For those of you who are interested in the messaging of this movement, there might be some difficulties in understanding some of the technical aspects of terms like "chain of trust" or "decentralized identity". I think this post should peel back some of the mystery and paint a better picture on what this means.
I was reading this article this morning and it highlights some interesting aspects of using a distributed ledger to create a chain of trust. See this excerpt from the article briefly explaining why traditional credentials do not scale with the internet in a global scale:
"While people understand that paper credentials are insufficient and that a trusted digital solution is needed, they don’t understand why verifiable credentials, or more generally, identity, works extremely well with distributed ledger technology (DLT)—a distributed database spread across multiple nodes, of which blockchain is an example. To be clear from the start, it is not to put the credentials on a public ledger so everyone can see them! We’ll reiterate that a lot in this post. No private data ever goes on the blockchain!!!" - Why Distributed Ledger Technology (DLT) for Identity?
From this brief quote we get an understanding that that we had solved the problem of identity when dealing with each other in person. The tradition of trust does not scale as we grow our social circles online as people can misrepresent their identities, even if we are vigilant about verifying it. Anyone at any point could forge the identity they have as a means to conduct "social engineering" (the psychological manipulation of people into performing actions or divulging confidential information) to gain financial or social leverage over your identities. This means we can't trust a non-signed document, even if issued by a known body (government, private institutions, schools, etc.) as there is a possibility it was tampered with.
A chain of trust, using some distributed data store (blockchain for example) can democratize the issuance and validation of identity so it can't be tampered with. If as a group we issue an identity to a known person, Richard, then we can trust Richard is behind all the messaging signed with his identity. If Richard's messaging starts to deviate what we expect of him, someone on the chain of trust could give him a call or contact him through other means to validate he still controls the keys to his identity. If he says he's out on vacation and hasn't accessed his computer for some time, then we can get the consensus of the network (51%+) to deactivate Richards identity keys. We can then issue new ones going forward to trust that Richard will safeguard them going forward.
This is just a simple example of how we can leverage implicit trust in a blockchain to ensure who we are speaking with is who we expect. If we want to venture off into the deep wastelands of non-verifiable identities we can do so. This movement will be about democratizing identity so we can take back control to trust we're not being sold things we don't need. I have a few ideas to leverage this chain of trust to make some decentralized applications or offer consultations for businesses. This is just the beginning, so hopefully you're ready for the journey!
I'll leave you with an image that's in the header of this article. It's grabbed from Wikipedia and explains how a chain of trust works in SSL certificates (HTTPS on the internet). A similar fashion could be adopted for identity and this is the vision I'm going to work towards.
Isaac