The Beginners Guide to Self Sovereign Identity 2021

The self-sovereign identity eutopia. A trusted internet. No more passwords or data filling. One identity across ecosystems for every user and organisation.  

What is self-sovereign identity? 

In today’s world, identity is mainly managed by centralised systems without users and identity owners having full control of their personal data. Many accounts and passwords are required in the digital landscape especially if you want to use third party services such as social media, shopping online or any other platform that requires users to create an account.  Self-sovereign identity is changing this approach and individuals as well as organisations now have the ability to become owners of their own personal data. According to Sovrin, self-sovereign identity (SSI) is:

“A term used to describe the digital movement that recognizes an individual should own and control their identity without the intervening administrative authorities. SSI allows people to interact in the digital world with the same freedom and capacity for trust as they do in the offline world.”

Although this is a hard concept to understand for many, the decentralised technology available today has the potential to allow us to do just that. It’s important for any company associated with self-sovereign identity to understand and take into consideration the below 12 key principles: 

  1. Representation
    Have the ability to provide the means for any entity to be represented by any number of digital identities.
  2. Interoperability
    It should allow digital identity data of an entity to be represented, exchanged, secured, protected, and verified interoperably using open, public, and royalty-free standards.
  3. Decentralisation
    It should not rely on a centralised system to represent, control, or verify digital identity data.
  4. Control and agency
    The empowerment of digital identity data should belong to it’s owners (identity rights holders). They should have the ability to control personal data and exert this control by employing and/or delegating to agents of their choice.
  5. Participation
    It should not require an identity rights holder to participate.
  6. Equity and inclusion
    It should not discriminate or exclude identity owners within its governance scope.
  7. Usability, accessibility and consistency
    The ecosystem should maximise usability and accessibility of agents and other SSI components for identity owners, including consistency of user experience.
  8. Portability
    It should not restrict identity owners to move or transfer a copy of their digital identity data to the agents or systems of their choice.
  9. Security
    The ability to empower identity owners to secure their digital identity data at rest and in motion, to control their own identifiers and encryption keys, and to employ end-to-end encryption for all interactions.
  10. Verifiability and authenticity
    The empowerment of identity owners to provide verifiable proof of the authenticity of their personal data.
  11. Privacy and minimal disclosure
    The empowerment of identity owners to protect their own digital identity privacy and to share the minimum digital identity data required for any particular relationship or interaction.
  12. Transparency
    Ability for identity owners and all other stakeholders to easily access and verify information necessary to understand the incentives, rules, policies, and algorithms under which agents operate.

Centralised vs decentralised ecosystems

Digital Identity has always been treated from a view of an organisation and that the organisation has to manage it (centralised systems) and not from the perspective of the user, who actually is the owner of the identity (decentralised systems). Here’s a comparison infographic to explain the difference between centralised and decentralised ecosystems.

Benefits of self-sovereign identity

There are many benefits when it comes to self-sovereign identity for all entities including identity owners and organisations. Here are top 3 for each: 

Benefits for identity owners

  • Anonymity and privacy
    Full control and ownership of personal data using zero-knowledge proof DIDs (credentials) eliminating data misuse and strengthening security.
  • Enhanced user-experience 
    According to research by NordPass an average person has 70-80 passwords to remember.  A self-sovereign digital ID has the possibility to eliminate passwords and improve user experiences via personal data management platforms. There’s an ability for identity owners to manage all relationships in a single platform.
  • A recognised digital ID
    Using decentralised credentials and verifiers, there’s possibilities to create recognised digital IDs globally. 

Benefits for organisations

  • Reducing online fraud and cybercrime
    Ability to reduce online fraud and cybercrime with decentralised technology using zero-knowledge proof DIDs (decentralised identifiers).
  • Enhancement of regulatory compliance
    Regulators don’t have to figure out whether or not an application falls under the right jurisdiction. Self-sovereign identity systems have the ability to provide developers with built-in compliance while improving existing tools such as authentication and on-boarding.
  • Reducing possibilities of data breaches
    With self-sovereign identity an individual becomes the only entity that can authorise access to certain information, and that this data is no longer scattered around the digital landscape. This reduces the underlying reason for most data breaches that happen within organisations. 

Challenges of self-sovereign identity

Early adoption
The industry standards and governance around the world for digital identity definitions and implementations are still evolving merely driven by the World Wide Web Consortium (W3C). Although the future and vision is clear in many countries, regulations around self-sovereign identity are still in early adoption. 

Reliance on trusted authorities
There is still reliance on trusted authorities to validate and issue verified credentials such as financial institutions, government authorities and other trusting organisations. Users are still required to obtain verified credentials from trusted authorities and store it in a secure wallet on their device before they can transact with the digital world.

The scale challenge
Online identity systems are based on many business relationships and technical integrations to root trust authorities. Partnerships are therefore key. 

iDentifymi are continuously looking for trusted key partners to issue credentials as well as verify credentials. Get in touch today to find out more

How blockchain can solve the identity dilemma

In an article from ComputerWorld on “How blockchain makes self-sovereign identities possible” Phillip Windley covers four key features that an identity system must have: 

  1. Persistent
    Identifiers in a self-sovereign identity system are long-lived, non-reusable and owned by the person who creates them. People as well as organisations need them.
  2. Peer-based
    People are in control of the relationships they form and the information they share. It is a peer-to-peer based approach instead of client-server based.
  3. Privacy protecting
    The identity owner becomes in control of personal data and how and with whom it is shared.
  4. Portable
    Identifiers and associated credentials must be portable and self-sovereign identity systems must be interoperable to protect choice and control.

Summary 

Self-sovereign identity is up and coming. Although it’s still an emerging industry with challenges, the potentials are limitless. Anonymity and privacy, reduced online fraud and cybercrime as well as the possibility to have a globally recognised digital ID are only some of the key benefits.

If you are looking for partnership opportunities or would like to further understand how iDentifymi is tackling the problems of self-sovereign identity get in touch today.

identifymi-self-sovereign-identity-strategy-cta