September 3, 2019
As hacks and breaches become commonplace, affecting millions of people around the world, self-sovereign identity (SSI) is quickly gaining traction among technology developers looking to gain an edge in the race toward web 3.0. This new type of decentralized identity brings control and security back into the hands of the individual. Unlike flawed centralized models, including some federated and siloed traditional data systems, which could become honeypots and security risks, SSI allows identity holders to communicate peer-to-peer with organizations, disrupting the status quo of online transactions.
One such company that sees value in developing SSI is Onfido, an identity verification service that has a dedicated team working on future identity models including SSI. The company’s full time product and engineering resources include a wider squad made up of design, research, legal, and policy, reporting directly to Onfido’s CEO Husayn Kassai.
We caught up with André Albuquerque, Senior Software Engineer at Onfido, who is currently working to explore how portable (re-usable) identity solutions can fundamentally change the way business is done today. André has a master’s degree in distributed systems and software engineering, and worked in the banking industry for seven years, where he obtained a master’s degree in economics.
Sovrin: Thank you again for making time to answer our questions. Can you please tell us a bit about Onfido? What are some of the services and products Onfido offers?
André Albuquerque: We are an identity verification provider. Clients use Onfido’s Identity Verification (IDV) platform to assess whether their users are who they claim to be. We scan global identity documents and detect whether they’re likely to be genuine or fraudulent. Additionally, we seek to verify that the document truly belongs to the person making the transaction. We do this by asking them to take a selfie or short video and use biometric analysis to compare them against the face on the document.
Onfido uses a combination of machine learning algorithms and human agents. This ‘hybrid’ machine learning system combines human knowledge—with its ability to generalize and capacity to learn new tasks quickly—with machine learning models. Our ultimate goal is to provide the highest level of accuracy, while maximizing completion rates.
Sovrin: What motivated you to begin work in decentralized identity? How have some of the recent advancements of decentralized identity advanced the work of Onfido?
AA: Historically, humans have interacted within small, trusted communities where everyone knew each other or were only separated by a few degrees. With the rise of the internet and globalization, humans are now reaching far beyond those small communities and are now more often than not, interacting and transacting with new people previously unknown to them. This new global society has led to problems with trust, and identity is often seen as the answer.
At Onfido, we believe that a person’s identity is now becoming the key to accessing goods and services, as well as to participate in society. Considering the significance that identity is playing in our lives, we think it important to take steps to ensure that identity is owned by the individual and fully under their control, and we think decentralized identity is one way to achieve this end.
We have been able to reflect the recent advancements in decentralized identity within Onfido as to how we offer our identity verification services. We currently provide these services directly to businesses who are looking to verify the identities of their users. But through decentralized identity, we are now thinking of ways to offer the output of an identity verification directly to the person, so they can control and permission it as they see fit without the interference of any government, company, or other body.
We believe that change is happening. Mobile devices are becoming the key to our digital lives; new regulations (i.e. GDPR, PSD2) have brought more stringent data responsibilities for organizations; governments around the world are putting the identity challenge at the top of their agenda; consumers are more aware about privacy; the emergence of tech like blockchain is acting as a trust fabric for the decentralized identity model; and we’re seeing community work focused on standardizing the format of digitally-signed credentials. All of this is paving the way to establish a global public utility for self-sovereign portable digital identity, one that does not depend on any central authority and can never be taken away.
AA: The UK’s Fintech Delivery Panel (FDP), established by HM Treasury to drive high-impact initiatives to ensure that the UK remains top for fintech, set out in its vision that portable identity was a key priority. This was the genesis of our collaboration with Evernym, and we are also jointly working with Deloitte. The FDP includes major UK banks, leading fintechs, the Treasury and the FCA.
A Digital Identity working group underneath the main FDP panel was set up with the objective of building a pilot that delivers the vision set out by the FDP. This group wanted to take a pragmatic approach to solving the identity problem by building a working pilot that demonstrated what is possible, instead of simply publishing yet another white paper into what is already a congested space.
Sovrin: This is an exciting collaboration mixing verification with SSI.
What exactly does your collaboration consist of?
AA: Evernym and Onfido have been collaborating on an FCA pilot since 2018. The aim of the pilot is to show that consumers can take control over their digital identities and ‘port’ previously verified digital identities across different companies that rely on them to satisfy their customer due diligence and KYC obligations related to identity verification.
Within this collaboration, Onfido has taken the role of IDV (Identity Verification) provider and trust anchor for identity verifiable credentials. Evernym has provided the consumer identity app (Connect.Me) supported by the decentralized tech infrastructure of the Sovrin Network.
In the pilot, end users are granted an Onfido verifiable identity credential that they can store in the Connect.Me Evernym mobile app. This credential can be used as part of the KYC on-boarding flow at Fintech 1, and then can be reused (relied on) by Fintech 2. The end user is fully in control of permissioning their data to these Fintechs.
The pilot is taking place in the FCA sandbox (UK financial services regulator) and was announced in April 2019. The test is expected to last about six months.
Sovrin: This seems like a pairing that has a wide variety of use, especially in the KYC world. What products are you working on together?
AA: We’ve been working together to build a real world demonstration of self-sovereign identity and the capability to go to market with this product.
Onfido has taken the role of trust anchor for legal identity, building upon our core identity verification capabilities and augmenting it through the issuance of verified credentials.
Users submit identity claims for Onfido to verify. The Onfido SDK—which is integrated within Connect.Me app—enables the capture of the claims, i.e. a photo government ID and a selfie. A set of rules apply to establish whether Onfido should grant a user a verifiable identity credential (i.e. Onfido ID). In the case of positive outcome, a verifiable credential is generated with a set of attributes which is then cryptographically signed by Onfido, “pushed” into the Connect.Me app, and stored on the consumer’s device.
If the user isn’t eligible for a verifiable credential, they are informed and given the opportunity to learn more about what happened to increase their chances to succeed at the next attempt.
Fig. 1 provides a high-level view of the Onfido <> Evernym solution.
Sovrin: Last spring, we were able to participate in a demonstration of this pilot at the Internet Identity Workshop (IIW) in Mountainview, California. It was really well executed and seemed to impress many of the attendees. Can you please describe your demo at IIW?
AA: Evernym and Onfido gave a demonstration of their working together at the IIW28 last April. We ran multiple demos throughout the three days of the event.
The demo showcased a user attempting to open an account with a given financial institution (fictional, for the purpose of the demo).
The main focus was demonstrating the journey: Onfido verifying the user’s identity, then verifiable identity credentials (i.e. Onfido ID) being issued and stored with the user’s Connect.Me app.
Finally, the demo showed the Onfido ID being shared with the selected institution as part of the account opening process and the institution receiving and verifying the credential attributes.
Sovrin: It was thrilling to see real verifiable credential exchange in action. What was the most exciting part of the demo?
AA: The demo was exciting because there haven’t previously been many demonstrations of working solutions for credential issuance at the IIW.
The IIW demo also provided the opportunity to show how a solution including trusted verifiers would work in practice. While of course the blockchain can be useful for exchanging identity information as a digital asset, someone has to accurately create that digital asset and link it to a physical person, entity, or device to begin with to make the technology useful.
This means that trusted verifiers are required to provide authoritative attributes and the process to connect those attributes with a physical, off-chain entity. They are individuals or organizations for whom there is sufficient public evidence of their trustworthiness and accountability.
The IIW demo showed this and resonated well with the audience. We were delighted that IIW28 had perhaps more of a diverse audience than previous events, with participants not limited to tech specialists but also including user experience personnel, representatives from privacy and business, as well as issuers.
Sovrin: How was the technology of Sovrin Network helpful in creating this demo?
AA: The Sovrin Network is a public permissioned ledger, purpose built with self-sovereign identity in mind and based on open-source distributed ledger technology.
It adheres to Privacy by Design principles on a global scale. These include pairwise pseudonymous identifiers, peer-to-peer private agents, and selective disclosure of personal data using zero-knowledge proof cryptography. Sovrin identity data is private and can only be shared with the consent of its owner.
This, coupled with the work of the Sovrin Foundation—a global nonprofit organization whose purpose is the governance of this ledger—results in a reliable, public source of truth under no single entity’s control, robust to system failure and resilient to hacking.
These guarantees help anyone to keep and share their identity information instead of traditionally relying on a third-party entity, paving the road to a mainstream self-sovereign identity paradigm.
Sovrin: Onfido has clearly put forth some effort in developing toward integrating with Evernym and toward providing SSI-based verifiable credentials. What do you think the next five years looks like for digital identity as a whole?
AA: We think the time and the tech is ripe to evolve towards a more user-centric approach, which puts user convenience front and center, but crucially, without compromising on privacy or security.
An identity model which fosters portable identity introduces new challenges, but these can be addressed by policy makers and regulators putting the right liability and trust models in place.
We feel certain that this is the future—the only question is how soon.
Connect.Me is currently available for download in both Apple and Google app stores.