INATBA Hosts Transatlantic Discussion of its Position Paper, Decentralised Identity: What’s at Stake?

The International Association for Trusted Blockchain Applications (INATBA) hosted an online discussion on 21 January looking at its position paper Decentralised Identity – What’s at Stake? Stakeholders were invited to look at current adoption of decentralised identity through the lens of the described ideal scenario and contribute to identifying next steps and understanding political/regulatory buy-in to the idea and potential barriers.

The virtual event, also entitled Decentralised Identity: What’s at Stake? was hosted by the INATBA Identity Working Group. Kai Wagner, in his role as a member of INATBA’s Board of Directors and Co-Chair of the INATBA Identity Working Group, moderated the event.

The paper, authored by six contributors and written over the course of a year, was produced by INATBA’s Identity Working Group with the aim of defining the expectations for an open and innovative market in decentralised identity. It analyses the current state of Self-Sovereign Identity (SSI) developments and opens up discussion of the next steps, taking a clear stance on how INATBA would like to see development continue, making demands for the key stakeholder groups and setting goals for the future of SSI.

Answering the paper’s core question of “what’s at stake,” the paper gives an overview of three essential scenarios;

  1. Ideal – full convergence of SSI technology with interoperability by default.
  2. Functional – partial convergence resulting in detached ecosystems.
  3. Dysfunctional – no convergence and isolated, locked-in ecosystems.

With an awareness that the INATBA paper’s ideal position might be seen by some as “utopian,” Kai went around the table to gauge the participants’ response.

We risk implementing a solution that further locks individuals out of mobility – socially and otherwise – as well as locks businesses out of future business agility.

Without achieving interoperability, said Karyl Fowler, CEO of Transmute, a software company working within the sector and active member of the Decentralised Identity Foundation’s (DIF) Steering Committee, we “risk implementing a solution that further locks individuals out of mobility – socially and otherwise – as well as locks businesses out of future business agility.”

Despite having doubts that blockchain is the universal panacea some believe it to be, Anil John, Technical Director of the US government’s Department of Homeland Security’s Science and Technology Silicon Valley Innovation Programme, noted “I tend not to buy into the techno-utopianism of self-sovereign identity.” But, he continued, “I do believe in personal agency and control.”

This was the starting point for work he was funding to try to create a competitive ecosystem of services. “As a US government agency, we have often been walked into a corner by vendors and told this is the only magic thing that will solve your problem,” he said. “If you want to go down that path, you need to ensure that there exists a competitive ecosystem of service providers that actually interoperate at a base level on the security and privacy side.”

Open is easy to say and hard to do.

We need to discover “how to put more trust in the network, have a more decentralised trust framework and more permissionless autonomy to safeguard accountability and cherish free speech on the Internet,” explained Dr. Loretta Anania, Scientific Officer at the European Commission’s DG Connect and related capacity as Project Officer of eSSIF-Lab. With 30 years of experience funding Internet research for the European Commission and time spent at MIT before that, Loretta has a nuanced understanding of what these goals entail. “Open is easy to say and hard to do,” she added. 

However, with the European Commission’s plan to make the next decade one of twin transitions, putting green and digital into everything it does, Dr. Anania noted, although this will be difficult, it is also a beginning and especially when standards are being set, “It’s important to be there, involved at the beginning.”

INATBA’s paper addressed important questions about the evolution of the technology and its adoption, thought Daniël Du Seuil, convener of the European Self Sovereign Identity Framework and the national Belgian self-sovereign identity (SSI) project leader. Both public and private sectors need to know the best ways to migrate from the current centralised processes to new, decentralised systems.

How can we empower the citizens?

SSI, he argued, could be the answer to what the newly established call for a European digital ID is looking for. In the end, Du Seuil concluded that the question is always the same: How can we empower the citizens?

Tying up the common threads between the panelists’ first responses, Wagner noted a clear difference between the US and European approaches. In Europe, interest comes from a perspective of data sovereignty for citizens, while in the US there is a broader requirement, wanting no system lock-in for all types of exchanges such as the provenance of goods and information as well those of private identities. But while there is a difference in the motivation, as these were essentially similar if not the same problems, could we ensure that the eventual solutions were compatible?

Use cases are key, argued Dr. Anania, however, the core problem isn’t seamless compatibility, but one of waste. And the answer is data minimisation. For now, we should look to the use cases: “Start small and use the best possible solution.”

True interoperability requires two things, suggested John. Initially, standards and specifications must be ingrained in the implementation of the technology, proven by publicly open, interoperable test suites developed and widely available to make sure that anything is conforming to the standards. Then, end-to-end matrix testing must be conducted between implementations. He also recommended that the test suites be owned and available independently of the companies developing the technology, such as the WC3.

Technology is not a silver bullet. If we implement it on a process that is fundamentally not serving the way that we’re interacting… We’ve just created more problems.

How business owners or individuals come to the conclusion that interoperability is important is very use case dependent, said Fowler. This is easier to see in public sector applications. She also recognised that switching technologies is a costly affair and not one businesses can take on lightly. “Technology is not a silver bullet,” she said. “If we implement it on a process that is fundamentally not serving the way that we’re interacting… we’ve just created more problems.”

With new technology, said Du Seuil, you need stability. You do not need lots of new initiatives. Right now, this technology is not mature enough to say interoperability can be arranged in one way or another. We all know the end goal but getting there won’t be easy.

Posing a final question to the panelists, Wagner asked what kind of interaction do we want to enable to achieve true interoperability?

John remarked the hardest aspect of interoperability is following what he called the three Ps: “Pipes, payloads and policies… Pipes are the protocols you need to agree on. Payload is the data format of what’s moving through the pipes. Everything else is the policy construct that you put in place to make sure that everybody’s talking about the same thing.”

Having the public sector buying into the need for interoperability and standards was liberating, said Fowler. It would redefine what was pre-competitive and working with your competition rather than against it could only be productive. It was liberating for innovation.

Eventually, interoperability and the development of standards are key to driving adoption, Fowler said. Without that we would be locking businesses out of a more agile future and locking individuals into limited mobility. 

Drawing on her experience, Dr. Anania said that while she had faith it would happen, standardisation takes decades. But, “Standards are not the right place to start. I start with people who have good ideas,” she said. Coherence with common standards will come. “But I’m patient.”

Agreeing, Du Seuil went on to argue that for him, interoperability is next to security in its importance. However, regulation is also essential as openness will not come easily. On an optimistic final note, Du Seuil remarked that this is an interesting time. Both industry and the public sector are interested in decentralised identity. We now need to prove this technology really works.

If we collaborate in an open way, then interoperability will come.

At the end of the two-hour session that continued the conversation started in INATBA’s most widely downloaded report to date, we were left with three key messages:

  1. Creating an open market requires test suites with both open governance and full end-to-end testing between market actors available

  2. It is possible to conform to standards and still not be interoperable

  3. Trust frameworks are needed to define the trustworthiness of issued credentials.