Identity has been perhaps one of the most critical elements of a functioning society and economy. The notion of identity also moved into digital along with digitalization. People had to define themselves in digital environments to be able to make transactions in digital environments, to be a part of social media, to register and apply for digital services – briefly, to be included in the digital world.
Within this scope, digital identity can be considered as the information collected, stored, verified, and represented in the digital environment regarding a person, an institution, or a group. Digital identity is not a single thing, despite being a singular expression. It is a collection of the increasing and developing qualities that are taking place in the digital environment and will continue to take place regarding a person or an institution.
Many things in daily life within the internet experience are modeling our digital identity: Photos, shopping preferences, bank information, vaccination documents, workplace information, etc. The digital identity reveals our tendencies, abilities, interests, and economic situation.
It is a fact that it becomes easier to transact when credentials are digital. However, keeping such "personal" information confidential and secure is essential since, thanks to digital identity systems, it has become possible to store, process, and share large amounts of data. Unsurprisingly, globally, the protection of personal data has been one of the most pressing issues in recent years.
Institutions and organizations are having difficulties in digital identity management as they obtain and store sensitive data about users. From the individuals' point of view, users cannot know the fate of the identity information they share in the digital environment. Sometimes the information they share can be much more than actually needed.
The same data have to be re-entered again and again for each digital platform: Different usernames and passwords have to be created for each web page. Security problems during identity management due to information sharing (written or verbal) negatively affect institutions, organizations, and users. While on the one hand, institutions and organizations are trying to protect these data, on the other hand, they are trying to verify the identities of the people they do business with online.
It is a complex and costly process, besides many legal risks. There is more: Inevitably, the issue of digital identity management will become even more essential with the developments in the internet of things.
Traditional approaches to digital identity have often not been user-oriented. Therefore, users do not have control over their identities in real terms. Whereas, concerning a digital identity, there is a user-centered system. In this way, the users can manage their own identity information in a verifiable way, thanks to the self-sovereign identity systems. As a result, it will not be possible for a person or institution to seize the self-sovereign identity since there is an identity completely managed by users.
Users have been creating their own unique identifiers through self-sovereign identity. Then, they add their identity information to this identifier they created and create their own identity. So they can control not only the identity but also the data associated with the identity. In the physical world, users can create digital equivalents of their identity information, for example, by associating verifiable identity information gained from government authorities with these identifiers.
Let's consider a vaccination card: who created the relevant data (Ministry of Health), this vaccination card was issued on whose behalf (user), whether there were any changes has been made after it was created or not, and the validity of the information on it, etc. All of these can be displayed and tracked on the blockchain. The displayed data are reliable because it is digitally signed and cryptographically verified.
Creating this structure that sounds wonderful and appears to function unproblematically may not be as easy as it seems. For instance, Decentralized Identifiers (DIDs) are required for users to create their own identities. Also, there is a need for tools to store personal data and for wallets to manage identity transactions. These mentioned developments are closely related to the legislation on personal data protection and regulations such as the "Electronic Identification and Trust Services Regulation" (eIDAS) in the European Union. Apparently, we need more time for the formation of both the technical and legal infrastructure to keep up with these developments.
