IDunion is a new European decentralised identity management platform that is promising to bring user centric digital identity with privacy at its core. In this podcast we had Adrian Doerk – Product manager at Lissi and communication & Public relations at IDunion, walk us through IDunion.
What is blockchain?
For Adrian, blockchain is just a data structure. When you expand its definition from a DLT (distributed ledger technology) perspective with multiple nodes on a network what makes it interesting is whether the rights to writing on the network are permissioned or permissionless. This is determined by the type of consensus that exists on the network who determines who and what is written into the network.
Present challenges with digital identity
History of the digital identity on the internet:
- Isolated siloed identity where users would login and authenticate themselves with the provider of a digital identity for accessing a service
- Federate identity where multiple companies and institutions got together and agreed on a single sign on for multiple sites. However, the challenges of this model is that the identity was still focused on a central operator and not all companies and institutions where comfortable with this approach
- User centric identity where a classic example is login with Google login or Facebook login. Whilst this is very convenient for the user it does lock up the user in a proprietary ecosystem which is very dangerous since these providers live from user and behavioural data which they resell to third parties.
The next generation of digital identity will be designed with privacy by design principles. It will be a user centric proposition that is both convenient but also gives the user more control around their identity for authentication and identification purposes.
- Identification asks: who are you?
- Authentication asks: is it you again?
IDunion is a consortia, whose aim is to build an open ecosystem for self sovereign identities controlled by its user. Whilst the platform can be used everywhere it is based on European values, laws and regulations.
Everyone (including natural as well as legal persons and things) has the possibility to manage their identity information by themselves and to decide when they want to share this information with whom. The sovereignty over one’s own data is tremendously important, especially when it comes to very sensitive and personal information.
Users can choose one of several wallets, which are used for storing and presenting credentials to third parties as required. This is helpful for a wide range of use-cases and enables a new way of identity management. Thus, technology companies are no longer acting as a central identity manager, but the user himself! The user can decide where the information can be seen, which program is used to manage information and with whom this information is shared. We call this concept the self-sovereign identity.
IDunion uses Hyperledger as a kind of technical umbrella for their multiple implementations:
- Hyperledger Indy for the implementation of the network
- Hyperledger Aries for the agents which communication with the network
- Hyperledger Ursa for the crypto libraries
IDunion initiative was started by a number of German stakeholders and early on received some funding from the German government.
The newly founded IDunion organisation will act as the legal entity behind the network and represent the stakeholders’ interests within a European Cooperative Society (Societas Cooperativa Europaea S.C.E.). In addition to operating the network, the organisation’s main tasks will be to attract new partners and to bring together partners working on the same or similar use cases. This ensures that all European participants are put on a level playing field.
The participants in the network have defined rights and obligations to enable legally binding relationships which are in harmony with the European legal framework (especially eIDAS and GDPR).
Benefits for the user – user centric design
The interesting aspect for the end user is that with IDunion they will have peer to peer encrypted communication channels which they can use to exchange verifiable information.
One of several wallet apps offered can be downloaded to the mobile device and used to receive, store, manage and present digital credentials. The data is stored locally on the mobile phone and can be transferred from wallet to wallet thus ensuring data portability.
Selective disclosure of personal data and encrypted communication prevent the creation of user profiles by third parties. The wallet offers the possibility of storing, managing and sharing all personal data in a bundled form as required. For example, users will have a clear history of what information was shared with whom and when giving them a clear history of the shared data and that they can execute data protection rights such as the right to be forgotten.
This facilitates access to online offers of companies and institutions and creates transparency for all parties involved.
Benefits for the corporation
The network enables the clear verification of customers, companies and institutions. This facilitates access for customers and saves companies time, costs and administrative work. Since companies can independently verify the identities of business contacts, identity fraud is prevented to a large extent.
Furthermore, the single sign-on functionality offers the user a user-centred alternative to a password or the dependence on a single technology provider. Since users store their data themselves, this leads to fewer obligations and potential penalties of data protection regulations such as the GDPR.
What we have to remember is that personal data can be a liability for companies. If we look at some of the recent data breaches that have led to massive GDPR fines it shows that storing personal data in a centralised way acts as a honey pot for hackers.
Benefits for institutions
Institutions such as educational institutions, state authorities or citizens’ offices can use the network to identify citizens in an eIDAS-compliant manner and thus provide easy access to their services and systems. Once a connection is established, information requests can be sent directly to the citizens’ wallet via an encrypted connection.