Published: Friday April 13, 2018
Three things we learned at Know Identity 2018
Tobin Broadfoot, our Product Owner for Identity Verification and Onboarding, shares highlights from the recent Know Identity conference in Washington DC.
- Blockchain technology is a means to an end, not a silver bullet coming to save the world in the form of ‘Federated Identity’
‘Identity on the blockchain’ and ‘Federated Identity’ have become hot topics in the identity world, but they’re not about to change the way we interact online.
With Federated Identity solutions, consumers only reveal, on a temporary basis, the data attributes they need to. If these become widely adopted it’s likely we’ll see a number of services competing for critical mass, as we saw in the early days of platforms like Facebook and MySpace.
Many of the things that make blockchain the right tool for the job for crypto-currencies, such as no key management, off-chain elements to the transaction, or KYC (Know Your Customer), don’t apply or are the opposite for identity.
Another observation from the delegates at Know Identity was that blockchain will play an important role, but it’s very complex and often misunderstood and/or misrepresented. It’s currently too complex for people to embrace, and this includes regulators and businesses as well as consumers. It is a classic crossing-the-chasm challenge – there is a lot of work to be done to hide the clever and complex tech.
It was widely agreed at the event that you should never put identity credentials or any PII (Personally Identifiable Information) in the blockchain.
All that said, the technology is still at an early stage and developments like permissioned ledger and the work being done by Sovrin Foundation show promise.
I saw some really innovative uses of the technology. One example was a cryptographic layer which manages password and/or biometric authentication, whilst reducing the risk and associated cost of password data breaches. This created a consortium of relationship data which can give an indication of trust and risk on any given combination of attributes, while remaining GDPR compliant and again reducing risk of data breaches.
- GDPR is global (good) news
The conference had an international outlook and I wasn’t at all surprised to hear that businesses around the globe were aware of GDPR and are prepared for upcoming changes within their European operations.
It was clear that the GDPR is widely viewed as good for the industry, and going forward companies will be ‘competing on trust’ which is a positive thing for all. GDPR has driven the industry to focus on the end-customer’s needs.
I was really encouraged by the pervasive view that this could be adopted as a universal standard. This reinforces that globalisation is ever more present, and the fact it doesn’t make sense for businesses to try to play by multiple rule books.
- Trust is the natural revolution from identity
In a world where we increasingly find levels of mistrust and data privacy are on the up, trust is becoming the real value that we can add. As we all mature in our understanding of the online world, and unfortunately it becomes more corrupted, businesses want to confirm ‘how do I know this person can be trusted? How do I know this person is still who they say they are?’
Identity powers trust, and the difficulty of establishing trust between businesses and consumers is one of the network effects that have allowed the so-called “Tech Titans” to grow so large. Improving identity both ways allows smaller players to compete online with mega brands like Amazon.