Decentralized Identity: Blockchain vs Directed Graphs

Decentralized Identity is a concept that may not be mainstream yet, but it is a term that embodies the sentiment that many individuals feel regarding the control they wish they had over their personal data.

Author: Anne Bailey, analyst, KuppingerCole
Author: Anne Bailey, analyst, KuppingerCole

The public has become increasingly more vocal about the misuse of their data, and global regulation has responded to this outcry with the GDPR, CCPA, ePrivacy Directive, and more.

While this grants some control over some aspects of user data, there is an assumption that underpins these privacy regulations: that personal data can be held and used by an entity other than the owner.

Identity verification a promising use case for decentralized identity

But for a decentralized identity solution to succeed, it will likely need to make a place for itself in the enterprise space first, rather than going directly to the masses.

And for this strategy to work, it needs a different business case, one that addresses the public’s needs from the angle of the enterprise. This should take the difficulties that enterprises face into consideration; that enterprises are saddled with a honeypot of data – a vulnerability that must be protected – and users seek out ways to simplify their many accounts by reusing passwords. A promising use case for decentralized identity is identity verification, possible in various iterations of customer onboarding, reusable KYC, or proof-of-(attribute).

Is blockchain the obvious choice?

A decentralized architecture appears to be the most promising way forward. The entire concept is decentralized – instead of an organization holding a mass of employee and end-user data centrally, the SSI concept envisions a way where each individual is the only one that holds their identity data.

Blockchain has been the decentralized architecture of choice, given its strengths in the chronological sequencing of events with transparency and tamper-proof auditability. It does face a trade-off with scalability and decentralization: when a blockchain is fully decentralized, the work and time it takes per block consensus is quite high. Sacrifice the decentralized format for a network of trusted nodes (usually operated by a consortium of organizations, or a single organization), and the transactions can be trusted without such labor-intensive consensus processes.

Privacy as a challenge to blockchain

The other challenge that blockchain faces for decentralized identity is privacy. Any data published to the blockchain is permanent, making it an ill-suited match for exchanging identity data which must have the power to be removed at the owner’s request. There are workarounds, such to anonymize or pseudonymize identity data stored in each block.

So, is blockchain really the technology that will deliver decentralized identity solutions? We already see a few solutions coming on the market that use alternatives to blockchain, like directed graph technology. Some notable differences between the directed graph approach and the blockchain are:

  • Directed graphs do not arrange linkages in a chronological chain – as transactions are ordered with blockchain – but in a web of interconnected digital repositories.
  • Consensus is reimagined, without cryptocurrencies and mining. Some implementations require nodes issuing a transaction to validate two transactions from other nodes before its own is validated. This resolves scalability challenges that Proof-of-Work (PoW) blockchains face, because the more exchanges that are made with a directed graph implementation, the faster they are validated.
  • Data held in the nodes of directed graphs can be linked to a single source of truth. This means that if a piece of identity data, for example the expiration date on a license, is updated in the “off-graph” storage, it is updated in each instance throughout the graph. This is unlike blockchain, where a transaction published to the chain is permanent without the option of updates.

Directed Graphs could be better suited to identity use cases

Directed graphs seem to be better able to handle relationships, instead of transactions as we’ve seen with blockchain implementations of decentralized identity. This leaves more room for roles to change, for identity attributes to become valid and invalid, and for different personas to be used in private and professional settings. Directed graph solutions for decentralized identity are still new on the market, and more research and the test of time will reveal how this technology plays out.

Author Anne Bailey is an analyst at KuppingerCole. Read more KuppingerCole blogs here.