I don't know why, I know, for a while now something has been going on in my head... What do we actually mean by "digital ID"? Before, I myself used to think - it's a simple thing, a smart card or app, where my information will be... job done. But after reading this article by Sign, I relized that the matter is not simple. Rather, it's a bit the opposite - it's not actually a system, it's an entire architecture. I mean... a country's identity system is never just a database. If you stop and think about it, you understand how much information is spread across a country... birth registration, national identity card, bank KYC, passport, different data from diferent government departments... no one has created these in one place. They have been created for different needs over the years.
I mean actually...
So sudenly, we will create a unified digital ID - isn't this thought a bit a fantasy?
Sign actually starts from a realistic place here. They are saying - you can build something new, okay... but you can't replace all the old systms. You have to connect. From here come three models... which we have already seen in practice.
The first one - the centralized model,
All the data is in one place. It sounds good. The government can control, the system will work quickly, integration is easy. But in fact, there is a strange kind of risk here... If everything in one place, then that one place becoms a "single point of failure". I mean, if it gets hacked? Or falls into the wrong hands? Then not just one server - the identity of the entire country will be at risk. Another thing... We often don't notice - when an app or service does "ID verification", how much data it is actually taking. You just went prove your age... but it pulled the entire profile. Doesn't this seem a little uncomfortable?
The second one - the federated model,
Here everything is not in one place. Different organizations keep data to themselves. They comunicate with each other if necessary. This sounds much more realistic, but. Because no government or organization wants to give up its data completely. But there is a subtle problem here… This is that there is an exchange layer or broker in middle - if this layer can see all the interactions? I mean where did you log in, when did you do it, what did you access… then tehnically it becomes possible to track your activity. Everything is working fine… but a surveillance layer is being created silently. I am little stuck with this… because everything is clean on the surface, but inside there is a little different feeling.
The third one - wallet or credential model,
This is the most interesting to me. The idea here is - the data will with you. On your phone, in your wallet. If somone wants to verify something, you don't have to give the whole data… just give necessary proof. For example - I am 18, or that - this is my whole ID card. This concept is honestly very powerful - I mean powerful at that level. Because for the first time here, user control feels a little real. But the problem is… this is very difficult to implement. All systems need to compatible, standards need to be adopted… and most importantly – everyone needs to accept this model.
Now the question is – which one is right?
The intersting part of Sign is here… They are saying – none of them will work alone. If you only centralize – risk. If you only federate – tracking risk. If you only wallet – implementation barrier. I mean… all three have their strengths, but they also have their limitations. So what they want do is a little diferent. They don’t want to build “another system”… they want to build a layer. A trust layer… or what they call – “trust fabric” sounds a little abstract… but if I understand it my way – they don’t actually want to move data… they want to move proof. Meaning… who are you, what credentials do you have – you don’t have to give this information to everyone. Rather, if necessary, you will prove… and the other system will verify it. This small difference is actually big. Because here data exposure is reduced… but trust is maintained. Another thing I notice very well - they are trying to balance privacy and sovereignty - these two. On one hand, the goverment does not want to lose control… On the other hand, the user does not want to be completely powerless. Finding a middle ground between these two - this is not so easy. This is where many projects fail. Because they either become too centralized… or too idealistic. Sign seems a little pragmatic. They not claiming the perfect solution… rather they are saying - there are existing systems, we will connect them, but in a way does not leak trust. It is not clear to me yet… honestly. Especially the governanc part - who will decide which proof is valid? Who will control the schema? This place is sensitive.
Because in the end…
The one who “defines the truth” - control actually goes to him. So you cannot be blindly bullish. But you cannot ignore it either. Because problem is really real - there is data everywhere… but there is no trusted, usable proof. In the end, it seems me that Sign isn't really making anything flashy. They're building a little invisible layer. If it works, no one will notice much... but if it doesn't, everything will messy.
These kinds of things are usually understood late... but not before.🚀
