1 Introduction
Digitalization has and is generating tremendous value, but has also left us with the core challenges of being in control of our own data and being able to verify that both people and things on the internet and other digital platforms are real.
The problem around verifying people was broadly accepted even before we saw the first commercial internet browser as this famous cartoon quote or meme suggests:
"On the Internet, nobody knows you're a dog" by Peter Steiner, The New Yorker, 1993
On the other hand, the privacy challenge has gradually emerged as a consequence of the large public and private data concentration, as well as new tools such as AI that can extract insights out of massive data like never before.
Combining privacy and verification while still being able to harness the tremendous value that comes from activating both high-quality data as well as the massive amount of big data that exists in the world, is now one of the biggest challenges of our time.
We are solving this challenge with the Partisia Platform, and the first step is the privacy-preserving self-sovereign identity solution Partisia decentralised Identity.
Partisia decentralised Identity is a solution that is built on the decentralised Partisia Platform, which solves the challenge of privacy and verification by using a combination of blockchain and privacy-enhancing technologies. This combination enables storing immutable data as well as activating data to work with arbitrary levels of privacy with no single point of trust.
2 The basic concept
The goal of the Partisia decentralised Identity is to connect people (and things) with trustworthy verifiable attributes and other verifiable information. The trustworthy information comes from multiple verifiable sources such as the issuer of driver's licenses or education certificates.
This is a challenging coordination job that involves many stakeholders with diverse incentives and interests and naturally calls for a neutral coordinator. This neutral coordinator is required to be trusted with private information, ensuring immutable data, compliance and availability at all times. The Partisia Platform solves this challenge as a neutral decentralised digital infrastructure, operated by independent node operators. The combination of a distributed ledger and the built-in privacy-preserving computation, provides the needed neutrality with no single point of trust.
Partisia decentralised Identity involves the following roles and components:
Holder: The holder of the Identity Wallet and subject (or object) in question
Issuer: A person or organisation that holds trustworthy information about the Holder
Receiver: A person or organisation that needs information about the Holder (sometimes called the verifier but we do more than just verify - we put data to work)
Verifiable Credentials: Trustworthy information attested to by Issuers
Claims: The pieces of attested information in a Verifiable Credential
Verifiable Presentation: A presentation of insights from the content of the claims in a VC
The Partisia decentralised Identity is the software that allows the Holders using the Identity Wallet to be in complete control of their data. The Holder may either receive and use Verifiable Credentials directly from the Issuers or by consent activated Verifiable Credentials and other data directly via the Issuers.
3 Partisia decentralised Identity
Partisia decentralised Identity is a complete privacy-preserving self-sovereign identity solution.
The illustration below shows how the different roles and components presented in the previous section are put to work in Partisia decentralised Identity. At the centre is the Holder using the Identity Wallet that activates attested trustworthy information in the form of Verifiable Credentials from one or more Issuers. The Holder can put these to work in clear text or in privacy-preserving computations via the Partisia Platform and thereby serve the need of the Receiver. The Receiver gets verified identity or other derived insights like “above 18”, “vaccinated”, “citizen of a given country”, etc.
Central to the Partisia decentralised Identity is the ability for any individual to use their verified identity data in a self-sovereign manner while minimising the privacy loss related to this usage. The user is in complete control of the activation of their data by consent and privacy-preserving computations, enabling controlled use of data on the internet and other digital platforms.
Partisia Platform provides the immutable ledger for publishing and verifying Verifiable Credentials and user consents using cryptographic signatures and proofs on a neutral decentralised network with no single point of trust.
4 My Data Activation starts here
The Partisia decentralised Identity is the starting point for the broader product My Data Activation which works in a similar fashion by activating trustworthy data using the Partisia Platform.
My Data Activation allows confidential use of private data linked to a person with consent. The first step of activating My Data is the small pieces of high-quality information or Claims in Verifiable Credentials, which are by definition private and can be activated in a privacy-preserving form as explained in the previous section.
The broader set of My Data is more diverse from health records to vast sensor data that is typically maintained by private service providers or public authorities. The user holds connections to these data sources (Issuers) that can be activated confidentially as illustrated in the My Data Activation model below. This is a straightforward extension of the self-sovereign Identity model above. First, the Holder activates the data with a cryptographically verifiable consent. Next, the Issuer provides the data in encrypted form for confidential use on the Partisia Platform where the non-sensitive results are produced and sent to the designated “Receiver”.
The Partisia Platform is the general infrastructure that brings these highly valuable data alive with a level of privacy chosen/accepted by the Holder.
5 Interoperability and regulatory compliance
The Partisia Platform addresses the core objectives across the regulatory regime for digital platforms in the EU. This has been achieved by solving the very basic and ideal properties for neutral decentralised digital infrastructure:
Confidentiality - addresses data protection regulated by GDPR and antitrust regulations.
Integrity - addresses the accountability and transparency regulated by the AI Act, Data Act and Digital Market Act.
Availability - addresses the required resilience and jurisdiction management regulated by Schrems II, NIS2, DORA, Cyber Resilience Act and Financial Data Access.
Partisia decentralised Identity inherits the properties of Confidentiality, Integrity and Availability through the underlying Partisia Platform and hence the regulatory compliance listed above. In particular, the concept of Verifiable Presentation is powerful as it addresses selective disclosure, unlinkability, and privacy-preserving use of data that match the GDPR principle of data minimization.
Apart from the regulatory packages mentioned above, a dedicated package describes the EU requirements for self-sovereign identity solutions, the so-called eIDAS. eIDAS 2.0 was decided politically in April 2024 and awaits final activation (Link). At that time of activation, all EU member states have 24 months to fully implement the requirements and ensure that all EU citizens can use a digital wallet throughout the public and private sectors.
The eIDAS requirements match the properties of the Partisia Platform with the built-in distributed ledger and privacy enhancing technologies. In particular, the regulation is explicit about the GDPR data minimisation principle and the use of neutral ledger technologies e.g.:
It is mandated that when identification is not legally required, the wallet should be able to ensure unlinkability (Article 5a 16b).
It is explicitly stated that the wallets must offer selective disclosure (Recital 15, 59).
Qualified Electronic Ledgers will benefit from being legally considered to be sequentially ordered and immutable (Article 45l).
Both centralised and distributed ledgers must be recognized as compliant and approved ledgers (Recital 68).
The technology implementing the ledger should be environmentally friendly supporting global ESG targets (Recital 68).
Partisia Platform is built with interoperability baked in and as such the core components are compatible with the standards of leading standardisation bodies. In particular, the software is compatible with standards from W3C, OpenID, DIF, and ISO. This allows Partisia decentralised Identity to be used both as a standalone full package or as part of an existing ecosystem.
We expect that the final implementation and standards for the eIDAS 2.0 is a subset of these existing standards. Therefore, Partisia Platform will meet all of the eIDAS 2.0 requirements and to the best of our knowledge the requirements outside of the EU where self-sovereign identity solutions are both required and promoted.
6 Conclusion
The Partisia decentralised Identity is the user centric starting point for identifying and linking digital and physical assets to an individual - across digital platforms from the Internet to any other digital platforms. It is also the starting point for Partisia’s My Data Activation solution that empowers individuals to activate private sensitive data using consent.
Partisia Blockchain functions as a neutral digital platform through a unique combination of a distributed immutable ledger and a distributed encrypted computation network. The ledger provides an accountable and transparent way to publish and use cryptographic proofs and encrypted computations across independent parties. The encrypted computation is a unique approach to data privacy that allows for individual control and privacy while data is put to work in a collaborative work.
This combination of fundamental cryptographic technologies ensures a fully compliant future proof neutral digital platform. It is the same properties that turn the Partisia decentralised Identity into not just a unique neutral identity solution but a starting point for a new user centric data economy for the greater good.