The industry is working on the standardization of types of identity and the uses of identity types. Therefore, I would like to spend more time on overall identity standards. The deep, tactical, necessary step of making identity data portable, reusable, and secure.
There are several players trying to standardize digital identities, not just on a blockchain. Here are some of the ones I’ve been studying:
Pikcio believes there are several benefits to standards for the maturity of blockchain-based identity solutions:
Clarity helps everyone move forward with a common purpose and vision. ISO 9001 helped companies in many industries improve product quality and compliance. Similarly, identity standards will help organizations in all industries with best practices for capture, validation, and sharing of identity data. There will be less extraneous work as everyone convenes around similar principles.
Once everyone has agreed to standards, security professionals can work collaboratively on protecting identity data and systems. Entire industries will combat hacking and other threats, as opposed to individual companies fending for themselves to protect unique systems.
Identity vendors talk about how companies will benefit from reusing blockchain-based identity data, and its improvements in terms of financial, compliance, and customer experience. Individual consumers will gain more value from control over their own data. However, for those benefits to occur, both individuals and organizations need to be able to trust the output from identity systems. Standards will give all users more comfort that they can trust identity systems that use blockchain.
We need standards to help us clarify how we’ll all work together toward the common good of protected and self-sovereign identities. As standards are created, we’ll have more people working on the same models. Ultimately having more people in the same space is better than small tribes, each trying to figure out the best way to expand and protect their own little corners of the distributed identity universe.
Now that we know why standards will be so important in making blockchain-based identity more mature and mainstream, let’s spend some time on the different standards that are needed and what each does. Pikcio believes that standards are needed at several layers of identity:
What constitutes identity data? There are some standards for personally identifiable data like government-issued documents (passports, birth certificates, etc). But what about other kinds of data, like medical records? Xrays, dental records, all have a different level of detail than appointment schedules or patient lists, for example. Classifying data based on its type and on its uses is important when thinking about other standards. What someone can do with the knowledge of a patient’s primary care physician, for instance, compared to what someone can do with a passport.
How data is classified and stored in databases and how it is interoperable is a key basic standard that needs to be addressed. Without a standard format, we will just replace today’s siloes with new ones. We need standards that allow data to be shared across interoperable networks easily.
NIST calls this identity proofing: allowing network participants to have a common understanding of how identity data was validated at its inception. If one tokenizes a driver’s license on a blockchain network, how does the network know how that driver’s license was validated? Which process was followed? Also, there can be different levels of validation based on the kind of data. For instance, government-issued data requires stricter validation standards than personally identifiable social media accounts. This will be important particularly for re-usability. Whether or not to trust tokenized identity data has a lot to do with whether you trust the original authenticator.
Some personal data will not change over individuals’ lifetimes – a birthdate, place of birth, attended university, eye color… Some data will change, sometimes frequently, such as resident addresses, bank details, number of children, etc. When sharing identity data on a blockchain network, the people checking the data (employers, mortgage lenders, hospitals…) need to know when the data was last validated. We already use dated records like utility bills to prove where we currently live. On a blockchain network, everyone needs to know data has been checked and frequently re-validated in order to trust the validity of said data.
All of the hashes and connected data may be correct, but the network also needs to be sure that the person (or company or device) using identity data is, in fact, the owner/controller of that data and that a bad actor hasn’t obtained identity records illegally. Being able to secure identities and quickly determine which ones have been hacked or taken over is critical.
The standards development process has really just begun in blockchain-based identity. There is still a lot of work that needs to be done. As these standards evolve, blockchain’s potential to revolutionize identity can be fulfilled.