Tap and Prove

We should be able to “tap and prove” any important fact and figures about ourselves – as easily as we tap and pay with a mobile phone at any one of 100s of millions of terminals globally.?

And I mean exactly as easily.?With the same security, privacy and speed.?With the very same gadgets.?

We should be able to move verified copies of our personal information around the data economy as safely as we move our money.?

Look at the innovation in mobile credentials. With our phones now we can carry and present secure copies (tokens) of payment accounts, boarding passes and even virtual hotel room keys.?

In digital life and work, we are constantly needing to show things about ourselves – typically discrete pieces of important data each in a particular context. Under the covers, transaction systems also consume special metadata used to prove the origin of the credential, the origin of each authorised transaction, consent of the user to the transaction, signs of compliance with conditions of use, regulatory commitments, and so on.?

If we generalise from credit cards ― leveraging the networks, terminals and smart data carriers, and the business arrangements of standardised contracts and service fees― we could build truly global infostructure for verifying everything we routinely need to prove about ourselves: professional memberships, trade licences, qualifications & grades, age, government IDs, other pieces of KYC, health IDs, medical data, vaccination records and so on.?

State governments in Australia are well advanced in digitising all manner of citizen credentials so they can be conveyed peer-to-peer from mobile phones.?The user experience is evolving from QR codes through to instantaneous radiofrequency interfaces (of exactly the same type used in mobile phone payment wallets). And this digitisation is taking place without changing any of the meaning or the rules around the credentials. There’s no fuss, and there’s little or no complication around “identity”.?The mission is simple: progressively digitise all the things we routinely need to know and show.?

Conceptually simple data wallets are leaving federated identity for dead.??While digital services have developed ever more rapidly, digital identity – which was supposed to be the essential underpinning – has laboured.?We made digital identity too hard by solving for the wrong problem.?Personal human identity is always going to be rich and relative and analogue, but the challenges in the digital domain are simpler, and boil down to truth in data.?We know how to solve for data reliability, by blending cryptography with established governance.?Look at how credit cards have evolved from paper through magnetic stripe to chip cards and mobile wallets.?They’re all just data carriers, each carrying exactly the same data, but modernised over time, with cryptography now built in to prove that data is true.??

The digital identity industry has arrived at cryptographically Verifiable Credentials.?This technology can be married to existing rules frameworks to create infostructure to verify any data anywhere across cyberspace and the digital economy. We’ve done it for credit cards; now let’s do it for data.?

This is an edited extract from my recent speech at the Identiverse 2021 conference "Why Isn’t Identity Easy?".