It is slowly becoming clear to everyone that the super wallet is coming. Whether decentralized, centralized, from governments, banks or fintechs, with ID without ID, only via Decentralized Finance (DeFi) or still quite normal simply as SSO, so to speak – that is now the question.
Whether online or offline, our lives increasingly require us to verify our identity: whether it’s buying a car, shopping online, signing up for an insurance, applying for a mortgage, or signing up for a new service. Current systems for securely verifying and authenticating users are inconvenient and fragmented for users and cumbersome and inefficient for businesses. The current approach forces users to give up their privacy and maintain no control over their own (digital) identity, while security and trust in doing business online with companies and institutions is barely sufficient for the “good enough” label.
The call for a decentralized identity, a decentralized ecosystem has become louder. But so have the challenges that come with it.
What is the role of such a decentralized ecosystem and who plays what role?
With the advent of Web3 and the proliferation of blockchain protocols, we can also see the rise of different wallets that seek to accommodate different protocols and associated use cases. So we are currently seeing two developments: Efforts that rely on one protocol to support a specific approach and the gradual opening towards a multi-chain ecosystem that aims to support all technical “fragments”, protocols and digital assets.
In a decentralized ecosystem, however, the question should not be “which protocol”, “which ledger”, “which application” – the question should be “how can we create a connection of all these efforts in the future?” – because there will not be a globally valid standard tomorrow, nor the day after tomorrow, it will take a very long time.
The wallet should become this new “key” for the users. However, it is not a Wallet or an App or a Brand that is the winner above all, because that is hard to imagine and would only speak for the big players like Google & Co. The medium for the wallet will certainly be the smartphone for the first time, that is already certain. But will every user have the same app as Wallet? No, certainly not, because this is about the basic idea of a decentralized identity ecosystem – interoperable and open. Not just one way, but several ways and solution approaches are being implemented, and they have to be connected.
As fragmented as the technical landscape currently is, the efforts of the various players in the race for the best implementation also vary. In Germany, the basis for digital verification is the eID, but “only seven percent of German citizens say they have ever used their electronic ID card.” (https://en.bankenverband.de/newsroom/comments/digital-identities-steps-path-id-ecosystem/)
Denmark is much further ahead. There, “99% of the population has been using a digital identity (NemID) provided jointly by business and government for more than 15 years.” And in Sweden, several banks joined forces in 2003 to launch BankID.
But whether it’s government, banks, FinTechs, there are multiple players involved in a decentralized ecosystem. There are multiple issuers of verifiable digital credentials for “attestations of identity, confirmations, qualifications, powers, qualifications, or membership cards,” as well as verifiers “(acceptors, applications) that use digital credentials for their processes.” (https://norbert-pohlmann.com/glossar-cyber-sicherheit/self-sovereign-identity-ssi/#Grundsaetzlicher_Aufbau_und_Ablauf_des_SSI-Oekosystem).
Alone, if you look at the market overview of identification service providers, you will quickly come to the conclusion that the solution cannot be to build more silos, but to find another solution.
But which one is it? Is the question of “who should implement it: government or business?” posed correctly at this point?
Taking Switzerland as an example, one can get closer to the answer to this question. : “On March 7, 2021, the Swiss population decided very clearly; with 64.4 percent, almost two-thirds of those who voted were against the E-ID law. This means that the law drafted by the Federal Council and passed by Parliament is off the table. Consequence: back to field 1, Switzerland will not have a national E-ID for some time. The opponents and referendum initiators are of the opinion that the Digital Identity from A to Z belongs to the state tasks and therefore the “Digital Passport” should be the responsibility and issued by the state – without involving the private sector.” (https://www.moneytoday.ch/lexikon/e-id)
But what should become clear at this point is that we have to start somewhere else entirely. It is not the task of the government or of a single actor – it first requires a technical infrastructure, on the basis of which a government can subsequently issue a decentralized identity in the first place.
The question of “who” is wrong – so maybe it’s the “what.” What: technical infrastructure – what exactly: interoperability.
Interoperability: the challenge or the solution
What today’s requirements are for a suitable decentralized ecosystem can be made clear in one term: Interoperability.
What does interoperability mean?
In very simple terms, this term refers to, “the property of a system to be able to cooperate with other systems.”(https://www.dev-insider.de/was-ist-interoperabilitaet-a-957439/).
Furthermore, it is usually about “compliance with common technical standards […]. Interoperability is the ability of independent, heterogeneous systems to work together seamlessly to exchange data or make it available to the user in an efficient and usable manner, without the need for special adaptations.” (https://de.wikipedia.org/wiki/Interoperabilit%C3%A4t).
The need to implement interoperability has been fueled by both the technical evolution from Web1 to Web3 and the related evolution of digital identity.
Silo model of digital identity
Years ago, with the growth of online business, companies were forced to issue a digital identity to each person in order to provide access to their own services. This siloed model and centralized identity management created increased identity fragmentation – the user had to sign in again and again, everywhere, to use services.
With the development of the first graphics-capable web browsers, companies discovered the Web1 for themselves, but what was on offer on the World Wide Web was very different from what it is today. Websites were nothing more than digital business cards. The pages were static, did not have any interactive elements and did not allow any interaction with the users. Later, the first online mail order companies developed, but ultimately the user remained only a consumer.
“Federated” model of digital identity
The next step in digital identity management was to address this problem by further expanding the centralized system, but scaling back fragmentation. The “federated” model with single sign-on services was created, in which vendors provide digital identities for logging into services and websites, for example, logging in with Facebook, Google and co. Although this model attempts to improve seamless processes and user experience, personal data is collected in the hands of a few commercial vendors and the user remains a mere observer in the use of their own personal data. Big data silos, identity fraud, data misuse scandals remain one of the biggest problems.
The structure of the Internet changed fundamentally at the turn of the millennium. Users not only consumed content, but began to produce it themselves. New social networks like MySpace, Facebook and LinkedIn became popular and gave their users the opportunity for interaction as well as self-presentation. Video platforms like YouTube & blogs followed. Thus, the static content of the Web1 gave way to more dynamic forms of communication. Even companies whose website previously served only as a business card now use the new opportunities to interact with their visitors. Web2 thus moved users more into focus, but at the price of their data.
“Self-sovereign identity” model.
SSO as used today is not suitable for interactions between companies and customers; not suitable for true interoperability. It is used for strong profiling and glass user and a closed and controlled ecosystem. Self-Sovereign Identity (SSI) is generated by the user and stored in a self-managed digital wallet. This gives the user full control over their digital identity and they can decide for themselves who they want to share personal information with.
Web3 is not simply a further development of its predecessor. It is a direct response to the specific problems of Web 2.0. Every time users register, they are forced to enter their personal data. Companies thus collect a great deal of information about their users in central databases. What happens to this data in the following cannot be traced by those affected. Giving data sovereignty back to the user is a central component of the current development on the Web.
SSI is also interoperable, making centrally stored identities generated for each service a thing of the past. By using SSI, credentials are transmitted. These are then verifiable according to W3C specifications. Instead of a multitude of credentials, the user merely uses his wallet and the certificates stored in the blockchain in a tamper-proof manner. The process is therefore more user-friendly than existing systems, which makes it easier for users to access new services.
This reduces the workload for companies. Users bring their own identity with them, which enables doubtless identification. Sensitive data no longer needs to be stored on local servers, which reduces the risk of a data breach. In addition, the interoperable system can also be easily used in the analog world for services or access authorizations.
The Web3 for identities is more than just an app – it’s about data sovereignty and interoperability!
Silo thinking was yesterday?
Interoperability is therefore the challenge as well as THE solution. Whether it’s government pilot projects, innovation-driven startups, or use cases from large companies. Everyone wants to participate in the developments. But everyone is also building their own silo.
Where is the fault in the discussion?
We focus too much on finding use cases that would prove interoperable SSI projects. We are experimenting with individual data assets, such as driver’s licenses. We are debating whether the government should help build a super wallet or put it in the hands of private companies.
That’s the wrong discussion. We want data sovereignty for the user and we demand interoperability. To do that, we first need to ensure the technical infrastructure. This is the foundation and must come first. The task will then be to establish the connection. These will then ensure not only interoperability at the technical level – between protocols, ledgers, etc., but also the connection of the use cases and the creation of those very use cases in the first place.
Everyone is an important piece of the puzzle, whether government, bank, or FinTech, but the crucial question is: how do we create the symbiosis of the parts, true interoperability, so that the challenge becomes the solution, so that the user does not have to become the manager of his wallet or even multi-wallet – because then we would be back to Leitz folders, only digital.
myEGO is working on exactly this symbiosis with a product mission to connect all players in the future – interoperable, open and self-sovereign. myEGO is building the technical infrastructure for the digital identity of the future, never asking “who” but only doing “what”.