Guiding principles for nation scale identity-based solutions

The recent announcements from the Union Government come just in time as businesses transition to using distributed ledger technology and especially blockchain based IT architecture patterns. Within the context of evolution of large-scale resilient IT architecture designs the availability of public cloud based infrastructure makes a natural complement towards adoption of distributed ledger technology in order to enable process efficiency, transparency and security. And while bitcoin (or cryptocurrency) may be the best use case of applications on a blockchain, in recent years there have been a wide variety of domain specific implementations which underline why some problems of scale are indeed well suited to be addressed using such IT architecture patterns.

This digital transformation is not a slow crawl — rather it is wide-ranging, rapid and opens up opportunities within the value chain which did not exist in the status quo.

Distributed ledger technology enables decentralization. In turn this creates a form of disintermediation. As applications built around services land closer to their end customers, the natural approach is to focus on service end-points or application programming interfaces (APIs). A rich, stable, well-documented and robust set of APIs are critical towards incubating ecosystems or marketplaces which are customer focused. The economics of such a platform demands that the participating enterprises are able to clearly deliver value and empower the users of their services.

The basic building block of decentralized applications and services being made available is of course digital identity (dID). Built around a set of foundational identity/identities (fID or fiDs), the dIDs enable the transformation of the identity contexts of living individuals into a multidimensional form that is embedded in transactions in the digital world across the public internet. In this context, as we begin to see more applications being designed to use and enhance the power of the national health ID or a civil births/deaths registry or even when applied to institutions such as the National Recruitment Agency (NRA) we will need to commit towards adopting certain foundational principles which are a key towards self-managed dIDs as empowering, inclusive and privacy-preserving.

Creation of dIDs and digital transformation are a first step towards a conversion of various classes of assets and types of information into a standardized digital format. This digital transformation is now a slow crawl — rather it is wide-ranging, rapid and opens up opportunities within the value chain which did not exist in the status quo. Self-managed (or even self-governed) dIDs have the key attribute of portability. With the users managing and sharing dIDs and digital assets linked to the dIDs (in the form of Verifiable Credentials or VCs) there is now interoperability between infrastructure and portability of data. This is the reference frame in which to understand what would be the principles guiding the design, development and deployment of applications and services which are distributed and decentralized.

The Principles of Self-Sovereign Identity are now best juxtaposed with the Presidio Principles to ensure a higher degree of accountability and trust in the platforms, applications which enable users to exchange information and share data based on agency, accountability, privacy, security and governance.

The way forward in creating a network effect based adoption of decentralized apps and services (beyond mandates from the State) is based on how the design of these services balance the following facets

  • Control — enabling the user with easy to use mechanisms and flows which create consent mechanisms and help control the flow of information based on purpose, scope and time
  • Access — users should be provided with choices and unfettered access to their own data (both personal and non-personal data) and in a manner this is linked with the concept of control and self-governance.
  • Grievances and redress mechanisms — with a high degree of machine readable data exchange, the end user is unlikely to be engaging in interactions with another human. In such cases, the ability to clearly raise grievances and have redress mechanisms enhance the confidence of the user and create a positive feeling for the integrated set of systems
  • Fairness, Accountability and Transparency — this triad of system attributes help contribute to the ability of the user to comprehend whether there is systemic bias or discriminatory approaches encoded into the process flows.
  • Minimal disclosure of data — Zero Knowledge Proof (ZKP) based methods are becoming increasingly popular in systems and services which are designed to prevent a full spectrum gathering of data often beyond the purpose of the exercise. Applications and services which are designed to focus on minimum requirements of data context are naturally amenable to encouraging the users with minimal disclosure of data

At this point there is an absence of industry standards which determine the level of trust in the design and development of decentralized applications and services. The Trust over IP (ToIP) Foundation has a specific set of work items to create specifications, guidelines and recommendations which focus on areas around governance. There are task forces focused on Trust Assurance, Roles and Processes which enable ecosystems to adopt and establish guidelines which are in the best interest of the community. And while the ecosystem is at a nascent stage and thus good-faith actors focused on growing the market share is natural, there is a need to have regulatory mechanisms which audit and certify such ecosystem participants. Self-managed digital identities are crucial to maintaining human rights and freedoms enshrined in the constitution of nations. As citizens are empowered to create their dIDs, it is necessary to design and put in safeguards which help prevent restrictions and constraints on such fundamental rights and freedoms.