The road to ubiquitous digital identity: reflections from DICE unConference Zürich 2023
The Digital Identity unConference Europe (DICE) was held in Zurich on 7 – 9 June 2023. The event focuses on exploring and discussing various aspects of digital identity. INNOPAY’s Douwe Lycklama was among the attendees, and he has written a blog to share the key insights from the conference.
As a participant of the DICE unConference event held in Zurich on 7-9 June 2023, I found myself immersed in deep dialogues around the emerging Self Sovereign Identity (SSI) ecosystem. It was fascinating to see a vibrant community of technologists, government officials, and thought leaders debating and shaping the future of identity.
Despite the technical ingenuity on display, the path to widespread adoption and ubiquitous usage of ‘user controlled’ digital identity is far from clear. In this blog, I wish to share some of the most pressing observations from the viewpoint of already ubiquitous two-sided markets such as payments and telecommunications.
Uncharted Territory
My main message is this: the digital identity world is rich with technical prowess, but we risk side-lining some major non-technical requirements. It appears to me that mass adoption, interoperability on a service level (the combination of legal, functional, technical, operational, etc.), user propositions, governance and effective communication are yet to be addressed with the requisite clarity and priority.
The representation at the conference was as diverse as it could get, with government officials from the Swiss eID team, UK, Austria, Bhutan, and the USA (Department of Homeland Security) alongside a host of researchers and start-ups. However, despite the broad representation, there were little to no structured discussions on addressing these essential topics in an organised, collaborative manner.
Technical interoperability well on its way
In the SSI space, there are three principal roles: issuers, holders, and verifiers. Issuers distribute tokens, holders store them in their digital wallets, and verifiers decide what requirements they impose on the tokens presented by holders. The Verifiable Data Registry is instrumental in matching the credential needs of verifiers with available wallets and their contents.
But several pertinent questions seem unanswered such as:
1. How can holders know in advance whether their wallet fulfils the needs of a verifier from whom they would like to receive a digital service?
2. How can a verifier determine which wallets contain credentials that satisfy their requirements?
3. Who determines who comes on ‘trusted lists’ of issuers, verifiers, and wallets?
This lack of clarity may introduce unnecessary complexities for users (i.e., issuers, verifiers, and wallets), which could stifle the mass adoption of decentralised digital identity.
Networks, reach and user experience
The decentralised digital identity world may need to pay greater attention to network effects, reach, and offering a unified service experience to all two-sided market actors involved, users and their relying parties (verifiers). The current focus seems disproportionately skewed towards technical interoperability. A more balanced approach should include elements such as a wide range of applications for the ID-service, common branding, clear education of the public, and partnerships with everyday service providers, such as public transport, banks, insurance, and tech companies.
Government services, municipalities, tax offices, and driving licence departments should be onboarded as verifiers from the outset. Let's not forget B2B usage, where digital identity, attestations and authorisations can significantly simplify transactions and processes.
Credentials and data sovereignty
Furthermore, the availability of credentials from issuers seems under-addressed. We may be too fixated on government-issued credentials and may overlook the enormous potential of companies that possess a wealth of data about people and businesses.
Could the W3C Verifiable Credential API currently under development help standardise the protocol for credential verification, thereby improving verifiers' 'reach' to issuers? Two sided markets with ‘many to many’ interactions need standardised infrastructure with clear criteria for participation.
SSI should be positioned and designed to handle more than just identity-related exchanges. We should imagine this infrastructure accommodating transaction histories, preferences for advertisements, personal attributes, and more. We need to encourage businesses to offer data sovereignty to their customers, suppliers, and employees, enabling them to use their data elsewhere.
Laying the foundation for mass adoption
To achieve mass adoption towards the ubiquitous data sharing infrastructure, we need:
1. A clear proposition for users and businesses, answering the question: what are the benefits in terms of ease of use, cost, and quality of service?
2. Strong partnerships with services users engage with daily.
3. A shared branding and trust mark in the public and private sector's communication.
4. Assurance of success and continuity of the initiative.
As we navigate this nascent field, we must remember that adoption will come from understanding and catering to the needs of both users and businesses. The first step is a clear adoption roadmap for the years ahead, where step by step digital ID becomes corner stone of our digital infrastructure.