Self-sovereign identity (SSI) is a model for managing digital identities in which an individual has sole ownership over the ability to control their accounts and personal data. In all models of identity management, a digital identity requires identifiers, which ensure the user is who they say they are. However, with self-sovereign identity, identifiers do not need an intermediary. This means that a user’s self-sovereign identity can be registered to a claim, such as a block on a blockchain<. The person can then share that identifying data when making a transaction with a bank, for example. Self-sovereign identity systems use blockchains so that decentralized identifiers can be looked up without involving a central directory.
One of the first references to identity sovereignty occurred in February 2012, when developer Moxie Marlinspike wrote about “Sovereign Source Authority”. He said that individuals “have an established Right to an ‘identity’”, but that national registration destroys that sovereignty. It was one of several "personal cloud" initiatives that appeared around the same time.
Individuals with self-sovereign identity can store their data to their devices and provide it for verification and transactions without the need to rely upon a central repository of data. With self-sovereign identity, users have complete control over how their personal information is kept and used.
With self-sovereign identity, a person can enter an app on their phone where their identity data is stored, then use an identification number and identity information to verify who they are. Self-sovereign identity adds security and flexibility to the user and allows them the ability to share data only when they choose.
Guiding Principles of SSI
- Existence — Users must have an independent existence.
- Control — Users must control their identities.
- Access — Users must have access to their own data
- Transparency — Systems and algorithms must be transparent.
- Persistence — Identities must be long-lived.
- Portability — Information and services about identity must be transportable
- Interoperability — Identities should be as widely usable as possible.
- Consent — Users must agree to the use of their identity.
- Minimization — Disclosure of claims must be minimized
- Protection — the rights of users must be protected
Self-sovereign identity structure
Self-sovereign identity is made up of claims, proofs, and attestations:
- A claim is an assertion of identity made by the user.
- Proofs are the forms or documents that act as evidence for a claim. So, for example, proof could be a passport or birth certificate.
- An attestation, or validation, is when the other party validates the claim is true. Attestations can be stored in the user’s device.
Some pros to using self-sovereign identity include:
- It is more secure and prevents common attacks to personal data, such as breaches.
- Data is more private.
- Users have higher control over their own data.
- The process is more efficient.
- Users do not have to rely on other identity providers who may sell and monetize your data.
Cons of self-sovereign identity include:
- Users are responsible for their own security.
- Keeping track of personal data and permissions can become complex.
- Certain data intermediaries may not be able to be removed.
- Proof data is normally unstructured and could be easily faked.
- There could be multiple identity platforms, meaning users may have to use multiple apps.
Related posts