Privacy by Design Identity Architecture Using Agents and Digital Identities

Abstract

Today’s web is comprised of a patchwork of identity solutions because neither identity nor privacy were designed-in when it was created. This paper proposes an integrative identity architecture that satisfies the principles of privacy by design from inception. Comprised of identity agents and digital identities that are tightly held by their owners, the architecture decentralizes control over identity from providers to users. Owners can manage their digital identities and private data such that liability risks are reduced for service providers without compromising ease-of-use. Identity agents and digital identities enable owners to prove who they are when required, protect their private and identifying data, and securely collaborate. Digital identities are virtualized to look and behave like credentials found in one’s wallet thereby facilitating technology adoption and reducing dependency on remote access passwords. A gestalt privacy by design process has been used to discover and validate the architecture’s privacy requirements and design elements, systematically reasoning about how the design satisfies the requirements. The process can be applied to organically improve the architecture and create a reference model for open source development. This paper also relates the architecture to W3C’s models for verifiable credentials and decentralized identifiers, summarizes the architecture’s features, capabilities and benefits, and suggests areas for further study.