans for implementing decentralised identity in Alex Simons’ 2019 keynote speech.

You may also like...

Blog

What is SCIM and how do I make the magic happen?

Blog

Privileged identity management (PIM) vs. privileged access management (PAM): In a nutshell

Blog

Moving apps to Azure AD: Planning your migration strategy

Recent Blog Articles

View All
Author
David Guest
Solution Architect and Technology Evangelist
Learn More

Need advice? Our experts are waiting...

Simply request a free Vision Call. We can help you with solution ideas, technology education, best practice advice and more.

Request Vision Call
Award-winning solutions Award-winning solutions

Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.

ThirdSpace Please upgrade your browser

You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:

Windows Mac

Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.