uPort Serto Ecosystems: Creating trusted data networks between businesses and individuals
At uPort, we are bringing back trust to interactions between users and companies. Join us in this journey by reaching out to us at firstname.lastname@example.org or signing up for our newsletter at this link!
We are excited to announce that going forward, uPort will be offering two product suites, uPort Serto and uPort Open. Over the past year, as our customers’ needs have evolved, we’ve added new features to our current offerings as well as built new products to better reflect and meet these needs.
- uPort Serto: An identity & trust management platform for enterprises and consortiums. It comprises of a set of products and tools catered to enterprises looking to set up managed ecosystems based on verified data exchange and decentralized identity protocols. Our Serto product suite includes a mobile wallet, a credential management platform, privacy preserving graph data and credential discovery platform. It will be commercially available in early 2020.
- uPort Open: Modular components, developer tools, and mobile clients that help developers build new products to facilitate privacy-preserving data exchange between organizations and their users. uPort Open includes all of our existing open source libraries and protocols, and represents our unwavering commitment to the open source community.
Today, we are launching our first product demo under uPort Serto Ecosystems. This is an interactive experience featuring how an integrated ecosystem of services and products can be created on decentralized identity protocols.
Read below to learn more.
What do we mean by ecosystems?
Over the past few years, hundreds of developers and organizations have relied on uPort libraries to build decentralized solutions based on user-controlled identities and data. The use cases have been numerous, from academic and employment credentials to portable KYC wallets and citizen identity.
While the use cases are diverse across verticals, they have several commonalities:
- They require an ecosystem of players — loosely generalized to 3 groups: credential issuers and verifiers, credential consumers, and end users. The size of each group may vary drastically in an ecosystem, but for trusted data exchange based on decentralized identity and verifiable credentials to happen, a minimal representation of each is necessary.
- Value is derived by the reduced friction of interaction between different players — mainly during the identification, authentication and/ or onboarding phases. This reduced friction allows for more seamless transactions between players and the exchange of personal or sensitive data. This happens first between entities and their users, and then between entities themselves.
- The first business use cases are built to demonstrate initial benefit to the ecosystems, but there are many more — An initial use case that anchors the needs of the ecosystem players typically is only one of many that has been identified as potentially valuable. With the success of initial launches, there is often an increased appetite for wider implementation. This points to an exponential need for secure and trusted ways of exchanging sensitive data between parties.
Taking these key similarities together, we believe there is a larger opportunity for groups of entities, or ecosystems, to adopt decentralized identity infrastructure and allow secure, user-controlled data exchange between them.
With this opportunity in mind, we have outlined our own take on emerging trends and characteristics of ecosystems:
- They are actively managed. In their early days, we believe that these ecosystems will be directly managed, requiring some form of agreement or governance between participating organizations. They may fall more rigidly into the consortium category, where groups of entities create governing bodies or joint ventures to manage the consortium (e.g. Alastria in Spain). Or, they are self-contained ecosystems i.e. managed by a single corporate entity, that introduce user-controlled credentials to their clients and users. (eg Trueprofile.io introducing uPort wallet and credentialing to the job applicants and businesses on its employee background check platform).
- They are bound by specific shared attributes. Early ecosystems can be bound by a particular use case and vertical e.g. Financial services ecosystem that would like to reduce customer KYC costs, or language and region where similar local, national and sometimes regional regulations apply e.g. The Interamerican Development Bank’s LACChain consortium initiative in Latin America.
We predict the number of managed ecosystems relying on user-centric data management to grow rapidly in the next 3–5 years, as adoption of SSI components continues to take hold. Eventually, we expect a shift toward more organic ecosystems emerging as well as growing overlaps between disparate ecosystems.
Ecosystems in the context of portable, decentralized identity
One of the most recent ecosystems of note is the Libra Association, launched by Facebook and joined by the likes of Uber, Venmo and Visa. Within Libra, if allowed to actually launch by regulators, users will be able to use a global cryptocurrency to access participating organizations’ services or products. The promises of Libra are multitude. Beyond simply allowing millions of underbanked people to access services they previously could not reach, it would now allow for easy and frictionless onboarding between users and services across the entire ecosystem. Additionally, the availability of various sources of data including behavioral, social and financial will be key to improved and more personalized products for users.
A beautiful dream or dystopian reality? The Libra project is making regulators balk for many reasons, one of which is data privacy. How can it offer an ecosystem of integrated products and services catered to user needs, while also credibly ensuring it will not adopt discriminatory or predatory practices against consumers? This is a slippery slope. Those same datasets that help a company identify a customer as financially eligible based on rich historical data can be used to discriminate against another customer. Information in the hands of non-state, corporate entities gives them extreme power and rightfully scares regulators who are trying to instill consumer protection laws. What are the right safeguards to put in place, and can such ecosystems similar to the Libra project exist? It is a sobering thought considering the lag between our current digital world and the laws and statutes that should protect users from such predation.
We believe they can — but they need to be built on exceptional privacy and security standards guaranteeing users control and agency over their own data and how it is shared in the ecosystem and beyond.
Now, how to build such an ecosystem?
At uPort, we have created a fully functioning demo that relies on recent innovations in decentralized identity. It provides a feasible option of how to build ecosystems for data exchange properly. In our solution, we show how convenience and ease of access to services can complement user agency and sovereignty over data. Neither of these aspects exists at the expense of the other. With one click, users are able to share data and receive services from participating entities in the ecosystems while simultaneously preserving their privacy. What we built is meant to vastly improve the way data is being exchanged between parties securely, yet still provide an intuitive and simple user experience.
Serto Ecosystems is our newest demo showcasing how businesses from different industries can create a trusted, shared data network.
This network gives industry partners the ability to offer their customers not only a first-class user experience but also new, more personalized types of services that would not be possible without a user-centric identity solution.
In our demo, the story of Monica walks you through a practical application of what this means.
Monica loves driving. She wants to buy a car and become a driver for Ride Away, a ride-sharing service. But Monica is more than just a car owner and a driver… She’s also hoping to buy into the employee stock options plan for drivers of Ride Away. This way she can have a stake in the growing rideshare company she works for.
This sounds pretty straightforward. But with today’s inefficient systems of bureaucracy and data silos, it’s not quite that easy. To make her dream come true, Monica will have to go through a lot of confusing procedures, fill out endless forms and stand in long lines. To add insult to injury, many of the forms and procedures are actually duplicative beyond the office she’s submitting the form to.
But what would this look like if she uses the Serto Ecosystem?
With Serto, we are transported to a world where Monica is able to participate in a full-service, digital ecosystem.
To start, Monica needs to verify her identity. In the demo, this is done with Vericheck, our hypothetical identity service provider.
In real-life, identity can be checked by various services and organizations, including traditional government agencies, banks or increasingly, digital identity verification platforms. This process usually happens in the context of performing a task e.g. getting a driver’s license or renting an electric scooter. In our demo, for the purpose of clarity, we present it as an initial, separate step.
After Monica’s identity is verified, Vericheck issues her a reusable ID credential — in the form of a verifiable credential that is cryptographically signed by Vericheck — which she can store in her uPort wallet. From this point forward, she can share it with other services in the network. There’s no need to create a new account or profile each and every time. These other services can also be assured that the presented identification is valid. It’s been verified by one of the ‘trusted’ identity providers in the ecosystem and securely stored in Monica’s uPort wallet. This creates a net effect of de-risking everyone’s participation through greater mutual participation in the verification process.
In the next step, Monica is applying for a loan to get her dream car. To avoid a tedious paperwork process or having to go to a physical location, she shares her Vericheck ID credential with the Simple Fund Bank via her uPort app.
But there’s more to it than just Monica’s identity and loan. Let’s imagine, Monica has been using a GPS and navigation app (Mappe, in our demo) to drive around the city. The driving data that has been generated over time shows that Monica’s never committed any serious traffic offenses or been in an accident. This information can be automatically turned into a Safe Driver Badge credential and added to her uPort wallet. Now, Monica, can easily prove that her driving skills are impeccable. When she shares this with Simple Fund Bank, she receives a lower interest rate for her car loan.
From here, she’s just a few, easy steps away from getting her new car and becoming a driver and shareholder at Ride Away. With the uPort app, Monica receives and shares her credentials along the way while also confident that her information is secure and fully under her control the entire time.
Notice that in this ecosystem, Monica has agency over her personal data. By relying on verifiable credentials that she manages in her wallet, she controls who she shares these credentials with and when. This allows her to separate her financial reputation from her social preferences. By allowing the ability to share only specific relevant attributes with service providers (eg Monica’s Safe Driver Badge rather than all her driving data), she is able to preserve her privacy. In control of her personal data and preferences, she is safer from security breaches and no longer worries if corporations are sharing her data without her consent.
Ecosystems also create a lot of value for participating businesses
Through the ecosystem’s governance framework, these businesses define and agree on what they accept as verifications across different levels of assurance as well as which parties are to be entrusted with the issuance of this data. In our Serto Ecosystems demo, all companies have agreed to accept credentials issued by Vericheck as a form of valid user identification. By distributing verification processes among various parties, each business can significantly cut onboarding and customer acquisition costs related to checking for data accuracy and proper identification. For instance, Ride Away, the car-sharing service, can now immediately onboard ‘trusted’ drivers who have established a ‘good’ driver score. Additionally, businesses are no longer necessarily required to store personal data, but still are able to access it when needed (by requesting it from a user). This way, companies not only greatly reduce the risk of data breaches but also, by-design, become GDPR compliant.
The most exciting part of these ecosystems is that with this new way of data exchange, new revenue opportunities arise for participating parties. For instance, Vericheck and other credential issuers, who are now entrusted with issuing ‘verified’ data, can charge per verification. Also, for businesses who now have access to new sets of data previously not available to them, they can provide brand new, fully customized offerings to their customers. For example, Simple Fund Bank, the auto loan company in our demo, can now offer a new class of loan products with low interest rates for people with a “Safe Driver Badge”.
Obviously, Monica’s story demonstrates one specific use case, but Serto Ecosystems can be applied to various scenarios within a particular industry, vertical or geographic location.
The combination of businesses and organizations that can join a network are limitless and fully depend on the governance framework that each network agrees to follow. Furthermore, as the use of these ecosystems grow, overlap from one network to another can occur seamlessly with a decreasing marginal cost each time.
Here are some examples:
An ecosystem of trusted data exchange between financial institutions that rely on reusable KYC credentials to provide customers with easy onboarding. This ease of use also reduces the cost of regulatory compliance for the participating institutions and can result in new revenue opportunities for participating financial institutions who issue these KYC credentials.
Click here to learn more about how uPort is enabling a network of financial institutions in the UK.
A municipal government
An ecosystem of city agencies and businesses can provide access to a wide range of services to citizens within a city. By creating an ecosystem centered around the verification of citizens, people can now collect credentials from not only the local government but other trusted sources like their bank to participate and get access to all types of services in the city. This could range from physical access e.g. museums or libraries, to digital services like ride-sharing programs or online municipal activities like paying local taxes or voting online.
Our ecosystems demo shows how users can achieve better control in these new shared economies and digital ecosystems.
Over the next few months, we will be launching our full Serto product suite for ecosystems. It will include:
- Serto Mobile Wallet: Consumer-facing app for decentralized identity creation and credential management
- Trustgraph: Privacy preserving distributed graph database representing the connections between issuers and subjects of credentials with controlled access by the owner of the data
- Trust Agent: Credential issuance and consumption tool for businesses
- Marketplace: Credential discovery platform for service providers and credential issuers
Get early access to Serto and launch your own ecosystem
This demo is meant to mimic how one type of ecosystem could work in real life. However, it is easy to convert this into a production-ready environment with real credential issuers and service providers. We invite you to participate with us in being an early tester of our ecosystem identity offering and bring it to your organizations today.
If you are interested, reach out to us at email@example.com.