Decentralised Digital Identity

This article explores how the concept of a ‘Decentralised Digital Identity’ applies to media users or a professional publishing company. We investigate how these types of identities can be used to develop trust and extract new value in the publishing and media industries. The work is based on the research undertaken by the Cogency project in 2022, which assessed how Web3 can be used to help build ongoing trust and develop new sources of revenue for publishers and content producers.


Background
In the summer of 2022 a coalition of local and international news, current affairs and lifestyle publishers, academics, members of the Web3 community and technologists came together to assess how Web3 technologies might be used to help build ongoing trust and develop new sources of revenue for publishers and content producers. This group called itself Cogency.
Cogency investigated the potential impact of Web3 and other various emerging technologies, ranging from meta-spaces and non-fungible tokens (NFTs) to decentralized autonomous organization (DAOs) and decentralized content delivery networks (CDNs). The group also identified opportunities and barriers to adoption during this work, including scalability and cost.
Through researching these technologies, Cogency identified a key concept of a unique decentralized digital identity, also known as a decentralized identity or 'DID'. However, it was unclear whether the use of blockchain technology focused around DID could give users new agency over how their data is used, develop a trust system that verifies content's origin, or generate new funding models for content creators. For example, would DID on a blockchain system help publishers and subsequently jumpstart a more diverse, vibrant and professional ecosystem?
Some of the problems that the coalition aimed to solve were: research from a media coalition assessed the benefits that Web3 blockchain technology might hold for media and publishing; • how blockchain technologies could be used to create decentralized identities for verification; • how these identities may lead to users having new forms of agency over how their data is used; • how giving users agency over their data can create new revenue streams for publishers; and • how a decentralized digital identity could also be applied to publishers to provide proof of authenticity for content and develop trust. The Cogency project ran for three months investigating whether the technologies associated with the Web3 movement might solve the problems outlined above, with a focus on verification.
Since the publication of the white paper Cogency has continued its work, expanding the concept of a Cogency DID from something that is just for consumers to something that can be created for publishers too.

How it works
Currently, users have little agency over how their data gets used online. DID are built into Web3 environments and allow users to create, manage and control their Personally Identifiable Information (PII) without a centralized third party like a registry, identity provider or certification authority. DID and PII can also be used for institutions, where PII is information about the institution as opposed to an individual.
Users have no agency over their data and as a result the current relationship between publishers and consumers suffers from an imbalanced data value exchange, where publishers extract proportionately more value from data.

0.
Publishers are losing money for a variety of reasons including: 0.
Legacy, small and large, professional publishers have seen a gradual deterioration in the value of what they publish due to the changing economics of the advertising industry such as the development of programmatic advertising and monetisation of data, the rise of digital platforms including Google and Facebook and the explosion of user generated content.
• The widespread use of ad-blocking technology by consumers has also significantly impacted the revenue of publishers relying on ad income.
• User-data plays crucial commercial and operational roles for publishers but regulations and legislations are being put in place in many jurisdictions which will greatly limit professional content makers' ability to gather and store user data.
• The current relationship between publishers and consumers suffers from a lack of trust (in publishers and journalists) which historically has been in part due to practices such as creating click bait to drive engagement. In the future trust may further be eroded due to the authentication challenges that Artificial Intelligence (AI) may create for the publishing industry, where a proliferation of content may make it harder for users to distinguish between what is authentic and what is not. At its worst, the emergence of deepfakes and AI synthesized content that is designed to be indistinguishable from authentic content, poses a significant challenge to maintaining trust in the digital world. As these technologies become more sophisticated and accessible, they could be used to create false narratives or disinformation, thereby further eroding trust among consumers of content.

0.
Full details of the research and its outcome can be found here in the project's white paper. PII is the body of information about specific individuals or a group that directly or indirectly identifies them.
This usually includes data such as name, address, credit history as well as data from online sources and can include things like usernames and passwords or search and engagement history.
The use of a DID, which includes PII, can develop a trust framework for identity management where users have agency over the information stored and can share or restrict access. In this trust framework, users who accept DID trust providers of DID and vice versa thanks to the underlying 'trustless' technology; trustless refers to the quality of a decentralized environment where, in using the network, there is no need to rely on trust in a third party.
The user accesses and controls their DID through a digital wallet where they grant or deny access and permissions to their PII data.
The notion of 'self-sovereign identity,' with no middle person or platform needed to establish identity, is at the heart of the idea of decentralized identity. To manage the DID, instead of having a set of identities across multiple platforms or a single identity managed by a third party, such as universal login, self-sovereign identity users have their own digital wallets in which their PII credentials are stored and accessible through reliable applications with no third-party intervention.
When accessed by the user via their digital wallet the DID, and associated PII, can be shared by the user with any other user or organization that accepts the DID. This portability means that users can share their PII anonymously across different platforms without involving a third party, giving users full autonomy over their data.

Why use DID for PII in publishing?
The Cogency project felt the portability of anonymized PII in a 'trustless' environment like the one described above and the demographic composition of the associated potential users (young and typically currently less engaged in traditional media) make decentralized digital identities a particularly exciting new field for publishers, media and content makers to explore.
PII data is, of course, already collected by media and publishers online as audiences engage in their content.
The PII data is used for user acquisition and retention as well as a variety of commercial targeting strategies.
However, each publisher's view of engagement data is siloed; they can only see how users engage in the platforms or titles they control. DID's portability changes that siloed perspective by allowing data from multiple sources to be shared, giving the potential for a broader view of the data gathered on a user. If publishers had this broader view of what their audiences engage with online they could tailor the audience experience much more precisely, which in turn could be used to improve user acquisition and retention as well as the user experience. At the same time, audiences have little agency over the access permissions and portability of their PII and as a result cannot benefit from sharing their data between publishers. If these users had greater agency over their digital identity and could share their engagement data between publishers, they could bargain with publishers more effectively for incentives which could include, for example, gifted content or exclusive access.
Finally, publishers themselves do not have a way to verify their credentials and authenticate and verify their content in a 'trustless' way. The future of publishing looks set for a proliferation in the creation of new content.
Being able to verify your publishing brand and the content you create in such an environment will become increasingly important. Having a publisher DID with associated PII, which in the publishers' case could include verified content, may help protect against IP theft and improve trust overall.

Delivering a solution
The Cogency project identified three constraints that would impact the practicality of implementing any new solution like a DID for this consumer base: With these things in mind, the Cogency team proposed the development of a decentralized identity for content consumers that is embedded in the existing subscription workflow and online payment systems.
Users would then be guided to create a Cogency DID and connect their current wallet (or create a new payment option) when they are setting up a new subscription with a publisher.
Once connected to a publisher these users can build what we are calling a Cogency Engagement Graph as a part of their DID that includes verified information (metadata) about how engaged they are with content across every publisher that they are connected to. This verified engagement credential is ranked based on how engaged the users are in a nine-level Fellowship Model (for details see white paper).
First, any solution that will have a long-term impact needs to have a commercial element that does not cannibalize any existing revenue streams and is ideally repeatable over time. (Participants in the project agreed that any solution will be more widely adopted and maintained if it helps publishers with their bottom line, be they for or not for profit.)

0.
Second, the media industry does not have large sums available for research and development. This lack of resources means any solution will be more likely to succeed if it is built on existing processes, workflows and technologies.

0.
Third, to onboard the audiences associated with this technology the building and governance of any solution must be done in a decentralized way or it will not be seen as authentic to the community. The Cogency project has operated as a coalition to create credibility with this community. Additionally, in order to have mass consumption of decentralized technology there is also the need to educate audiences, ensure user friendliness, and have transparency when building solutions and focus on security. The more engaged the user, the higher the ranking. The content consumer will be able to use their identity to signal their interest in different types of content, provide the permissions they wish to grant to any new publisher they engage with, and negotiate for better services and privileges from publishers.
In return for validating these identities and the levels of engagement on their platforms, publishers will have access to a broader understanding of what content consumers want based on a broad cross-section of their engagement across multiple platforms, not just their own. This information can be used to assist in user acquisition and retention as well as content targeting and even the planning and commissioning process.
Publishers will be able to charge a fee to create the identity generating new revenue in the subscription workflow. They will also be able to better tailor subscriptions and membership programmes to vastly improve user acquisition and retention as well as audiences' day-to-day experience.
The majority of the revenue raised during the creation of the DID during the subscription process will be kept by the publisher. A small percentage of the revenue will go towards the maintenance of the infrastructure required to maintain the DIDs The publisher will also be able to create a publisher DID. This DID will operate in the same way as the consumer DID. But in the publisher's case verified information held in the DID will be a verification of the content itself, acting as an archive to prove origination. The unique identifier for content included in this process can be used to track any usage across the internet and protect IP.
So, in return for a small fee, content consumers get autonomy and greater agency over their personal data, an improved content service where they can indicate to publishers the content they want through their Cogency DID and trustworthy content whose origin they can verify.

The architecture
The solution will require the development of a new wallet ecosystem, which could be done in partnership with an existing supplier (such as Polkadot), in order to build the DID solution, Cogency Engagement Graph and the Fellowship Model for each user. These, in turn, will communicate with the Content Management Systems (CMS) of the different publishers.
In this process, the consumer interacts with the publication by requesting a Verifiable Credential (VC), the digital equivalents to our identity-related documents. The consumer starts the flow (1) by using a browser or native application to access the publisher's web frontend page when setting up a subscription or membership. The publisher website drives the consumer to a form to collect initial data around permissions and interests to determine whether the credential can be issued and the customer's content. Next (2), the consumer is prompted to set up a Cogency Wallet. The publisher's web frontend calls (3) the Cogency service to generate a VC issuance request. The wallet downloads (4) the request from the link, where the request includes the DID of the publisher, the URL with the VC manifest, and the look and feel of the VC. Then (5), the wallet validates the issuance request and processes the contract requirements. Lastly (6), the Cogency verified id service returns the signed VC, which allows for the DID and associated document (and corresponding metadata) can be viewed on a url via the subject's wallet.
In total, this process allows the consumer to interact with the blockchain to get authorization to consume content securely. From there, the Cogency Fellowship Model would recognize, nurture, and incentivize content based on the consumers' engagement. During the whole process, the consumer is at the heart of every interaction owning their own identity which remains private unless the consumer states otherwise.

Next Steps
Having published its first white paper the Cogency team continues to refine the proposition. In the summer of 2023 we are building a proof of concept for the Web3 aspects of the solution and partnering with several Diagram showing the Verifiable Credential (VC) process. Source: Authors' white paper. Longer term the team hopes that the Cogency ID can be used for a variety of consumer activities and help in reallocating content-based value from digital platforms and advertising agencies back to publishers.
David Tomchak is the founder of Cogency, a technology working group, and is a multi-award-winning journalist, editor and technology leader whose experience over the last 20 + years has ranged from organisations such as the BBC and the Evening Standard to start-ups and the likes of JP Morgan. His career has also included a spell in government where he was the Head of Digital and Deputy Director of Communications