Evernym, the commercial entity behind DID (Decentralised Identifier) technology and the Sovrin core code base, donated the protocol IP (now: Hyperledger Indy) and both created and empowered the independent Sovrin Foundation to provide governance for the Sovrin Network in 2016 as a public good.
Since then, private capital was raised to build and launch a Sovrin Token (The Sovrin Token Initiative: STI), and the code to launch a tokenized instance of the Sovrin network was written and has been available on Sovrin Mainnet since late 2018. However The Sovrin Foundation has been unable to secure the vote from its stewards to mint the token and roll out the network despite best efforts. Regulatory and community constraints make it difficult for the Sovrin Foundation to carry forward with its leadership role of the STI.
In response, Evernym, Outlier Ventures (the primary advisor) and the wider STI community are looking for a new independent founder team to assume leadership of the initiative, deliver the token to investors, its adoption, as well as drive the future technical roadmap, economics and node network.
To apply and to find out more: https://outlierventures.io/base-camp/
As such we propose a fork of the Sovrin Mainnet and that a new (non US) entity be constituted by a new founder team, which is to be recruited from the community. This team will be run through the Outlier Ventures Web 3 ‘Basecamp’ accelerator program to help them rapidly get to market, issue a token and create a new steward base (as node operators in a tokenized system).
This new entity would honour SAFT investors token rights to recognise their capital contribution into the technology and would seek the exclusive rights to be the sole Sovrin Token, engaging with the Sovrin Foundation proper via a dedicated working group to explore future ongoing interoperability and steward adoption.
Whilst this team would inherit the code and obligations to distribute the tokens to investors and other stakeholders such as long term advisors, Sovrin, and Evernym , once appointed they would have freedom to drive future decisions with engagement and support of the STI community via a dedicated governance entity. The team will have the support of key Evernym and Sovrin leadership, including Evernym co founder Jason Law.
- Following a recent vote, the Sovrin network and mainnet can not issue a token on mainnet due to a combination of:
- US regulatory considerations after several million spent on legal fees
- A majority of Stewards share increasing concerns, as largely US entities, about liabilities arising from a token and developments with Facebook Libra
- The Linux foundation’s objections to taking oversight of a tokenized network
- We at Outlier Ventures, a Steward in the Sovrin network, and Evernym still believe the world needs a secure and sufficiently decentralised instance of Self Sovereign Identity
- For that to exist we believe the best approach is still a tokenized instance of Sovrin mainnet
- Therefore a new pathway needs to be found between the community, Evernym and The Sovrin Foundation to launch a network outside of the US that satisfies SAFT investors and creates a viable and sustainable tokenized SSI network
- Ideally this would retain a direct relationship with the Sovrin Foundation and provide for a pathway to make it available to Sovrin Stewards, through interoperability
Why SSI needs a token
1. Paying for credentials
- FIAT is insufficiently fast, affordable and divisible for the micropayments required for the credentialing outlined in the Sovrin white and yellow-papers.
- Equally, cryptographically secure, on-chain, proof of payment is not otherwise possible on the Sovrin mainnet.
2. Network incentives
- The Sovrin mainnet has no direct incentive to run a node other than the good will of Stewards and their requirement for a functioning network to exist.
- Tokens allow block rewards for network maintainers, motivating node operators to keep the network live.
- FIAT is again insufficiently affordable, divisible and fast enough to be used for block rewards, but the token native as designed is fit for purpose.
3. SSI must be universal, affordable and unpermissioned
- SSI should be available to all.
- The current Sovrin mainnet demands that its users have a bank account to participate which immediately makes it inaccessible to the world’s 69% ‘unbanked’.
- This makes it in conflict with the ‘identity for all’ narrative and aims championed by the Sovrin Foundation.
- A token has no such barriers to entry and maintains the open and unpermissioned promise of SSI.
- Most importantly this is why any token must be a utility token and not a security which would directly restrict who can use it: e.g. in the US for example only accredited investors based on income and net worth.
4. SSI must have very high privacy standards, including in its economic layer
- Value exchange for verifiable credentials enables commercial use cases. This has always been part of the Sovrin vision.
- Without a native network token, value exchange is possible, but will compromise on transaction privacy and security. For example, it’s entirely possible for organisation A to sell a Sovrin credential to person B, where person B pays with an Ethereum transaction. However 1) the Ethereum transaction will expose B’s transaction history (privacy) and 2) the transaction is not atomic (security)
- Other SSI solutions competing with Sovrin, that already have a native network token or another form of economic layer, could allow for secure value exchange, but generally don’t have the high privacy standards that Sovrin does.
Technology especially around the DID standard moves quickly. To inform our recommendation that, aside from any direct economic interest we at Outlier may have in P-DIDI coming into fruition, that we are first and foremost confident the technical approach taken by Sovrin is still relevant given any new insights so we carried out a high-level analysis of the SSI Stack and market (See section at end of document)
Equally, at Outlier Ventures we volunteered as a Steward to test the new token functionality on the live networks and we found them to be robust and highly functional.
In summary, we do continue to strongly advocate for the Sovrin approach but believe there is now the opportunity, outside of the Sovrin Foundation, to improve on it further primarily from a governance perspective to make it a better fit with the most likely early adopter and Web 3 community, which was not something the Sovrin Foundation actively sought to do.
That said we believe for expediency we work within the technical constraints of Sovrin design in order to not require further time or money leading from new development work. We believe this is especially important in the current COVID environment and its debates around trace and tracking and user privacy. This represents a major missed opportunity to take SSI mainstream if P-DIDI is not realised now
Summary of conceptual framework
- In place of Sovrin Stewards the tokenised network will instead be run by a wider group of permissioned node operators, made up from across the community but that might include existing sovrin stewards
- For expediency, we propose this is bootstrapped by early Sovrin SAFT participants in combination with businesses that do or would like to use the current Sovrin network and that want the added benefit of a token. This later group would be recruited from across the Web 3 community (that may or may not already be formally engaged with the Sovrin Foundation)
- We believe whilst this loses the benefit of many of the large corporations within the Sovrin Network as operators and users (for now) it appeals to an entirely new part of the Web 3 early adopter community of startups, that had previously rejected Sovrin governance as too US and too corporate
- Equally, this approach demonstrates the decentralised nature to the ‘Sovrin Token Initiative’ to regulators and a pathway to actual utilisation of the network which may help the Sovrin Foundation make its future case to the SEC
- This network may or may not be the official Sovrin network, as these discussions would still need to take place, but it will benefit from the technology it has built with SAFT funds.
- If it is granted permission to use the Sovrin brand and be formally recognised as ‘the official Sovrin Token’, this might remove the possibility of some liability of the foundation not delivering a token at all and should therefore be in everyone’s interest for it to be recognised as such.
- Because the new P-DIDI network would be based on the same code base and stood up within the principles of the Sovrin Trust Framework it would be both compatible technically and philosophically and therefore could formally exist within a ‘network of networks’ conceptual framework being promoted with the Sovrin Foundation
- Assuming code-bases do not diverge too much over time, it would allow for the possibility of direct interoperability with any other network as ‘The Sovrin token’
- We recommend that given the code is already 100% finished for some time and has been fully open sourced, an instance of the network could be set up, launched and overseen by this new network of volunteer community node operators themselves without any involvement from the Sovrin Foundation (Technical requirements and details follow below).
- The idea would continue to be a fixed supply of tokens minted on a new network, as previously outlined in the Sovrin Yellow Paper, distributed over a period of vesting (12 months), pro-rata to mirror SAFT participation (based on regulatory considerations detailed later), to those who make their wallets available AND setup and run a P-DIDI node (and maintain appropriate levels of uptime), as well as to any advisors to the project
- The allocation earmarked for the Sovrin Foundation would instead be allocated to a new network governance body, operated via a DAO smart contract (discussed later), with a proportion directly used at launched to incentivise DApps and key Web 3 development partners to also run nodes and formally participate in governance of the network through the DAO
- Future monetary and fiscal policy such as setting the transaction fees for the network and block rewards would be determined by the DAO after its successful* formation.
*successful being a minimum criteria of participation
- Any new network would have to be stood up outside the US and with limited liability to its participants through the formation of a non-profit foundation.
- The token would need to be minted and distributed, and the network itself governed, in a sufficiently decentralised way from day one, with no single controller.
- The network must preclude any participants (people or institutions) that reside in the US from its operation (this likely may include Evernym themselves) including future receipt of tokens at the point of distribution.
- To be explicit this means all US Sovrin SAFT participants (estimated at circa. 15%) would need to be excluded entirely from the network and would not receive any future tokens. It may however be prudent to lock up an equivalent proportion of supply in a smart contract should they be able to receive them at some point in the future.
- Equally, there would be no direct relationship between the SAFT round and the new network, nor do its tokens represent the delivery of value under the terms of any SAFT agreement’s terms.
- However we believe it helpful, and would advocate for, if those in receipt of the new P-DIDI Token formally renounce their claim under any SAFT agreements to the overall success of the overall project. This however, would be at the discretion to the individual parties involved.
- Whilst there are several precedents out of the US, most notably the Enigma / Secret Network initiative, where there was a one-for-one swap on an official token deemed by the SEC as a security because of how funds were raised using SAFTs, in return for a unofficial utility token, we do not propose this pathway as the most efficient or effective way forward, nor it is a requirement placed on us as a separate and distinct volunteer community network
- We would advocate for governance around the minting, distribution of a token and the operations of its network to be via a DAO such as Aragon (Decentralised Autonomous Organisation) structure with a ‘legal wrapper’ to limit the liability of its members to be incorporated in a friendly jurisdiction, such as Switzerland, paid for by the community (discussed later)
- The DAO would execute the minting and distribution of P-DIDI tokens via vote on the Aragon network and hold an endowment of tokens as a treasury, held in smart contract.
- Voting would be conducted on the Aragon network through a separate governance token held proportionately one-to-one to the P-DIDI token
- All major decisions from: future network or governance upgrades, monetary and fiscal policy, transaction fees, block rewards and grants should be made by 51% majority vote, with some extraordinary measures requiring a higher threshold.
- Whilst voting would be permissioned, submissions of proposals for vote should, however, be permissionless to be as inclusive as possible with the user community
- Voting on Aragon can be delegated, or abstained from, however for a properly functioning network and to avoid centralisation this should be discouraged and a high-level of participation sought
We believe there is a solution that uses the current code and token allocation, albeit redistributing the latter, where the network requires no real changes at a technical level.
In return for tokens network maintainers should be required to actively run a node on the new network. The token pool would be allocated entirely at network genesis, with the address controlled by the technical lead for each party who would run a standard Hyperledger Indy node and connect to the network defined by the genesis block.
Those actively maintaining a node without failures would then receive their token share from the pool pro-rata. This distribution itself would be made over time: say over 12 months, one for every month the node is ‘active’ in the first year. Following the first year, the DAO should agree further incentives to continue running..
Whilst enterprises are now cold on the idea of tokenisation startups building on top of Hyperledger Indy such as Trinsic, Crucible and MetaDigital should be incentivised to run a node, with an allocation from the token poo.. This would establish a ‘dapp ecosystem’ fund for the P-DIDI network.
The server infrastructure is possible to run for approximately £50/month.
The cost will not change from the current network implementation, see the technical requirements below.
We recommend that the same technical requirements for running a node (becoming a Steward) remain to ensure the robustness of the network.
For existing Stewards, the process will simply involve connecting their existing node to a new network and it would be our hope that with time several may come around to the benefits of switching.
The key requirements are stated below, with the full requirements available here.
- Dedicated server, not a VPS.
- Two Network Interface Controllers (NICs).
- Ubuntu 16.04.
- 8+ core CPU.
- 32GB+ RAM.
- 2TB+ disk (redundant).
- 100 Mb/s connection speed both down and up across both NICs.
Multiple European stewards have successfully maintained the network with an excellent quality of service using OVH’s dedicated server offering with many alternatives available.
We believe an important consideration for the DAO mid to long-term should be how to enable a ‘network of network’ concept (similar to Cosmos / Polkadot) to allow a particular group of organisations to stand up their own network, compatible with DIDI and leveraging the same token, but with their own form of governance and pricing structure.
This might require a certain threshold of tokens to be purchased ‘in market’ and locked up in return for a new supply of governance tokens to be issued to them. This will allow for particular industries to feel ownership of their network, and not force a one size fits all dilemma to new user groups, whilst allowing for interoperability.
We believe there are certain conditions to be met in order for any approach to qualify as a viable pathway, in no particular order below.
We think we should increase the level of reporting to SAFT inventors to weekly and the wider community every two weeks and commit to a mainnet launch deadline and these conditions publicly.
- Evernym direct support & participation
- Evernym must be able to technically and financially support the setup and launch of any new network
- Evernym must be able to contribute towards its ongoing governance
- Evernym must be able to operate a node in the network
- Evernym’s core business must utilise the network in its commercial offering
- Evernym’s founder and CT Jason Law must, to the best of his ability, formally contribute to the new networks ongoing technical roadmap
- Network capitalisation
- The DIDI Foundation must have the majority of token supply (set threshold)
- The DIDI Foundation must have enough of a treasury to incentivise the growth of an ecosystem over several years
- Sufficient decentralization
- The new network at launch must have over 51% of node operators as users and DID service providers, which a strategy to achieve 75% end of year 1 of its operations
- Node operators must govern the network, and be sufficiently incentivised to do so on an ongoing basis through mining rewards
- The network should be ‘The Sovrin Token Network’ in more than just name
- The DIDI Foundation should own the exclusive rights to being ‘The Sovrin Token’, in perpetuity
- The Sovrin Foundation nor its creditors would be able to issue another tokenized instance of their network, and / or by the same name at any point in the future
- The Sovrin Foundation should receive a (reasonable) fixed percentage of token supply under a licensing agreement in return. This should be paid over a period of 3 years in monthly installments based on key criteria:
- The Sovrin Foundation and its mainnet remain operational
- There is a formal working group between The Sovrin Foundation and the DIDI Foundation to explore compatibility and interoperability inc. collaboration around Layer 2 solutions, to make the token network optionally accessible to all Sovrin Stewards
- The Sovrin Foundation can stay solvent and sufficiently restructure its debt obligation (in particular with Perkins Cowee) to become long-term viable
- Perkins Coie is a creditor only not legal counsel
SSI Competitive Landscape Q2 2020
Questions for any SSI solution
- Who maintains the network, with which incentives?
- How is the network governed?
- Can the solution / network be used in an unpermissioned way?
- How does the solution prevent spam?
- Can keys be revoked? How?
- Can credentials be revoked? How?
- Is the code open source? Which parts?
- Can end users backup and recover their keys? How?
- Can the network scale to 100s of millions of users? How?
There are three main categories of solutions:
- DID-method based
- Ethereum-based ERC725 or ERC808
- Entirely different approach (not many)
A minority are currently using the mainnets, e.g. Sovrin mainnet, Ethereum mainnet
Tokenised <> untokenised
Which ones vertically integrated vs general purpose?
Kiva is based on the DID and credentials model using Hyperledger Indy as the underlying blockchain layer. It relies on a credential-based identity system, wherein the basic identifier is a public/private key pair, to which multiple claims and attestations can be associated. In the Kiva protocol, issuers of verifiable credentials are called “trust anchors” who have real world reputations at stake. The Kiva identity protocol is currently designed as a private permissioned system, whereby all trust anchors must be approved by Kiva and/or the Sierra Leone government in order to issue credentials, sign attestations, and read identity claims. In the future, trust anchors may be broadened to include NGOs, technology companies such as Facebook and Google, and other organizations that can provide information relevant to a particular identity.
A public Ethereum mainnet-based Cash-Based Intervention (CBI) project with a verifiable-credentials-like model. Building Blocks was born in January 2017 with a 100-person Proof-of-Concept (PoC) in Pakistan’s Umerkot village. In May 2017, Building Blocks initiated a large-scale pilot with 10,000 Syrian refugees in Jordan, though a private PoA deployment of Ethereum was used. For the PoC, beneficiary accounts were created on the blockchain and loaded with tokens representing cash or food and each beneficiary was assigned a random identifier between 1 and 100, which was linked to their public key one-to-one. To redeem their entitlements, beneficiaries would present themselves at cash or food merchants and provide their random identifier. The merchant would then insert the beneficiary’s identifier along with the redemption amount into a web application. The web application would send the request to Building Blocks which would then send a One-Time Password (OTP) to the beneficiary’s feature phone via SMS as the authentication mechanism. The beneficiary would then provide the OTP to the merchant who would insert it into the web application and send it to Building Blocks. If the OTP was valid, Building Blocks would check the requested redemption amount against the available blockchain entitlements and, if sufficient, trigger the beneficiary private key held in custody to record a transaction and send a confirmation back to the merchant. Upon seeing the confirmation, the merchant would distribute the requested quantity of cash or food to the beneficiary. WFP would then, based on the Building Blocks record, determine the amount owed to each merchant and settle with them directly.
SSI with a standard DID method implementation and verifiable credentials on Corda. Accepted as a Hyperledger labs project.
SSI standards for Ethereum. Used by Status, Polymath, Origin, KORD, Public Market, Propy, Dream, Dock, Verity, Crypto KABN, Cleargraph, Fractal Blockchain, Abacus, Neufund, Tenzorum, Zinc, EDDITS, Stacktical, Rate3, Wiji, Hydro, Credit Hydra, BlockBase, Zerion, Ludian Ventures, Talao and iExec. ERC735 is the verifiable claims portion.
Microsoft SSI is comprised of Sidetree and an SSI overlay for Bitcoin called the Identity Overlay Network (ION). It provides Verifiable Credentials on Azure. Sidetree is a blockchain-agnostic layer 2 protocol that was designed to support a globally scalable, immutable append-only log with no central provider or authorities to be censorship and tamper resistant. This is accomplished by leveraging decentralized ledger technology to support a distributed public key infrastructure (dPKI). This dPKI is used to anchor public keys to validate ownership of a DID. There are three major components to a Sidetree network: a decentralized ledger system, Sidetree nodes and the Content Addressable Store (CAS – IPFS).
Ethereum-based identity platform focused on account management and storage of user data on IPFS. Ethereum-native verifiable claims standard ERC780 refers to on-chain claims and ERC1056 is another Ethereum DID standard.
The Province of British Columbia is currently collaborating with the Province of Ontario and the Canadian Federal Government to provide verified digital claims about businesses. The Verified Organization Network is an initiative by the government of British Columbia to create a trusted network of organizational data. It allows organizations to claim credentials that are part of their own digital identity, using a component called TheOrgBook that lists entities with their associated public verifiable claims. In this project businesses and their representatives are given access to streamlined government services and digital transactions in the broader economy. Areas of application could be incorporation of a new business, establishing a business licence and associated permits, as well as opening bank accounts.
TrustNet is a heavily industry-networked research project that focuses on developing a blockchain-based distributed environment for personal data management following the MyData principles. Such an environment is the cornerstone for functional personal data markets as it allows individuals to control the flow of their personal data across companies and industries and creates the foundational building blocks for creating new personal data-centric services.
Alastria is a non-profit consortium building a national blockchain ecosystem for Spain. The security and veracity of information will be ensured through the identification of natural and legal persons, while at the same time allowing citizens to have control over their personal information in a transparent way following the guidelines set by the European Union.
The Illinois Blockchain Initiative is partnering with Evernym to develop a birth registry pilot, where self-sovereign identities are created, and government agencies issue “verifiable claims” for birth registration attributes such as legal name, date of birth, sex or blood type.
As a cooperation project between the city of Antwerp, the Flemish Information Agency, Digipolis and the Flemish ICT organization (V-ICT-OR), the project Blockchain on the Move is a pilot project on SSI and its application on the municipal level. It explores the potential of SSI for e-Government use cases and State-issued credentials for private sector B2B and B2C use cases.
As a first pilot project in Switzerland, the city of Zug is currently piloting a SSI solution. The local administration is cooperating with the IT consulting company ti&m, as well as UPort to provide a basic infrastructure for their citizens to attest their identity. With the SSI implemented in Zug, users can now pay their parking fees, register for elections or perform online sign on for e-government services. The benefits range for the city of Zug are low infrastructure requirements, decreased security risks, cost effectiveness, GDPR compliance and scalability.
In a SSI proof-of-concept during the first half of 2018, 3 banks, an insurance company, the Austrian Post, and an institution representing notaries cooperated to implement a range of use cases based on DIDs, Verifiable Credentials, Sovrin, and the XDI protocol. The use cases included: digital ID onboarding for existing clients, SSI for new clients, sharing of KYC data between organizations, dynamic data verification (change-of-address), secure communication (e-mail with ID confirmation), change of identity service providers, and personal ID verification in a peer-to-peer marketplace.
Barcelona-based Validated ID provides digital identity solutions that cater to individuals and businesses working in the remote and eCommerce spaces. We often don’t know for certain that we are dealing with the real somebody when it comes to digital interactions, but Validated ID hopes to remove much of the certainty from virtual dealings. Paperless legal support and identity authentication are among two of Validated ID’s most critical offerings. Their ViDSigner is a comprehensive electronic signature service that allows users to issue legally-honored signatures in several ways – through a swipeable card, biometric signature, automated stamp, etc. The service is predicated on simplicity, legality, cost-effectiveness, and flexibility – the same features that are required in the remote economy.
Keyp is looking to take on the digital identity paradigm by offering an open digital identity ecosystem – solutions, partners, etc. – to all of Europe. The broad goal: to create an environment where the cutting-edge in identity protection is made readily available to businesses willing to pay for it. Some of its most-used offerings are intended for hiring and onboarding processes. Their Identity Framework brings onboarding and logins under a single umbrella, making these processes highly-customizable and secure. The Keyp Identity Terminal allows users to design customer access workflows, while the Keyp Wallet lets users establish a decentralized identity for individual control over data. While this may seem like a lot for a single platform, know that it is an ambitious project, but also one with serious promise.
NewBanking is looking to allow users to prove their identities more easily across the web without sacrificing control over sensitive data. This is particularly useful in the financial sector, where FinTech has created an atmosphere where digital transactions are the norm, not the exception. Users choose precisely which information they want to input into their digital ID, as well as who they choose to share it with. Beyond this, NewBanking wants to alleviate other worries – how is my data being used? Who is it being sold to? Is my personal information ripe for hackers? Etc. In the age of digital banking and general information sharing over poorly-secured portals, such a service will serve a widespread need.
Metadium is a ‘next-generation identity protocol’ helping users manage, protect, and utilize their online identity. Created with blockchain-capability, the Meta ID offers a single source of users’ personal information securely stored using blockchain protections. The self-sovereign identity is also intended to be usable with off-chain and inter-blockchain services so that it has real usefulness in the real digital world. Though the Meta ID can store a plethora of data, users decide what to share and what to keep hidden on a case-by-case basis, lending a measure of versatility to the digital identity solution.
THEKEY is an identity verification tool powered by the blockchain. It incorporates Blockchain-based dynamic multi-dimension identification (BDMI, for short) to help authenticate that somebody is who they are claiming to be. This level of authentication is in lockstep with what government agencies require. Advantages of this level of security and identity management technology, THEKEY team states, is lower cost, more reliable results, and better user experience.
Trusti is an Israel-based, blockchain-enabled platform providing identification technology for cross-chain transactions. The platform also offers services that are critical to identity management; namely, compliance, fraud detection, and identity authentication. Users can do a number of things on the Trusti network – create an accredited crypto wallet, send and receive funds, transact using security tokens, and more. Importantly, they can do all of this on a platform that operates within the confines of the law and regulators’ expectations.
Fractal is a Berlin-based company seeking to help create a future where the business world governs itself. They want to create a decentralized, shared economy in which communities are self-governed and accountability is not created through the threat of punishment from a single regulatory body, but through well-defined community standards regarding fairness and ethicacy. They’ll do this by automating critical mechanisms using blockchain technology. From know-your-client (KYC) and anti-money laundering (AML) processes to data protection, security, and identity management, Fractal is taking a multi-pronged approach to securing the shared economy of tomorrow so that regulators don’t have to.
Nuggets is a blockchain-powered platform that grants its users a single biometric source to handle their logins, payment, and identity verification needs. The London-based startup encourages users to create a ‘personal cloud’ on which their personal data is securely stored; according to Nuggets, not even their team can access this data. From there, users decide if, how, and when they pass along that data to third parties. For those comfortable with biometric access, Nuggets could significantly reduce the sheer number of devices where your information is vulnerably stored. With no passwords or login credentials, you better hope that your device doesn’t forget what your fingerprint looks like.
AGEify is a Belgian online age-verification platform with backing from the European Union. How many sites ask you to verify your age? Countless. And, when they do, you simply enter an arbitrary date that you know will allow you to stroll past the age wall. Whether the barrier to entry is 18 or 21, all it takes is the average seven year old to dupe this system. With AGEify, sites who are serious about catering only to an age-appropriate audience can now put stronger measures in place. By piggybacking off of affiliate institutions – banks, telecom companies, etc. – that already have access to verified age records, AGEify is able to enact more stringent protections. Users simply enter a PIN or conduct a finger scan and voila, they are either let into the naughty website or told ‘sorry, not just yet’. And, all data is secured via blockchain systems.
MADANA – not to be mistaken with the Brit pop singer – is a German platform conducting data analysis with an assist from blockchain technology. Broadly, MADANA allows users to maintain control over their data while also offering ways for users to anonymously make money off of their personal details and habits. The platform was created to improve upon the data marketing by allowing data miners and marketers to continue deriving value without violating the average user or web browser’s privacy. Built on the Lisk blockchain, the MADANA platform will compensate users who share their data with the PAX token, handed out automatically using smart contracts. By compensating users when they share and making them aware of the conditions in which their data is being acquired, MADANA provides a much more appealing proposition than most legacy identity management platforms.
Peer Mountain is an enterprise blockchain built as a mobile-first distributed ID-management network. All members of the network, whether they’re businesses or individuals, own and control their data, and can use it to several ends. First, members’ identities are consolidated in a single source – the Peer Mountain mobile application. Users can then share their self-sovereign, Peer Mountain-enabled identity how they please without worrying that data is being taken from them without consent. Business can insulate their form-reliant processes from breach through PM’s built-in blockchain protections, and identity verifiers can earn Peer Mountain Token (PMTN) for validating credentials that go into the platform.
Object Tech is using blockchain-powered systems of sovereign identity to help individual secure digital visas. The EU-supported Object Tech team envisions a future in which digital passports allow travelers to simply walk off of their plane or train directly into a cab or rental car without having to stop to verify that they have traveled legally. The digital identity ‘follows’ users as they travel, creating a verifiable ledger that serves as proof – no longer will the question ‘have you traveled out of the country recently’ be necessary at the customs gate. Object Tech maintains that their system is compliant with the highest of privacy and security standards, and also points out that its vision falls in line with the smart cities and communities of the future.
Dominode is a company based out of Florida developing digital identity solutions using blockchain, smart contracts, and crypto technologies. It is specifically focused on creating better identity oversight in regulated industries. For job candidates Dominode is helping candidates prove their identities and credentials to prospective employers. For regulators, the platform is working to create a more efficient system for managing licensing and certifications. On an individual level, their Professional Identity Solution helps secure authenticated data in a shareable way, giving the owner control over how and when the data is shared. On a more macro level, Dominode hopes to help businesses unlock a secure, global business network where qualifications are verified, and trust is ever-present.
Hu-manity is a blockchain-powered startup with a grand vision to establish decentralized human rights and corollary sovereign laws on the blockchain. The goal is to cater our 30 human rights to the problems that remained hidden or unforseen when those rights were first established, and to do this with the help of technologies that, in some cases, may present human rights issues. The first target is our personal data; Hu-manity wants to protect our sensitive intel from poaching and illicit propagation. Whether it is geospatial data, spending habits, or medical history, the Hu-manity mission is to establish rights around ownership of that data in a similar way to how property rights are established. Establishing these rights will be possible through ‘decentralized democracy’ by which a community can come to agreement on a standard regardless of where they are geographically located.
globaliD is a blockchain-powered tool that lets users establish, own and utilize their digital identity. The encrypted globaliD platform allows users to built their digital reputation and deploy it in a number of ways. Users can input their attested government ID, social profile, and financial status based from verified documents, then use the platform to deploy necessary information without ever giving up true ownership of the data. With attestations – essentially endorsements – from third parties that can verify your information is valid, your phone becomes your universal identifier – better not lose it.
Hub is a blockchain-based trust protocol that aims to make user reputations deployable across the web. In the age of free-wheeling internet opinions spat out at no cost to the speaker’s reputation, Hub wants to bring accountability back to the digital world. By decentralizing reputation data using the blockchain, the idea is to establish greater value for users whose opinions warrant a greater level of trust. This will allow those users to seek out greater economic opportunities, gain greater interest in their products/services, and reap the other benefits that come from a reputation for trustworthiness. This is the idea behind Hub: use blockchain technology to assign rankings of trustworthiness, then make those ratings deployable and useful across the many spheres of the internet.
Palo Alto-based Civic is a blockchain-enabled ecosystem equipped with tools for individual users and businesses to maintain power over their digital identities. Civic is the launching pad for those who want to access outside sites and apps, but are unsure that their identity will be protected when they do. By using the Civic platform as a buffer, users can access untrusted locations on the web without the need for a login and password. Third-party keys are generated to serve as a barrier between Civic and a user’s keys while still verifying that the user is who they claim to be. All identity information entered on Civic is completely encrypted; so, despite using the platform to login to all sorts of sites, the information used remains private and insulated from outside threats.
Vetty, using deep learning and blockchain technology, is helping users conduct background checks with more certainty. The identity and background verification platform helps companies and individuals make more informed hiring decisions by dispatching their bots to ensure information is complete and legitimate. This saves time for both applications and businesses, as the database serves as an evolving roster of potential candidates whose credentials and potential red flags can be quickly identified and assessed. Candidates can check on the status of their background check at any time, too, minimizing the queasiness that comes with the uncertainty of the hiring process.
1Kosmos is the outfit behind BlockID, their identity management platform powered by blockchain technology. The platform is a move away from the physical, legacy copies of identification that can be easily duplicated, manipulated, and used as tools of identity theft. BlockID eschews these old ways in favor of a secure locker for one’s digital identifiers stored on their mobile device. All it takes to activate one’s BlockID is capturing a picture of one’s face, driver’s license, and passport and then recording a voice sample and fingerprint. With this, your information is authenticated and encrypted. If your IDs are lost or stolen, this can be reported on the app. If your phone breaks, 1Kosmos has a decentralized backup of your information.
V-ID is a validation service that uses blockchain technology to reduce instances of document fraud. The V-ID protocols can be integrated into existing platforms and systems, imparting blockchain verification technology into a paying customer’s existing operations. V-ID has several unique use cases. From verifying the legitimacy of a diploma, to serving as a legal notary service, confirming the authenticity of digital security footage, photos, research results, or audit trails and beyond, V-ID has a wide range of applications across industry lines.
Velix.ID, like many services, is looking to improve the identity verification process by using blockchain technology and a novel approach. It has all the markings of a blockchain-enabled ID verification platform: it is decentralized, each user is assigned a unique, encrypted digital ID, all transactions involving data stored on the platform must have user consent, and the user controls their data at all times. The other benefits of the Velix.ID platform are the efficiency and cost savings that come with blockchain-enabled automation. Smart contracts, zero-knowledge proofs, and the Stellar Consensus Protocol (SCP) all go into the building of the ecosystem, which is ‘universal, obscure, transparent, decentralized, time-efficient, and cost-efficient.’
DIW is a decentralized identification infrastructure that allows users to securely access a number of dApps without compromising their identity or data. Users can store identifying information and documents, passwords, banking information, wills, and other digital data in the DIW ecosystem. There, it will be encrypted and stored decentrally as a digital locker for the most important information we can possibly have. The platform does more than just store identifying documents, though. Once their information is verified, users can accept and send payments in both fiat and crypto. DIW is also working on a global directory which will help users list their services to expand their economic and commercial reach.
Blockchain Helix is aiming to become the ‘DNA of digital identity’ by reducing the cost and improving the quality of digital KYC processes. With Blockchain Helix, accredited institutions can securely share KYC data among themselves, reducing the time and cost associated with client authentication. Two banks exchanging KYC data is an example of the Blockchain Helix Trust Provider Network in action. The Network is designed to extend secure sharing of authenticated data to larger networks, streamlining processes and decreasing costs in the process. Importantly, BH is compliant with regulations and backed by the power of the EU.
Estonian startup Kimlic is a decentralized identity validation ecosystem powered by the Quorum blockchain and available via Google Play. Their password-less identification processes are enabled by blockchain tech, and allow companies to easily, securely transfer KYC data for more efficient processes. For users, sharing their identification information securely with companies through the Kimlic app can result in financial rewards in the for of the KIM Token. Their decentralized storage ensures that identity data and documents are rendered easily-hackable on some centralized data; instead, all information is transferred directly from a user’s mobile device to a business, with no vulnerable stoppages along the way.
Persona is a zero-knowledge identity management system built on the blockchain. It was built this way, because, according to the Persona team “personal details are meant to remain private”. The Romania-based platform maintains this privacy deploying their blockchain protocol to let users prove their identity without actually sharing any data with third parties. Persona embraces community as a form of verification. Once a user has their identity confirmed on the Persona network, they can then act as a validator of other users’ identities. In the network, it takes 16 peoples’ endorsements to reach 90% validation; the other 10% must come from a financial transaction to confirm via a financial institution that you are who you say you are.
VerTrius is a Washington, D.C.-based startup that is a developer of SaaS technologies, some of which fall into the blockchain-facilitated identification management realm. Their digital ID stamp technology is a central aspect in all of their verification services. It is used to verify content security, traceability, management, and access control no matter where it is stored or displayed on the web. The VerTrius digital ledger takes the authentication process further by generating decentralized, authenticated records of communications, transactions, content location, and more.
NuID is a startup pushing forward the trustless authentication and trusted identity movements. Through the use of zero-knowledge cryptography and distributed ledger technology, the NuID platform is helping to make identity authentication databases secure and portable. By streamlining multi-step authentication processes, NuID is upping the ante in terms of ease of login. The passwordless nature of the database helps reduce cases of fraudulent accounts hacks, and the decentralized ledger lets users be more aware of how their data is being shared – this is aided by the fact that securing that data requires permission from the users themself.
KABN is a suite of financial services that begins with identity security built on the blockchain. The platform arose out of a growing need for greater regulatory compliance with initial coin offerings (ICOs). The end-to-end suite of services includes a patent-pending B2B2C infrastructure that will let clients and consumers cut chunks of time off of KYC and identity-verification process through the use of smart contract technology. This is critical in the ICO climate, where onboarding processes are rapid and, if not done right, messy. Verifying identity and user data through KABN represents a step towards making ICOs a more above-board way to raise funds.
lifeID is an open-source, tokenized protocol for the establishment of self-sovereign identity. As the name hints, lifeID is a way for users to consolidate their most important identifying information in a way that is secure for, well, life. Open and permissionless, the service is available to anybody in the world with the technological means to access it. Features will include biometric authenticators, 100% user control over the privacy of personal information, a complete lack of passwords, and the ability to use the lifeID in both digital and physical settings. In time, aspects of the lifeID network will include physical key cards for real-world deployment, VPN/Cloud access to one’s lifeID, a digital ID card, and travel-ready iterations of the platform.
Block Systems is a blockchain access management platform based out of Palo Alto, CA. Apocrita is their pet project that is meant to make it easier for users to access files, regardless of how they have logged in to open it. They want to solve the problem of – as one example – the Facebook user who cancels their account and no longer has access to all the applications they logged into through their former Facebook account. Apocrita is a blockchain-powered solution to this problem. The distributed web platform is a unified access platform that provides interoperability for existing and new identity models. When such a system is deployed at large scale, the logistical and cost savings can be substantial. Even on the personal level, it’s a useful tool.
Cambridge Blockchain is a Boston-based innovative group working on blockchain-based identity management and compliance software solutions for the financial sector. Know-your-customer and other stringent regulatory imperatives make finance one of the most red-tape heavy industries there is, and Cambridge wants to reduce some of the headaches for compliance departments. Customer privacy is a major part of remaining compliant, so Cambridge has conceived a blockchain-powered solution to give the control over personal identity back to the customer in a shareable way. Their distributed architecture ensures that financial institutions have access to needed data without infringing on privacy laws.
SelfKey is a blockchain-based digital identity system for the integrated financial services marketplace. Self-sovereign identity is at the heart of SelfKey’s mission, as they believe self-ownership of personal data is the key to secure management of identity. By putting forth the systems for users to take control of all facets of their identity, SelfKey aims to reduce friction in cryptocurrency management, financial onboarding, and immigration processes, among other purposes. Tools for achieving this goal include the Identity Wallet, which digitally secures personally-identifying assets and documents; the SelfKey Marketplace, for comparison of and access to a wide-array of identity-related services; and the KEY Token, which allows users to pay for notary and verification services as well as other assets on the SelfKey platform.
Cryptonomica is an online and offline identity verification service and a global database of verified identities with keys for signing electronic documents, blockchain transactions and KYC. It is focused on HelloSign-like functionality.
has created an identity platform based on distributed ledger technology. The platform aims to share verifiable identity claims, data or documents suitable to satisfy compliance requirements for KYC onboarding or refresh. In terms of data privacy, platform users own the “keys” to their personal data and identity certificates, therefore identity owners are the only ones who get to choose which part of their information is to be shared.
Using a blend of blockchain-based data and facial recognition techniques, ShoCard is a mobile identity platform that provides a variety of use cases, including repeat authentication, true-digital signature with non-perishable audit-trail, transaction authorization, login services without username/passwords, and user authentication in financial transactions, travel, health, government.
TKI is an identity management startup that uses Ethereum for online onboarding, KYC and identity/document checks. The startup offers a mobile identity wallet and REST API web services that enable definitive user identity verification, password-less login, as well as identity fraud prevention via secure transaction and document signing. The design supports lost or stolen handling as well as new device scenarios without having to trust any other party.
Standard DID-method based SSI with a mobile identity wallet.
This document (the “Document”) is produced by Outlier Ventures Operations Limited and its affiliates (“Outlier”). The Document may contain material that is not directed to, or intended for distribution to or use by, any person or entity who is a citizen or resident of or located in any locality, state, country or other jurisdiction where such distribution, publication, availability or use would be contrary to law or regulation or which would subject Outlier to any registration or licensing requirement within such jurisdiction.
All material presented in this Document, unless specifically indicated otherwise, is under copyright to Outlier and/or Outlier’s licensors.
The Document should not be considered a recommendation by Outlier or any of its directors, officers, employees, agents or advisers in connection with any purchase of or subscription for securities or otherwise. Recipients should not construe the contents of this Document as legal, tax, regulatory, financial, investment, trading or accounting advice or services and are urged to consult with their own advisers in relation to such matters. The information contained in the Document has been prepared purely for informational purposes.
Information and opinions presented in this report have been obtained or derived from sources believed by Outlier to be reliable, but Outlier makes no representation as to their accuracy or completeness. Outlier accepts no liability for loss arising from the use of the material presented in this report. Outlier may have issued, and may in the future issue, other communications that are inconsistent with, and reach different conclusions from, the information presented in this report. Those communications reflect the different assumptions, views and analytical methods of the analysts who prepared them and Outlier is under no obligation to ensure that such other communications are brought to the attention of any recipient of this Document.
Past performance should not be taken as an indication or guarantee of future performance, and no representation or warranty, express or implied, is made regarding future performance. Information, opinions and estimates contained in this Document reflect a judgment at its original date of publication by Outlier and are subject to change without notice.
This Document may provide the addresses of, or contain hyperlinks to, websites. Except to the extent to which the report refers to website material of Outlier, Outlier has not reviewed any such site and takes no responsibility for the content contained therein. Such address or hyperlink (including addresses or hyperlinks to Outlier’s own website material) is provided solely for your convenience and information and the content of any such website does not in any way form part of this document. Accessing such website or following such link through this report or Outlier’s website shall be at your own risk.