Self-Sovereign Identity (SSI) is a set of information about an individual that he or she can manage, share with any private person or public institution, and revoke access to at will.
The SSI system is based on decentralized technological architectures and is designed to prioritize security, privacy, individual autonomy, and the user’s ability to self-actualize.
What are the possibilities of Self-Sovereign Identity (SSI)?
SSI enables the creation of a universal lifetime digital identity and identification data independent of centralized providers. The economic benefits of this technology can be gained through the following unique features of SSI:
- Reduced cost of document issuance and verification…
- Information standardization – implementation of universal data standards.
- Anti-fraud – cryptographic signatures are hundreds of times more secure than physical signatures.
- Decentralized storage of encrypted data is less vulnerable than giant centralized databases.
- Unification of contexts – The ability to combine and combine data from different sources at the software level for content verification and auditing purposes.
- Instant data privacy checks-customers can control access to their information so SSI systems can meet data protection requirements
- Personalization – Users can create a portfolio of preferences or accomplishments and receive personalized services through it.
What problems does Self-Sovereign Identity (SSI) solve?
Data Fragmentation
The interconnected digital world requires a new kind of document – open and accessible to any user, natively digital, accessible on a personal computer or mobile phone, persistent, verifiable, and independent of any vendor.
As an alternative to social networks, banks and government agencies, SSI offers a universal solution capable of integrating multiple applications and enabling data sharing.
The prescriptive nature of the standards makes them easier to adopt and reduces maintenance and development costs. Unlike traditional models that require the installation of hundreds or thousands of APIs, SSI allows for the installation of a single document schema that is immediately available to any third party. Although the schema is public, any personal data can only be shared with the explicit permission of the owner.
Another benefit of aggregating isolated data storage systems is that it allows you to take advantage of raw data. For example, a worker who always arrives at work on time can prove his punctuality to a prospective employer. A high school student who has completed thousands of homework assignments can build a personalized learning strategy for college.
Inefficient document processing
Typically, the value of a credential lies not in the content of the document, but in the services, products, and opportunities available to its owner. For example, to find a job or get a research grant, you may need an educational credential; to get a credit card or open a corporate bank account, you may need financial information, and so on.
To make services faster and more convenient, bureaucratic systems need to be automated. The verification and collection of identification data and the processing of documents should be done by an algorithm, not a person. Automation streamlines, modernizes, standardizes, and speeds up the process and solves the problems of corruption, discrimination, and personal bias.
As the number of bureaucratic systems using verifiable identities and SSI grows, trust in the process will increase. For example, after a bank completes a business reputation and KYC compliance check, a customer can use the results to obtain another service from another organization, provided that organization trusts the bank.
Data Standardization
To further scale and automate existing trust systems, it is necessary to implement a standard that is native to both humans and machines. As the number of documents created and verified by software increases, so does the need for standardized, machine-readable data formats.
Data standardization also solves the problem of integrating disparate data providers and verifiers. Instead of creating mutually unique API integrations-an expensive and time-consuming process-an entire industry or country can adopt a common data format backed by verified identities.
Data Privacy
End-users and regulators are increasingly concerned about privacy. Companies are being forced to comply with regulatory requirements – the California Consumer Privacy Act, the European Union’s General Data Protection Regulation, the U.S. Federal Information Security Management Act, and many others.
Compliance with the EU General Data Protection Regulation will cost Fortune Global 500 companies $7.8 billion annually, while compliance with the California Consumer Privacy Act will cost U.S. companies $55 billion.
SSI’s technology enables all privacy protections: transparent data use, right to be forgotten, auditing of data use, management of regulatory approvals through version control systems.
In the digital age, SSI can be a solution to the problem of “surveillance capitalism”. If users are able to control their personal data and choose who to share it with and when to revoke access, that data cannot be used for criminal purposes. Internet companies will not be able to monetize their users without their explicit consent. In addition, they will be required to share profits with their users. Online business will change the paradigm: it will move from trying to get as much user data as possible to providing a better service.
How did Sovereign Identity (SSI) emerge?
According to a number of scholars, the concept of sovereign identity emerged as a result of an attempt to implement the Westphalian system of international relations at the individual level. This system emerged in Europe on the basis of the Peace of Westphalia, an agreement that summarized the Thirty Years’ War, which ended in 1648. The core principles of the Peace of Westphalia-sovereign statehood, self-determination, and direct self-government-remain in force today.
The ideological forerunner of SSI was the concept of self-sovereign authority. Its proponents believed that the possibility of independent (sovereign) self-government was an “innate” feature of human nature. It was present even before the emergence of the process of “registration” that makes participation in public life possible. The act of “registration” implies that the existence of identity requires a socially controlled process of administration. In this process, society is seen as the owner of identity and the individual as a kind of product of socio-economic administration.
Identity management is key to achieving digital sovereignty, the ability of individuals to make informed and independent actions and decisions, and to control their own data, devices, software, computing and other technologies.
The term sovereign identity is often used interchangeably with terms such as decentralized identity and digital identity.
Digital identity, which is expressed and stored digitally, began to develop with the invention of the Internet. Domain names, email addresses, social networking accounts – these are examples of digital identities that have become indispensable to modern life.
How does the SSI architecture work?
Digital Identity consists of three elements: a Decentralized Identifier (DID), an Authentication System, and a Verifiable Credentials Certification System.
In addition to these elements, SSI includes DKMS – Decentralized Key Management System. It is used to manage private keys using a digital signature.
Decentralized Identifier (DID)
DID is a machine-readable identifier for any person, organization or object. It can be used to validate control of a digital identity and to issue or receive verifiable identifiers.
A user may have multiple identifiers (for business, for government, for close friends). Identifiers are typically free, easy to create, and easy to control.
Verifiable credentials
Verifiable credentials are documents and facts issued by one DID issuer and then forwarded to another (the owner). The issuer and owner can be the same entity, but usually are not. Depending on the usage scenario, verifiable credentials can be either the simplest piece of data (confirmation of an email address, phone number, or physical address) or a relatively complex structure such as a bank statement.
The four elements of SSI form a stack architecture:
- The first layer is where identity fixation takes place;
- The second layer interacts with the underlying distributed registry and stores user credentials and private keys;
- The third layer uses the second layer data to authenticate the user identity.
- After successful authentication at the Verifiable Credentials layer, various credentials can be sent to verify the user’s identity. The interaction of the layers is similar to the operation of a set of TCP/IP protocols. Each layer has its own set of protocols and specifications.
What types of SSI organizations exist?
Because SSI requires close interaction and coordination of protocol sets, the progress of the technology depends on a unified specification and a well-designed protocol. These can be provided by non-profit profile organizations such as
- Rebooting Web of Trust (RWoT);
- W3C Credential Community Group (W3C CCG);
- Decentralized Identity Foundation (DIF);
- Internet Identity Workshop (IIW).
These organizations have been working productively for five years. The most active of them is RWoT. Since 2016, the organization has published 56 white papers, as well as numerous technical specifications and open source code.
RWoT technical specifications have been submitted to the W3C and IETF for further specification. The draft DID specification is largely based on the work of RWoT (even the term SSI itself was created in RWoT).
