Self-Sovereign Identity (SSI): Autonomous Identity Management
Self-sovereign identity (SSI) is a form of digital identity that the user has complete control over. This means that the user decides who sees what information and when.
Digital identity is a user’s online identification, similar to a physical identification card such as a passport or driver’s license. A digital identity contains characteristics or attributes of the user. With self-sovereign identity, this sensitive identification information is kept secure and private. It is in control of the user at all times.
Self-sovereign identity uses blockchain technology. SSI systems are decentralised using a digital and secure peer-to-peer channel that relies on the triangle of trust. There are three entities in the trust triangle with SSI: the issuer of the digital ID, the owner of the ID, and the verifier of the ID.
Unlike with other forms of digital identity, with SSI, not all of the information on the ID needs to be shared each time. This can help to guarantee privacy and security by only sharing pertinent information with the ID requestor.
Understanding self-sovereign identity
Self-sovereign identity (SSI) can help instil the same level of trust and freedom for sharing or distributing identity characteristics in the digital world as an individual has in the physical world. SSI is user-centric, which means that the user owns their own data and does not rely on a central authority to prove that they are who they say they are.
With SSI, the user is in complete control over what information they share and with whom. By using a common identity metasystem, users are able to verify their digital identity across multiple platforms in variable locations. Self-sovereign identity is therefore private, secure, and portable.
Protocols behind SSI
SSI relies on three main protocols: verifiable credentials, decentralised identifiers, and distributed ledger technology (DLT) or blockchain.
- Verifiable credentials: The verifiable credentials protocol, as standardised by W3C, ensures that the statements made by the digital ID issuer are done so in a privacy-respecting and tamper-evident manner. With self-sovereign identity and verifiable credentials, techniques are used to preserve privacy using public-key cryptography and digital watermarking.
The owner of the credential can decide how much and exactly what components of the digital ID to share with the verifier, allowing them to only show what is necessary and requested. The ID verifier is then able to instantly verify the data without needing to contact the issuer of the ID.
- Decentralised identifiers: Typical digital identifiers rely on intermediaries to provide a connection between two parties. This can include email providers, mobile network operators, Facebook, and Google. These intermediaries store personal digital identity information in a centralised database.
This centralised database is vulnerable to a potential data breach where threat actors can gain access to these personal credentials. The interactions between these connections are not protected either, and the user has no control over how the metadata gathered by these parties is used.
It could be used innocently, for example, to tailor ad content on your social media based on your interactions. It could also be used for malicious purposes, however. The main point is that you, as the owner of the credential, have no control over how this collected metadata information is used.
SSI relies on a decentralised identifier (DID), which can be either private or public. With a private DID, no one outside of the secure peer-to-peer connection is privy to your interaction or your personal identity information. A secure channel is used that does not rely on a central authority.
Public DIDs are used to share only the information that the ID owner wants and needs to share. This is done through a secure connection.
- Distributed ledger technology (DLT) or blockchain technology: Blockchain technology is behind decentralised databases. It allows everyone within the secure network to have the same source of truth about the validity of the credentials and who attested to the validity of the data contained in the credential all while keeping the actual data private. The verification of proof is then based on the validity of the attestor.
For example, if you need to prove your age without sharing your actual date of birth, you can simply share the signature of the issuing authority of your credential, such as a government-issued ID, and the verifier can then validate that you are of age since they trust the issuer. No personal data is stored within the blockchain, and anything put in the distributed ledger (the blockchain) cannot be deleted or altered, making it immutable.
What is digital identity?
A digital identity is a user or entity’s digital identification, and it is comprised of characteristics or data attributes. This is what is used to identify a user or entity online and in the digital world.
A digital identity can include the following information:
- Username and pas