Affinidi unveils Iota Framework for secure data sharing
Affinidi, a Singapore-based data and identity management company, has introduced the Affinidi Iota Framework, presented at the WeAreDevelopers World Congress. This framework aims to alter how individuals share data by focusing on explicit consent, allowing users to selectively share specific data points while understanding their intended usage.
In the current digital landscape, individuals often share sensitive data with third parties without transparency or control, exposing themselves to misuse, unauthorised access, and data breaches. Research supports this alarming trend. A Twilio report reveals that 60% of Asia Pacific consumers demand greater consent and communication on data usage. Additionally, a PwC study indicates a trust gap where only 30% of consumers have confidence in businesses handling their data. These issues are exacerbated by traditional data management systems that amass vast pools of individual data, creating privacy risks and burdens for developers managing extensive databases.
The Affinidi Iota Framework aims to upend this model, marking a shift towards a new era of data privacy and security. By enabling developers to request only essential data points directly from individuals with explicit consent, the need to collect and store non-essential information is eliminated. This approach allows individuals to maintain control over their data while simultaneously reducing storage burdens and minimising risks associated with data collection and potential misuse. The framework is designed to be user-friendly, offering developers templates and tools for easy setup of data-sharing processes.
Roopesh Shah, Co-Founder and CTO of Gro Club, India's first and largest bicycle subscription model, commented on adopting Affinidi's solution: "We began with Affinidi Login to simplify access to individual data through a one-click onboarding process. But with the introduction of the Affinidi Iota Framework, we are thrilled to advance beyond efficient customer onboarding, laying the groundwork for a future where every interaction is precisely tailored to individual preferences based on accurate and consented data."
The framework leverages contemporary technologies, including the DIF Presentation Exchange (PEX) protocol and OpenID for Verifiable Presentations (OID4VP) specifications built on OAuth 2.0. These instruments form the backbone of a robust, consent-first data-sharing solution. The DIF Presentation Exchange (PEX) specification, based on JSONPATH, serves as a standard query language for data exchange, enabling powerful filtering capabilities that cater to both simple and complex use cases. This approach simplifies data sharing by defining data requests with a structured syntax, enhancing interoperability across different systems.
Furthermore, the OID4VP protocol, built on the OAuth 2.0 authorisation framework, offers a secure transport mechanism for Verifiable Presentations. These presentations ensure data authenticity and provenance while mitigating risks of data breaches and fraud by sharing only the necessary, verified information. This feature maintains high security and privacy standards within the Affinidi Iota Framework.
The Affinidi Trust Development Kit (TDK), an open-source toolkit, assists developers in creating privacy-preserving applications aligning with the evolving standards. This kit provides multiple modules, including clients for identity management, verifiable credential handling, user login configurations, and supports several programming languages for seamless integration.
The Affinidi Iota Framework utilises the Affinidi Vault, a secure personal data repository. This setup ensures that data is shared only with the explicit consent of the vault owner, enhancing data privacy and security while empowering individuals with control over their information. This model simplifies real-time data acquisition, reduces complexity, and bolsters trust and transparency in data exchanges.
Affinidi aims to lead a global movement toward returning data ownership to individuals through its Holistic Identity concept, addressing the fragmentation of digital identities across various platforms. The launch of the Affinidi Iota Framework is a significant step in this direction. Glenn Gore, Chief Executive Officer of Affinidi, remarked, "In a new world where individuals can control their identity and data, we must redefine how information is shared. The Affinidi Iota Framework represents a major step forward in safeguarding privacy and consent by shifting information processing to the individual's personal data vault. Gone are the days of trusting third parties with sensitive documents like pay slips and bank statements just to open a bank account."