onSep 4, 2019
onSep 4, 2019
This document introduces how Trust Alliance will meet the decentralised digital identity challenge by putting people at the centre of design and in control of their data.
In our digitally enmeshed world, having access to a trusted and verifiable digital identity is essential to human dignity. More than 1.1 billion people have no official proof of identity which stops them from accessing vital services, protections and rights including voting, healthcare, social protection, education and finance. A further 3.2 billion people have some form of identification but cannot use it on digital channels, diminishing their ability to fully engage in contemporary society where digital tools and platforms are ubiquitous in our public and private lives. Bridging this digital identity gap can help unleash human potential by expanding civic, social and economic opportunities for many.
Globally, efforts to solve digital identity have been led by governments and businesses, with mixed results for citizens and users. Government digitisation schemes can disempower and frustrate as they prioritise departmental over citizens’ needs , while businesses such as banks and technology companies focus on proprietary products and business models that treat identity data as an asset to be monetised. The end result is a fragmented digital identity landscape, with many competing platforms and services, costly business integrations, and poor user experiences. Our digital trail, a range of data we share about ourselves purposefully or inadvertently as part of our everyday digital lives, is the bedrock of contemporary business and governance models. Our personally identifiable information is accessed and used by different institutions with different levels of data protection or commitment to ethical standards. While data-driven tools can improve life in demonstrable ways, from enabling better access to help when people need it to empowering social connection and change, they are becoming so entrenched in our lives – whether it is to work, do our banking or access social welfare services – as to make their use compulsory.
This relationship between everyday digital technologies, the benefits they provide, and the power and control they enact has sparked a growing concern and interest in the public sphere over the last few years. Labelled as ‘surveillance capitalism’ by Shoshana Zuboff, and ‘data colonialism’ by Nick Couldry and Ulises Mejias, the implications of data acquisition on people’s rights have become a critical issue we must address as a society.
The growing amount of personal data being collected exposes people to a host of potential harms, from privacy breaches to targeting and tracking. The personal, institutional and societal consequences of our technology choices compel us to ensure we develop digital identity infrastructure that benefits, not undermines, human dignity.
In mid-2018, driven by the need to enhance volunteer mobilisation, improve safeguarding of communities it works with, and address the risks associated with storing sensitive information for its thousands of staff and volunteers, Australian Red Cross (Red Cross) initiated a project to create a digital identity solution for the humanitarian sector.
The project developed verifiable and portable digital identity credentials for staff and volunteers in order to help humanitarian organisations on-board and deploy people faster and with assurance that they have the necessary qualifications and checks to do their jobs well and safely. The solution, named Traverse, was built on open, decentralised standards and frameworks advocated by W3C - the main international standards organisation for the World Wide Web.
The potential of this solution to benefit the broader community was the catalyst behind the establishment of the Trust Alliance, a forum of value-aligned organisations across private, public and for-purpose sectors with a shared aim of putting people at the centre of solution design and in control of their identity data.
We want to reimagine trust in the digital age by giving people ownership over their own credentials using decentralised identity infrastructure.
With growing investment in research and development of digital identity solutions, there has been a corresponding growth in efforts to define ‘good’ identity in digital contexts.
In 2018, the World Economic Forum (WEF) launched its Platform for Good Digital Identity, with the aim of advancing ‘digital identities that are collaborative and put the user interest at the center.’ Their 2018 report explores the complexity of establishing and verifying digital identities for people in a way that is empowering and secure given the vast range of identity-related data that is being created. The report highlights fitness-for-purpose, inclusivity, usefulness, security, and offering choice to individuals as key elements for designing user-centred digital identity.
Omidyar Network (ON), an impact investment company and a partner of the WEF Platform, has made significant contributions towards raising awareness of the importance of good digital identity that is based on privacy, inclusion, user value and control, and security across the “state-issued, de-facto, or self-asserted digital identity continuum”. They support the #GoodID movement which promotes “global dialogue, research, and advocacy between governments, technologists, civil society, and all sectors of business” to inform digital identity policy, technology design, and practice.
Another WEF partner, ID2020, an alliance of businesses, non-profits, governments and individuals, has been influential in advocating for ethical, privacy-protecting approaches to digital identity. In their work, ID2020 refers to the four P’s of good digital ID – that it is private, portable, persistent, and personal.
The Trust Alliance builds on approaches and knowledge developed by WEF, ON and ID2020 by using ‘humanity first’ as a guiding principle in everything that we do, going beyond human-centred to humanity-centred design to ensure people are at the centre and in control of their digital identity.
Launched in July 2019, the Trust Alliance is a multi-sector collaboration that brings together private, public and for-purpose stakeholders to develop shared standards and design principles that are needed for good digital identity.
Founded on the shared principles of humanity first, open ecosystems, equality and transparency, we have a vision of a world where everyone can participate in society because they can prove who they are. Our purpose is to lead the emergence of a useful and ethical digital identity ecosystem that empowers global citizenship and enhances trust between individuals and institutions.
We pursue our vision and purpose by providing our members with a forum to:
As a collaborative initiative built on humanitarian foundations, we bring a diversity of voices into the governance, research and design of our digital identity ecosystem. The founding members of the Alliance are Australian Red Cross, RedR Australia, Oxfam Australia, Engineers without Borders, RMIT University, Swinburne University, CARE Australia, IFRC (International Federation of Red Cross Red Crescent National Societies), Microsoft Australia, Deloitte Australia, CFA (Country Fire Authority), and TypeHuman.
Our approach is based on decentralised, self-sovereign identity standards and design principles. In contrast to a ‘one (solution or provider) fits all’ mindset, and recognising that the utility of digital credentials depends on whether other organisations choose to issue and accept them, we aim to cultivate a network of trustworthy providers who align with our intent and principles.
You can read more about the Trust Alliance structure and activities on our website [link].
The Trust Alliance is working towards a useful and ethical digital identity ecosystem for the growing network of credentials that demonstrate who we are when we use digital services, systems and tools.
We want to enable people to claim verified credentials, whether they are state-issued (from e-passports and birth certificates to police checks) or provided by organisations and businesses (including formal or informal qualifications, work experiences gained through paid employment or volunteering, immunisation and other health records, and more), and for people to be able to use their credentials across organisations.
Our approach places the ability to keep claims about their identity in the hands of the individual. By doing this, we can standardise and simplify how parties in this process come to verify and trust the data, reduce the opportunity for data monopolies to form, and give greater data controls to the user. Enabling individuals to store their own identity data on their own devices without relying on a centralised record is what we mean by self-sovereign identity.
Moving to a decentralised identity ecosystem could have profound impacts similar to the transition from closed intranets to the free and open internet. Web browsing was possible beforehand, however it was proprietary and fragmented, resulting in low levels of accessibility and innovation. The shift was made possible by free and open web browsing protocols, enabling anyone to develop websites. We believe that decentralising identity can unlock the innovation potential and help overcome barriers to civic, social and economic participation.
Recent examples show the emergence of a decentralised identity ecosystem. Salesforce and Workday have developed trusted credential solutions, and the tertiary education sector is issuing verifiable claims via projects such as BlockCerts and Hyland Credentials. In the social impact space, Australian Red Cross will launch Traverse, a self-sovereign digital credentialling tool, in the second half of 2020. Further, early stage startups such as StreetCred.id are offering innovative wallet solutions and developer APIs.
While the technical foundations for verifiable claims are sound, to keep the momentum towards decentralised identity going we need to solve the issue of digital coordination and cooperation among the many and varied actors in the digital identity space. To meet this challenge, in the short- to mid-term of its 5-year roadmap, the Trust Alliance is focused on investment and experimentation in how verifiable claims are established, utilised and governed within the growing network of providers.
The sharing and verification of an individual’s identity involves the exchange of facts, and the verification of those facts. For example, if an individual is claiming to be John Smith, living at 1 Easy Street, this fact would ordinarily be checked against government records to see if there is a John Smith at that address.
In the digital identity domain, this exchange of facts is referred to as a claim, and where it can be confirmed, a verifiable claim. Prior to blockchain technology, these digital claims would be verified against a physical or digital ledger. However, a combination of cryptography and blockchain technology has enabled a new type of verifiable claim providing the ability to verify facts without having to check it against a centralised record.
In addition to asserting personal details such as legal name or an address, these verifiable claims are increasingly being used to share and verify facts related to professional and work domains, such as educational qualifications or eligibility to work within certain communities. These types of applications are also known as credentials or micro-credentials.
In decentralised identity systems, a verifiable claim is held in a user’s mobile wallet and shared with third parties (also known as relying parties) when requested. The contents of the claim are cryptographically signed by the issuer, which allows a future relying party to verify its authenticity - like a digital wax seal! For the purposes of our work, the Trust Alliance refers to such verifiable and portable credentials as trusted credentials.
The Trust Alliance is replacing the need for a centralised digital identity or credentialing platform with an ecosystem of solutions that use the verifiable claims standard promoted by the Trust Alliance. Our focus is on establishing the Trust Registry - consisting of a Claims Issuer Register and Claims Status Register - to help manage and facilitate decentralised claim products and services.
The Registry sits within the broader identity ecosystem, which involves products and integrations for issuing and verifying claims, and user wallets. [To add value prop text here & the process on how one becomes a trusted org]
We recognise that the sound public-key management remains one of the greatest technological challenges for blockchain systems. Improper key management can result in users’ keys being taken over by third parties, and in the Trust Alliance context, this would enable an individual or group to impersonate an issuer, potentially enabling fraud and identity theft. The risk arises from the tension between wanting to provide users with greater control of their data and the inherent danger of handing over key control to users in the context of immutability of blockchain verifiable claims. The Trust Alliance will manage the risk through user education on the importance of key management, ongoing investment in user experience patterns and alternative key management options, and implementation and maintenance of security measures for the Trust Registry and applications using verifiable claim standards.
The establishment phase of the Trust Alliance involves centralised control of the Claim Issuer and Claims Status smart contracts - protocols that digitally facilitate the verification of claims in the Trust Registry. Transitioning to a decentralised governance model is both a core commitment and a technical focus for the Trust Alliance. To enable this, we need to ensure that the governance frameworks reflect the Alliance principles, are well designed and understood, before being encoded in a smart contract. We are planning to transition to a decentralised governance model by 2025.
Please read the Trust Registry Technical Paper [link] for details.
In 2020, the Trust Alliance is focussed on establishing the legal entity and the governance structure, technically developing the Trust Registry and its governance frameworks, and implementing stakeholder engagement activities to build momentum for the decentralised identity ecosystem. Until the legal entity is finalised, the Alliance will continue to be auspiced by Australian Red Cross under the leadership of the Steering Committee and supported by Working Groups on Technical Governance (Trust Registry development), Pilots and Programs (identification, prioritisation and development of digital identity use cases), and Research and Impact (developing a research and evaluation agenda for the initiative).
Over a 5-year horizon, we plan to grow our coalition and to establish the Alliance as an independent not-for-profit organisation, funded by its members and governed by a member-elected Board. In year 1 (2019/20) we will have first organisations sharing trusted credentials, by year 3 (2021/22) we anticipate that the Australian Government will implement trusted credentials standards, and by year 5 (2023/24) to introduce a funding mechanism.
Advocacy will be central to our efforts given the strong voice and market influence in favour of conventional approaches to data management and interoperability in Australia. The momentum towards decentralised credentials in the University sector is a useful shift from which to build alliances and engagement opportunities.
Read the Trust Alliance Strategy on a Page [link] for more.
Alliance membership Solution providers Developers