Torres began by recounting a personal experience at an airport which demonstrated the breakdowns commonly experienced with physical identity credentials. Centralized digital identity experiences, he says, are also broken, in part because they are strictly dependent on the organizations the identities are centrally held by.
Federated digital identity experiences adds weaknesses associated with correlation of individuals’ data, but without returning ownership of the identity and personal data to the individual.
Torres suggests getting rid of accounts, with credentials and identifiers exchanged by individuals and their peers, with reference to a distributed ledger for cryptographic proof of the veracity of whatever the individual is claiming. He reviewed progress on the decentralized identifier specification, and the related SSI infrastructure and standards.
When asked about how Apple Wallet aligns with a decentralized approach to identity, Torres says that centralized ID is still part of Apple’s approach, though “it’s a bit disguised,” through the Apple ID that the wallet requires, and is controlled by the company.
The presentation moved on to consider how digital transformation introduces user experiences that are then considered essential, like keeping track of loved ones through mobile phones or hailing a taxi with an app rather than waving one’s arms at the curbside.
Mobile wallets used to share credentials in zero-knowledge scenarios and support zero-trust interactions can provide that same level of user experience, Torres contends. Biometric face authentication can back instant and secure credential exchanges, which brings the talk back to its title.
A selfie can then be the first step in a touchless and private user journey through a wide range of interaction.
What SSI means for biometrics
The third portion of Torres’ talk explored the place of biometrics in user-controlled decentralized identity systems.
It is possible, he contends, to utilize the identity-binding and convenient user experience of biometrics without centralizing or sharing biometric data.
The public distributed ledger creates the decentralized public key infrastructure, but personal data, including biometrics, should be stored in a personal data pod. This is a way of reducing reliance on a mobile phone, and maintaining the persistence of the ID when the user trades their old phone in for a new one.
The next step in bringing biometrics together with SSI may be the creation of standards for their interplay, as the separate standards applicable to each concept leave a gap where their combination is, according to Torres.
The next EAB Lunch Talk will focus on innovations for protecting biometric templates.