ID Ecosystems
ID ecosystems enable users to control and share their data with others. They are open, user-centric systems that enable direct interactions and the free exchange of identity information.
Identity ecosystems create trust between people and organizations that typically don’t know each other. They have two major components: "Trust Registries" and "Governance and Trust Frameworks".
Trust Registries
Trust Registries enable the verification of identity data, serving as the single source of truth and can be implemented with different technologies and levels of decentralization (e.g. Domain Name Service, traditional PKIs, blockchains).
There are different types of Trust Registries for different purposes. For example:
- Organization Registries enable the verification of information about organizations acting as Issuers or Verifiers.
- Schema Registries established standards for data models and semantics.
- Revocation Registries enable management and verification of credentials’ lifecycle.
Different technologies can be used to implement Registries. For example:
- Blockchains or L2s: Blockchains are a useful technology to create Trust Registries (e.g. Organization Registries) due to their decentralization, immutability, transparency, security, and efficiency. They provide a permanent, auditable record without intermediaries. Also, they can be used to enable NFTs or SBTs for diverse use cases like tokenizing proofs or assets in a way that can be processed by smart contracts. Today, we see a growing number of developers and organizations focusing on permissioned blockchains (i.e. only a selected group can “write”). Permissionless blockchains, like Ethereum, are still less used than permissioned alternatives particularly due to issues with scalability, costs or the lack of customizable governance frameworks.
- Domain Name Service (DNS): Considering certain drawbacks of DLTs and their relatively slow adoption by the mass market, DNS can also be used to serve as a registry. Though it is not fully decentralized (considering its underlying governance framework), DNS has many advantages like its maturity and global adoption. Importantly, digital identity can be implemented without registries, particularly without blockchains, because identity data (or at least personal data of individuals) is never anchored due to privacy and compliance reasons. However, by combining digital identity with blockchains (or other technologies), robust and trustworthy identity ecosystems that utilize transparent DPKIs and reliable Trust Registries can emerge.
- Traditional Public Key Infrastructure (PKI): Finally, traditional public key infrastructures, that already underpin today’s identity and certificate infrastructure can be used. The main downside is the centralization, information asymmetry and dependence on the PKI provider.
Governance and Trust Frameworks
Governance and Trust Frameworks are like the constitution of an ID ecosystem, ensuring trust in identity data from Issuers and other ecosystem participants. They regulate governing bodies and processes, onboarding and accreditation, liability and enforceability, trust and assurance levels, privacy and data protection, security and interoperability standards. Also, these frameworks align with regulations that impact the identity industry, such as GDPR or eIDAS2 in Europe.
You can read more about this topic in our ID ecosystem ebook.