Centralized identity systems vs. decentralized identity systems
Legal and digital identity systems are organized in centralized or decentralized architectures. To appreciate the difference between these two types of systems, we can first take a look at centralized identity systems, since these are more common.
A centralized ID system is a single authority that manages all elements of a user’s digital identity. Most enterprise ID systems use this model, with employee credentials linked to a database stored on company servers that determines access permissions and privileges.
Another example of a centralized ID system would be a national ID system such as India’s Aadhaar – the world’s largest biometric digital identity scheme – where everything is held in an enormous government database. Such centralized national ID systems are also implemented in countries such as Nigeria and the Philippines, among others.
Centralized digital identity systems assign each user a unique identity. The user might register an account on a platform, the user’s credentials are verified, and an ID is generated that is specific to that platform. This ID then allows the user to gain access to the services offered by that platform.
It is user friendly and for administrators it simplifies security issues as possible breaches can be handled with a single point of control. In addition, administrators can quickly verify and modify user access rights since there is single-point management.
As suggested by the name, centralized digital identity systems can hold a vast amount of data, and are stored in relatively few locations (perhaps one server for each continent, for example).
Or in the case of national ID systems such as India’s many hundreds of millions of people’s information stored in a giant database. But this is where the drawbacks to this system start to unfurl.
Centralized identity systems may employ strict security protocols, such as multi-factor authentication or biometric scanning in order to authenticate user access (and use data encryption methods) but they cannot prevent their appeal to bad actors.
Since they hold such vast amounts of data, centralized identity systems become valuable targets for hackers and identity thieves.
In addition, the misuse of user data becomes an issue arising from such highly concentrated control. Trust becomes a major facet: whether the user can trust the platform holding their own, and everyone else’s, data. This is especially pertinent when it comes to governments running national ID systems.
Trust and dependability become very important since our online and offline lives are so integrated.
As the internet evolved, concerns over security – such as data breaches, misuse of data, unauthorized access to personal information, identity theft – have grown, while conversations around privacy have evolved in turn. All of which have led to the development of decentralized identity models.
And key to understanding the difference between decentralized and centralized identity management is to appreciate the trust humans place on these systems.
Decentralized digital identity systems give greater control back to the user. In these systems, which are also known as self-sovereign identity (SSI) models, users have control over how their personal data is shared, and what is stored.
In effect, users retain control over their digital identities, and these identities are independently verified and managed, under a decentralized system.
One of the key technologies enabling this kind of model is blockchain, which is a kind of Distributed Ledger Technology. The blockchain provides user privacy protection by storing data in an encrypted form that only the user holds a key to. A superior level of security is also offered, advocates say, as the blockchain provides a transparent and verifiable record of all transactions. Decentralized identity can also be provided in the form of a credential that stores verifiable personal information and is held by the individual, such as a smart card.
However, decentralized identity verification requires a strong decentralized infrastructure to meet the demands of modern digital identity verification standards. Scalability is a major challenge.
So is interoperability, since a standard protocol across all decentralized systems doesn’t exist. The standardization of W3C’s verifiable credentials model provides a major step towards interoperable decentralized ID systems, however.
The security of a user’s digital identity tends to be stronger, as access to a user’s data depends on cryptographic keys. However, decryption keys are needed and it can be disastrous if a user misplaces or loses this key. The responsibility placed on users is often considered one of the drawbacks of decentralized ID systems.
Both centralized and decentralized ID systems have their advantages and disadvantages, and both systems continue to evolve, with the latter model progressing expediently. There are even hybrid models on offer and in development, which seek to harness the relative advantages of each in user experience, scalability, interoperability, trust and security.
Article Topics
centralized ID | decentralized ID | digital identity | identity management | identity verification | interoperability | legal identity
Comments