SILO IDENTITY MODEL

The silo model describes the most common form of digital identity where an organization will issue a unique account to allow that individual to access their products and services

Typical examples are bank accounts, mortgage accounts, passports, driver’s licenses, and Amazon accounts. These various identities offer a one-to-one relationship between the individual and the issuer. In this case, the individual has no control, and they are rarely immutable or persistent.  

At the point of creation, this model will require the individual to share some level of PII to establish and verify their identity. The relationship to be created drives the amount of PII required. For instance, the PII needed to create a bank account will be greater than that required to create a social media account. This model drives the extensive proliferation of PII across many organizations. To exercise control and consent, the consumer must do so with each issuing organization.

FEDERATED IDENTITY MODEL

The federated model attempts to solve some of the issues with the silo model

 A third-party organization will play the part of the identity issuer, and consumers can then use that identity to access products and services from many other organizations. The most well-known of these federated identities are Facebook, Google, and Apple. 

This model requires fewer identities for an individual to manage and less PII to be shared with and stored by fewer organizations. These identities are still not controlled by the individual and are no more immutable or persistent.

SELF SOVEREIGN IDENTITY MODEL

The evolving model is the self-sovereign identity model. In this case, the individual creates and controls a single, persistent, and immutable digital identity

The underlying technology combines the concepts of decentralized identity, blockchain, and verifiable credentials.

The individual will create a unique identity and add the associated PII as verified credentials. They can then choose to grant, withhold, or revoke consent to any organization they enter a relationship with. This identity, by nature, is in the control of the individual and is unique, immutable, persistent, and secure. It is unnecessary to uphold the PII to be stored by an organization, barring the associated verified credential. Only the verified token attesting to the verified passport needs to be shared, not the passport number.

Self-sovereign identity is the only digital identity model, that comes close to, in spirit and letter, the emerging privacy regulations. The enabling technology is in place, and the underlying standards are rapidly developing.

igm shift, to play a central role in the industry’s growth toward self-sovereign identity and personal consumer data ecosystems. Suppose they do not have access to large amounts of consumer data and the opportunity to monetize that data. In that case, the bureaus will be little more than analytical credit scoring models. 

A key to accelerating their move towards broad adoption of digital identity and thereby resilience by design is the adoption of emerging technologies and advanced data security standards.

The consumer consent hub will be explored in more detail in the following paper in this series.

THE CONSUMER CONSENT HUB

The concept of self-sovereign identity puts the individual in control of their digital identity and through verified credentials, their PII

Similarly, the idea of a consumer consent hub gives the individual control over the explicit consent to use that identity and credentials. Since the emergence of legislation to regulate the need for consumer consent for storing and using PII, organizations have approached the problem by creating solutions that directly seek and manage those consumer consent for their purposes. The consumer consents hub will flip this relationship and put the management in the hands of the consumer. Any organization requiring approval will request the data needed for a particular purpose and a defined period via the hub. The consumer will directly give or withhold consent accordingly. The requesting organization can check for valid support at any future point.

This disruptive shift has already started in some markets where open banking regulations layer over new data privacy legislation. Regions like the EU, UK, and Australia are driving the need for explicit consent for the use of consumer data and the ongoing maintenance of that consent.

OPPORTUNITY FOR DISRUPTIVE CHANGE

Embracing the concept of self-sovereign identity will offer the credit reference industry a significant opportunity to disrupt its business model and change its relationship with the consumer by putting them at its heart

Recent history has shown that if the industry does not face this new standard in digital identity, there will be organizations only too willing to step in to disintermediate them from the consumer further.

If they do not embrace the opportunity, it will be difficult for the traditional credit bureaus to survive the parad