The power of decentralized identity is that it decentralizes governance—enabling flexible solutions within a privacy and security-driven framework.

By Trevor Butterworth

The past year has seen decentralized identity emerge from its “talk” phase and into its market phase. At the same time, the market is increasingly aware of the need for decentralized identity solutions to manage  immediate problems, like the privacy and security challenges in banking and finance,  the how to share and verify personal health data in hospitality and travel, and the need for constant, frictionless authentication in zero trust security applications.

But there is also the growing realization that decentralized identity is the way to manage verification and security in decentralized finance, Web3, and the metaverse, while allowing each to maintain its underlying decentralized integrity.

Verifiable, secure, and interoperable identities will be critical to controlling the “Internet of Everything,” otherwise known as the spatial web, where an ever-expanding range of cameras and sensors using hyperspatial markup language will allow digital objects to engage with non-digital objects. It’s not just the drone that will have a verifiable identity; the parcel it carries will have one too.

All of this makes 2022 the year of the decentralized identity solutions, a chance for this long-evolving and much-talked about technology to show how it can solve the verification problems inherent in Web 2.0 and create trust in Web 3.0. Now is the time for these solutions to articulate how they will save money, make money, and mitigate risk. To do that, obviously, we need products and services; less obviously, we need to understand that the role of governance is to serve the solution and the customer.

Enterprises want to buy solutions that solve problems, not engage in philosophies that make deployment feel like climbing a mountain of documentation

Given decentralized identity’s long gestation, it is inevitable that a lot of talk accumulated into governance documents and governance frameworks. Every new technology needs to be talked into existence while the engineers catch up: We have to talk about something to figure out how to build the solution; we have to talk about problems and pain points, standards and protocols and technical requirements.

But there comes a point when all this talk must recede into the background documentation. Right now, it can often seem that governance frameworks are the solutions and the technology is incidental or worse, inadequate.

This is a problem, and it is compounded by a miasma of confusing  terminology, sequential processes, and technology and governance “stacks.” These  are difficult to process into a simple “aha” if you are among the uninitiated — which is most of the potential market for this technology. Decentralized identity has not yet found its equivalent to the “1,000 songs in your pocket,” what-it-all-means message that successfully launched Apple’s iPod. That kind of messaging is critical, and governance frameworks do not, frankly, speak with that clarity and compulsion.

This is not to say that we don’t appreciate the importance of shared standards, clear technical requirements, and best practices: we do; but they are not the solution—no more than governance is for cloud services. They serve the solution  and the solution serves the customer’s needs.

It is time for solutions to take the spotlight.

Governance should be flexible, pragmatic — and decentralized

You may have noticed that this article has, so far, avoided mentioning “self-sovereign identity” or SSI. SSI is what the identity community originally called decentralized identity—and still largely does. But it can be a problematic term for some audiences because it can be read as saying that in decentralized identity there is no such thing as society, there are just  “selves”— self-sovereign identities that are all co-equal.

While a foundational principle of self-sovereign identity is that individuals should be in control of their own data and identity, the reality is that there are other kinds of sovereign entities besides individuals: nations, institutions, membership organizations, companies, each of which carries its own governance history and culture and which imposes rules on its subjects and negotiates and interoperates with other sovereign entities.

If any of these entities chooses to adopt decentralized identity, it is making a clear commitment to a privacy-preserving, secure technology, simply because that’s the technology’s function and not just a feature. But it is also going to deploy the technology in a way that accords with the goals of its existing governance because that is what sovereign entities do.

Some of these deployments are going to be less than fully self-sovereign, and we must recognize that governance frameworks for decentralized identity are going to be negotiations with existing governance requirements; there needs to be flexibility.

This is the reason why we advocate “machine-readable governance” as an architectural solution.

  • First, machine-readable governance simplifies how decentralized identity works: The user software handles the rules for information flows and authentication, which are established and published by the entities with authority for governing the use case.
  • Second, this architecture makes these rules transparent.
  • Third, and critically, it enables these rules to function offline through caching, which, when you think about it, is an essential feature in any digital identity verification system; trust can’t be dependent on a Wi-Fi signal.

But there’s a broader value here too. The architecture of machine-readable governance architecture enables nations, institutions, and people to set up and participate in systems that directly address their problems without having to transfer power to unnecessary intermediaries; power, instead, remains with the existing governing bodies.

This, we believe, makes the system more trustworthy, as we don’t need another layer of bureaucracy to ensure that we can trust the third-party trust registry from enacting tolls, excluding participants, or exercising monopolistic power.

We also believe it is a mistake to think that governments are going to show up and submit to governance institutions and frameworks that are not of their making or under their control. Similarly, any decentralized identity solution that posits, “first, we create a league of nations,” isn’t just doomed, it actively dissuades people from taking the technology seriously because it makes unrealistic government participation a prerequisite for the technology.

Futureware is a vampire that will suck the life out of opportunity

No matter how well-meaning, governance recommendations that require implementing technology or standards that aren’t presently available — and may not be available for months or years — are acts of marketing self-sabotage. There must be a path to immediate implementation. It is vitally important that this path does not foreclose better solutions in the future, but there must be a path.

We understand the fear of institutionalizing the wrong software solution and then being stuck with applying band-aids for years. This is, after all, what landed us with the problem decentralized identity is designed to solve — the internet’s missing identity layer for people. But the benefit of open-source software development is that it promises continuous improvement.

If we deliver a good open-source solution today — in the face of many terrible centralized and federated alternatives — it will keep evolving as technology improves.

 Ockam’s Decentralized Razor

Finally, for all those in the decentralized identity field, we should remember the value of parsimony, famously attributed to themedieval philosopher William of Ockham: Do not multiply entities beyond necessity. In other words, don’t create rules and processes and bureaucracies without established and compelling reasons for doing so.

The aim of decentralized identity governance should be the greatest number of applications from the smallest number of rules and in the shortest possible number of pages. Confusion and complexity will block adoption.

Consider what scientists discovered about effective communication to policymakers: If you can’t explain the science in a half page, chances are you’ll lose the attention of those with the power to implement change.

To implement simple and powerful decentralized identity solutions, with the flexibility of machine-readable governance, contact us.