As humans, we exhibit multiple identities. That’s not a philosophical statement; rather, for the purposes of this article, it’s a representation of the merging of our physical identity and the multiple identities we exhibit online.

There are dozens, if not thousands, of our identities online. Every service we register with, every post, purchase, opinion and decision made helps create multiple representations of ourselves. Some we may think we directly control, such as personal blogs or social media profiles. But once elements of our identity are online, they can be scraped, parsed, re-assembled, and represented by any party with access to fairly simple technology. Uses of these personas can vary from benign (medical records or marketing preferences, for example) to completely malign (identity theft, impersonation, and account compromise).

Because of data availability, we can never be 100 per cent sure that information concerning us is secure, private or adequately anonymised. Additionally, we are only ever partially represented in these many different forms, so any view of our identity is fragmented, making it difficult to judge the veracity of any version of ourselves online. That lack of guarantees means, as individuals, we have no control over how data is used or how we are represented. As well as not being able to verify an identity’s integrity, we cannot monetise information we approve for wider consumption, and there is no way of presenting a canonical version of our identity.

The vendor’s tale

For organisations that offer goods or services online, uncertainties around the authenticity of fragmented customer data make authentication difficult. Digital records of, for instance, our purchase histories, membership to particular groups or any other facet of online identity are difficult to cross-check and rely on.

Authenticating new users seeking a driver’s license or passport is complex, expensive and resource-intensive to maintain. Plus, user-led authentication continues to rely on spoof-able credentials, a situation exacerbated by poor password choices and generally a poor standard of online hygiene.

A sovereignty of one

As individuals, we have little sovereignty over identity data, but that may be set to change. The concept of a Holistic Identity, managed by the individual, promises to return stewardship of our identity. Rather than the potential of every online interaction giving away information that can be misconstrued or misused, an open, standards-based, decentralised version of ourselves that we self-manage reverses the flow of information.

A digital Holistic Identity has many advantages. Onboarding new services becomes a matter of authentication without needing a password or email confirmation. Consumers can choose what data they wish to publicise and, therefore, monetise. Service providers, from SaaS platforms to the local gym, will be able to verify an individual and request only the information they truly need to function. In fact, any communication or transaction can be verified and encrypted end-to-end. From one-to-one messaging to driver’s license applications, encrypted data exchange becomes possible from individual data repositories that are widely distributed and, therefore, massively redundant.

Joining the dots

The creation of a trusted network built on holistic identities is the vision of Affinidi. The Affinidi Trust Network empowers developers to integrate data from multiple authoritative sources, ensures the integrity of data custody, and enables individuals to provide consent for data sharing while verifying identities of all parties involved. The ultimate goal is to establish end-to-end trust in data, fostering a privacy-preserving and enriching data exchange experience while aligning to user’s preferences and values in a privacy-enabled, consent-driven manner. From browsing history and preferences in coffee brands to payment card details and state-verified passports, the individual, not the requester, dictates the availability of any or all data.

The Affinidi Trust Network and Holistic Identity concept offer a broader scope and more user-friendly implementation. They enable software developers to construct vital zero-knowledge proof-based authentication mechanisms and help establish data governance policies. With a distributed authority, the risk of identity or data compromise is minimised.

The Holistic Identity solution is already well underway. You can read more information from the organisation behind the initiative or head to the Affinidi Developer page, where developers can start integrating and building projects. Watch this space for a deeper exploration of the Affinidi Trust Network on these pages in the coming weeks.