Principles to consider when building a decentralized identity solution

“The secret of change is to focus all of your energy, not on fighting the old, but building on the new.”, Socrates (470-399 BC)

As I shared in my last blog post, Empowering individuals to be active participants in the global data ecosystem, over the coming weeks I will be writing a series of blog posts that broadly discuss my work on decentralized identity and one output of that work, the IBM Digital Health Pass. I wanted to start the series with a short foundational post to help set context; one that describes the philosophy/principles that have informed the work and shares terminology that will be used in the subsequent posts.

Over the years, whenever I start a new project I’ve gotten into the habit of defining a set of key principles to guide the work and ensure that it results in something that I can be proud of and which doesn’t undermines my core principles. Now I am not going to pretend that I never fall short, but this habit does ensure that I don’t inadvertently end up in a bad place because I just wasn’t paying attention. So, here are the principles that underpin my work on decentralized identity.

Democratization, where the data subject becomes an active participant in the data eco-system, able to control what data is generated about them, has access to that data, and is able to choose with whom to share, and for what purpose; and the organization is able to implement data-driven policies and procedures in a way that is highly privacy-protecting, which actively engages the data subject, is transparent, and minimizes risk of data theft or misuse. I fundamentally believe that democratization benefits all participants in the data eco-system; helping the flow of data, increasing the volume of available data (less hidden in data silos), and making data flow less opaque to the data subject.

Transparency, where the data subject has access to the data being generated about them and an understanding of how it was generated. To quote Louis Brandeis, US Supreme Court Justice (1916-1939), “sunlight is the best disinfectant”, where increased transparency will make data and analytics exploitation increasingly difficult.

Empowerment, by actively engaging the data subject in the data ecosystem in a way that is practical and understandable, allowing them to better understand the risks and rewards so they can make data decisions that benefit themselves, their families, and their communities.

Access, by allowing as many people as possible to engage with their data, if they so choose, by taking into consideration communities that may have less access to technology than others and designing a solution that can be flexible and support low-tech options. We always hear about the need for people to be able to choose to disengage from the data eco-system, however in many cases data generation is a good thing and large sections of our society are excluded (not by choice). This can be a real issue, specifically in healthcare, and we need to do our best to address this engagement disparity over time and design data systems that are as inclusive as possible.

Below are some key concepts that will be used extensively in the upcoming posts.

  • Credential (data): codifies information about the Holder, such as an employment credential, and a verifiable credential is one that has been cryptographically signed, with a w3c verifiable credentials data model (
  • DID: stands for decentralized identifier and refers to a w3c standard for managing globally resolvable pseudo-anonymous identifiers (
  • Digital Wallet: this is an encrypted vault into which a person, the Holder, can manage their data.
  • Holder: the individual for which data is being generated.
  • Health Pass: this is a verifiable credential that allows an individual to share a health status, as defined by a specific use case, without exposing any of the personal data used to generate it.
  • Issuer: the organization that is generating data about the Holder and providing that data to the Holder as a verifiable credential.
  • Proof Request: this is a request that a Holder prove certain information about themselves, such as “prove you are an Acme employee”.
  • Verifier: the organization that is requesting a proof and checking whether it’s valid.
  • Wellness Score: a classification that is used to represent the status of the Health Pass and is defined by a specific a specific use case, such as an Acme employee readiness to return to work.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: