Five tests for ensuring your portable identity systems are secure, private, flexible, and non-correlatable
If you are reading this, you’ve probably heard of digital credentials. If so, it’s likely you’ll have realized how they will transform the world we live in.
Whether it is a driver’s license, a plane ticket or a vaccination certificate, a digital credential lets you carry your data and prove it to anyone you want. All without a “big brother” watching everything you do. The potential is enormous, combining a reduction in friction (authenticate anyone or anything in seconds), an increase in security for everyone, and magical user experiences.
Organizations around the world are trialing, piloting, and launching digital credential-enabled services at an exponential rate. We’re seeing entire ecosystems pop up, like the Alberta Credentials Ecosystem and the COVID-19 Credentials Initiative, along with innovation across startups and the Fortune 500 alike.
Yet, while the world is rapidly moving toward this new model of trusted and verifiable data, it’s important to note that there is a right and a wrong way to design such an architecture. Compromises made today in the rush to deploy will have a great impact on the future of online safety, privacy, and security.
This is why it is vital to plan ahead, not take shortcuts, and not compromise. This approach will reinforce the long-term safety of digital credentials for all those who use them.
By adhering to these principles and implementing digital credentials safely, we will all benefit from a faster, more productive, and friendlier digital world. We have powerful new tools at our disposal, so let’s use them properly.
If we don’t, we could end up with new “super-cookies” that will correlate everything everyone does online. We could be opening the door to the next generation of mass digital surveillance technologies and perpetuating rather than fixing the worst aspects of the current online world.
This is much bigger than one company – the future of the online world is, literally, at stake.
To be future proof and safe for all participants to use with confidence, we’ve defined five tests to determine if you are using what we call “safe credentials.” Implementors need to ask the following questions:
Safeness Test #1
Are you preventing correlation by decoupling issuers and verifiers?
Why should you care?
If a verifier needs to contact the credential issuer every time you (the holder) use a credential (“phone home”), the issuer will be able to correlate everything you do and everywhere you use that credential.
The issuer could act in “god mode” and maliciously stop you using your credentials somewhere. This is at odds with the now widely-held belief most progressive organizations hold that everyone has the right to own their digital identity, and should have complete control over data access and use.
This is still a problem even if the issuer is not malicious. The issuer may have ceased to exist. They could be destroyed in a war, gone bust, or gone offline due to a system crash.
What happens when we do it right, using safe credentials?
You present data to a verifier, and they can check its authenticity, validity, and revocation status without ever having to contact the credential issuer.
The issuer and the verifier are “decoupled.”
Safeness Test #2
Are you using safe signatures to prevent correlation?
Why should you care?
If your implementation reveals the issuer’s signature to every verifier, that signature becomes a correlation super-cookie enabling 3rd parties to track your online activities.
What happens when we do it right, using safe credentials?
The credential issuer signs your credentials in such a way that you don’t reveal the issuer’s signature each time you use them.
By using safe signatures, you only share a proof that the issuer has signed the credential. You don’t share the issuer’s correlatable signature.
Safeness Test #3
Are you ensuring portability and interoperability?
Why should you care?
Proprietary solutions will result in the perpetuation of disconnected data silos that are focused on monetizing your data.
Users will be confused and limited.
Interoperability will fail. The benefits of global scale will not be realized.
What happens when we do it right, using safe credentials?
You can use your digital credentials anywhere, just as you can use a physical passport anywhere.
You can swap them out of one wallet app and into another.
Organizations can buy credential exchange platforms from multiple suppliers in a competitive market because they are using open standards.
Safeness Test #4
Are you enabling flexibility and data minimization?
Why should you care?
If you have to reveal every data attribute when you use a credential, it’s likely you are sharing too much. Privacy regulations now restrict the overcollection of data. People only want to share what is necessary, and no more.
We all have multiple personas. A work persona, a traveler persona, a cinema-going persona. We need to be able to share different data for different persona contexts.
What happens when we do it right, using safe credentials?
A credential holder can extract individual attributes from a credential and then share just a single attribute, or even just share proof about an attribute without sharing its actual value.
For example, just sharing the type of vehicles you are qualified to legally rent and drive without sharing your name, address, weight, eye color, and donor status from your driving license.
You can also combine individual data attributes from different credentials and different issuers into a single proof, enabling you to present the right data for the right context without oversharing, with just one click or tap.
Safeness Test #5
Are you ensuring trust goes both ways?
Why should you care?
Trust must be bi-directional.
If only enterprises can verify credentials, then individuals will be left at a disadvantage. As an example, huge amounts of financial crime currently take place because bank customers do not have the tools to verify whether they are talking to their bank or a scammer.
What happens when we do it right, using safe credentials?
Anyone can issue credentials, and anyone can verify credentials.
Establishing mutual trust means that an individual can verify the authenticity of an organization, and vice versa.
The stakes are high.
These five tests will help you to determine if you are building the right solution or not.
If we do things wrong, we make surveillance capitalism even worse, with no easy way to revert the choices that led us here.
If we do things right, we can enable a world in which our digital relationships and transactions are rooted in trust, security, and privacy. We’ll be able to transform business processes that were previously untransformable, eliminate data intermediaries and costly human verification processes, and create superior customer experiences with less friction.
Most importantly, safe credentials are what we need as a society. We will all benefit from a world of safer, private, verifiable, and non-correlatable credentials.
And today, by choosing solutions that support safe credentials, you have the opportunity to make this world possible for your customers, employees, citizens and other stakeholders.
