<img alt="" src="https://secure.norm0care.com/164647.png" style="display:none;">
Breaking News: Onegini and iWelcome are now OneWelcome | READ PRESS RELEASE  

The lessons of the two-sided market for Self-Sovereign Identity and 3rd party Identity providers

Maarten Stultjens
December 13, 2019 at 1:11 PM

Being an economist, I look at the developments of the usage of 3rd party digital identities as a two-sided market or two-sided network. In a two-sided market there are two distinct user groups. Members of one group exhibit a preference regarding a high number of users in the other group - this is referred to as cross-side network effects.

A typical example can be found in the credit card industry with cardholders and merchants, where a high acceptance of the credit card in both groups is a requirement for success. Other examples are marketplaces with buyers and sellers, but also social networks. Benefits of a two-sided market are only realised at a certain scale.

A key mechanism to realise the scale in a two-sided market is the pricing strategy. To attract users from the other group, one group usually invests most in the development of the two-sided network. Think of “freemium” usage of services. A friend of mine, a Professor in Payment systems, explained to me that the same applies for dating clubs, where the entry fee for men is higher than for women. Not choosing the right price model leads to adoption stagnation. Adobe had to learn this the hard way and only became successful when the PDF-readers were offered free of charge, resulting in increased sales of writers. The most price sensitive user group is subsidised by the other group.

In the identity industry you can relate this economic theory to the development and acceptance of 3rd party identities. In the internet world, there has been a demand for this for decades. Guidance on how that should look like was given by Kim Cameron already in 2005 with his "7 laws of identity” and just last month by “Identity Legend” Jamie Lewis with “11 critical elements for 3rd party credentials”.

Successful 3rd party identities

Although not meeting the criteria of these identity visionaries, we have proof of a few examples of successful implementations of 3rd party identities. In the government domain we see -enforced by law - the usage of a government issued ID in several European countries - and soon across countries with eIDAS. We also see the rise of Identities provided by in-country consortiums like FranceConnect, Itsme (Belgium) and Verimi (Germany). These platforms face the typical challenges of developing the two-sided market, but all of these platforms, backed by large organisations, seem to have the power to play the long-game and subsidise the other group.

Self-Sovereign Identity

At the same time, we see initiatives in the spirit of Jamie, Kim and privacy advocates, referred to as Self-Sovereign identity (SSI). In SSI individuals are in control of their own personal data and there is no such thing as an administrative authority. Typically, a blockchain distributed ledger technology is the basis for implementations. However, we have not seen these initiatives growing beyond technical proof. The clear reason for this, is that it is not the technology that prevents SSI from becoming successful. It is the economic principle of the two-sided market that stands in the way of success. Simply said, as long as there is not a party subsidising the other party it will never achieve the scale required.

Service providers as identity providers

Going back in history we have not yet seen businesses becoming a pure play identity provider. What comes closest are the Trusted Third Parties in the heyday of PKI (Public Key Infrastructures), around 2000. There is no business in being an identity provider. What we have seen in recent years though, is service providers becoming extremely successful and opening theirs services for third parties. Think of Bank ID’s within countries or regions and Google, Microsoft, Apple and Facebook on a global scale.

It is my strong believe that as a result of consumer behaviour these organisations, having solved one side of the two-sided market, will evolve into the widely accepted 3rd party identity providers of the ’20s. Consumers are pragmatic and will choose ease-of-use and free usage over privacy and paid services. I am aware that we still have a way to go to regulate the proper usage of my personal data by these platforms. But we have seen tremendous progress on regulations and law enforcement being applied on these organisations in recent years.

Reliable social accounts

I would like to give another view on the traditional social network bashing of identity experts. The value of these networks for our industry is underestimated, and not only because of the number of users. With my social accounts, I as a consumer, can assure the other side of the two-sided market, that my Facebook account (not the attributes) is reliable. My account lives since 2010 and has been verified by 375 friends, most of whom have been verified 100+ times as well. As there has been activity during the last month, it is most likely an active account. Part of my private reputation is built up around this account, so I will protect access to my credentials better than to my professional account. Just imagine, building up a risk-score of such a profile.

If I look at Facebook as Identity provider, they have the ability and interest in keeping their community safe as we are living in a call-out culture. Consumer opinions are far reaching for the platform and their shareholders. At the same time governments are increasingly applying regulations, which should improve Facebook’s (and other tech-giants’) attitude towards privacy.

So, when striving for reliable 3rd party Identity Providers, Self-Sovereign Identity and its technology focus is not the answer. The economic sustainability, in my opinion, is in favour of large service providers offering reliable IDs and even social networks should not be neglected. Regulations like GDPR will take away todays’ privacy concerns in the coming years.

And if you don’t agree, do you dare to place your bet on self-sovereign identity providers?

What is Self-Sovereign Identity?

Self-Sovereign Identity is a model where individuals have the sole ownership of their digital identity, by managing their personal data on their own device and not in a central data repository. With Self-Sovereign Identity an individual is in full control of what data is shared with who. Since there is no 3rd party involved, blockchain technology can be used for identity verification.

Feel free to repost this blog on your website or social channels! But when you do so, please be so kind as to mention the source and give us a notice via marketing@iwelcome.com.

Subscribe by Email

No Comments Yet

Let us know what you think