Self-Sovereign Identity (SSI): Autonomous Identity Management

Learn why Top Industry Analysts consistently name Okta and Auth0 as the Identity Leader

Self-sovereign identity (SSI) is a form of digital identity that the user has complete control over. This means that the user decides who sees what information and when. 

Digital identity is a user’s online identification, similar to a physical identification card such as a passport or driver’s license. A digital identity contains characteristics or attributes of the user. With self-sovereign identity, this sensitive identification information is kept secure and private. It is in control of the user at all times.

Self-sovereign identity uses blockchain technology. SSI systems are decentralised using a digital and secure peer-to-peer channel that relies on the triangle of trust. There are three entities in the trust triangle with SSI: the issuer of the digital ID, the owner of the ID, and the verifier of the ID. 

Unlike with other forms of digital identity, with SSI, not all of the information on the ID needs to be shared each time. This can help to guarantee privacy and security by only sharing pertinent information with the ID requestor.

Understanding self-sovereign identity

Self-sovereign identity (SSI) can help instil the same level of trust and freedom for sharing or distributing identity characteristics in the digital world as an individual has in the physical world. SSI is user-centric, which means that the user owns their own data and does not rely on a central authority to prove that they are who they say they are. 

With SSI, the user is in complete control over what information they share and with whom. By using a common identity metasystem, users are able to verify their digital identity across multiple platforms in variable locations. Self-sovereign identity is therefore private, secure, and portable.

Protocols behind SSI

SSI relies on three main protocols: verifiable credentials, decentralised identifiers, and distributed ledger technology (DLT) or blockchain. 

  • Verifiable credentials: The verifiable credentials protocol, as standardised by W3C, ensures that the statements made by the digital ID issuer are done so in a privacy-respecting and tamper-evident manner. With self-sovereign identity and verifiable credentials, techniques are used to preserve privacy using public-key cryptography and digital watermarking.

The owner of the credential can decide how much and exactly what components of the digital ID to share with the verifier, allowing them to only show what is necessary and requested. The ID verifier is then able to instantly verify the data without needing to contact the issuer of the ID.  

  • Decentralised identifiers: Typical digital identifiers rely on intermediaries to provide a connection between two parties. This can include email providers, mobile network operators, Facebook, and Google. These intermediaries store personal digital identity information in a centralised database. 

This centralised database is vulnerable to a potential data breach where threat actors can gain access to these personal credentials. The interactions between these connections are not protected either, and the user has no control over how the metadata gathered by these parties is used.

It could be used innocently, for example, to tailor ad content on your social media based on your interactions. It could also be used for malicious purposes, however. The main point is that you, as the owner of the credential, have no control over how this collected metadata information is used.

SSI relies on a decentralised identifier (DID), which can be either private or public. With a private DID, no one outside of the secure peer