Dictionary

Self-Sovereign Identity

What Is Self-Sovereign Identity?

Self-sovereign identity is the concept of a digital identity that an individual manages in a decentralized manner, without third parties storing their data. The individual controls their own data instead. It is the digital equivalent of a person taking their physical ID card out of their wallet to confirm their identity, then putting it back once done.

Data privacy and security are at the heart of self-sovereign identity (SSI), as is making it easy for individuals to verify their credentials. The control of those verifiable credentials sits with their owner: the individual.

The concept of self-sovereign identity is key to the evolution of Web 3.0, with its focus on decentralization and greater data privacy. It is in contrast to the current model, where centralized identity mechanisms (such as Google through Google Sign-In, and Facebook through Facebook Connect) store and control individuals’ identity data.

How Does Self-Sovereign Identity Work?

SSI works by establishing trust between those who issue, hold, and verify identity data. The data holder – the individual – uses a digital wallet on their mobile device, in which they hold their verifiable credentials. A verifiable credential could be a driver’s license, a passport, a degree certificate, ownership of a bank account, and a whole range of other credentials. Some of these have direct physical equivalents; others do not.

The individual can choose which of these credentials they disclose when asked to confirm their ID. Essentially, they are their own sovereign nation when it comes to what they share and with whom (hence the name, self-sovereign identity).

When they need to do so, the individual can generate unique decentralized identifiers (DIDs) to create private, secure, peer-to-peer connections with the organization(s) or any other entity that they wish to share their data with. The DID provides a public key for verification, along with authentication methods, service endpoints, a timestamp, and a signature (private key).

Underpinning all of this is blockchain technology. The blockchain provides the ability for all those who are issuing, holding, and verifying data to access the information they need.

Enrich Your Data with SEON

Stay compliant with the laws in your industry while learning more about your customers with data enrichment from SEON.

Find Out More

Origins of Self-Sovereign Identity

The SSI model emerged in 2015, as blockchain technology – and our understanding of what it could enable – continued to grow. Also referred to as decentralized identity, SSI was promoted by the FIDO Alliance as a method of moving away from account-based identity models.

By combining elements such as digital credentials and private, secure, peer-to-peer connections with a digital wallet, SSIs presented a transformative way for individuals to manage their digital identity.

Principles of Self-Sovereign Identity

Data privacy, security, and freedom sit at the core of self-sovereign identity. SSI also incorporates a range of other principles:

  • Autonomy: The individual has the freedom to choose what they share and with whom.
  • Consent: The individual can consent to the use of their data in each instance.
  • Control: The individual controls who accesses their identity data, and they can access all their own data.
  • Persistence: Identity data should be available to organizations for as long as the individual desires.
  • Portability: The individual should be able to transport their identity, just as they can their physical wallet.
  • Security: The individual must be able to share their ID data securely.

Other principles have developed as the use of SSIs has become more widespread. For example, there is the principle of interoperability, which means that individuals should be able to use their self-sovereign identity as widely as possible. This principle has underpinned the development of several national and regional SSI systems.

National Digital Identity Systems

Initiatives are underway around the world to explore the provision of SSI systems at scale. Groups such as the Sovrin Foundation are calling for a focus on governance, community, operations, and adoption, as well as technical SSI standards. Meanwhile, leading tech companies, national governments, and inter-governmental authorities are all pushing SSI schemes forward, with the issue of interoperability key to many of their agendas.

One of the more advanced examples of SSI in action can be found in the European Union (EU). The EU has created the European Self-Sovereign Identity Framework (ESSIF), which makes use of DIDs and the European Blockchain Services Infrastructure. The framework complies with the EU’s electronic identification and trust services (eIDAS), providing member countries with opportunities to progress their SSI work.

One of the first to grasp the potential of SSIs in the EU was the autonomous state of Catalonia, which announced plans for SSIs for its citizens back in 2019. Estonia is another EU member that is leading in the SSI space. By 2019, it had a highly developed national digital identification infrastructure, embracing blockchain technology, alongside e-governance, e-tax, internet voting, and more.

Initiatives such as the International Association for Trusted Blockchain Application are also driving forward the self-sovereign identity agenda at a cross-border level.

Examples of Self-Sovereign Identity

Just as a physical ID can be used for a range of purposes – anything from verifying an individual’s name and address when they apply for credit to confirming their age when buying a beer – self-sovereign identity has a wide range of use cases. Some SSI examples include the following:

  • Healthcare: An individual can share their identity and medical history data with healthcare providers for greater efficiency.
  • Recruitment: Instant verification of academic qualifications and other identity details can lead to faster recruitment processes.
  • Commerce: Businesses can verify shipping credentials, documents, company details, and more using SSI technology.
  • Non-fungible tokens (NFTs): An individual can prove that they created or own an NFT using their SSI.
  • Site access: Employees can use verifiable credentials to access offices, while employers can issue temporary credentials to those who need to use the premises for a limited period (such as building contractors).
  • E-governance: Governments, both local and national, can use SSI to enable individuals to access their services online.

Self-Sovereign Identity Wallet

A portable SSI wallet enables an individual to carry their credentials with them using their phone or another digital device. It is the SSI equivalent of a physical wallet, which an individual can use to store their driving license, ID card, and so on.

Verifying Credentials in a Self-Sovereign Identity System

Using an SSI wallet means that people can carry their verifiable credentials around with them. They can then select the credentials they wish to share at any particular moment.

Pros and Cons of Self-Sovereign Identity

ProsCons
Lower costs through greater efficiency for businesses that use SSIs to identify employees, recruitment candidates, patients, service users, and so on.Lack of interoperability, meaning individuals and businesses may end up using multiple platforms and apps.
Reduced risk of fraud thanks to trust framework provided by verifiable credentials.Security concerns, as individuals are responsible for keeping their mobile devices (and thus the data accessible when using them) secure.
Reduced risk of loss of data to cyberattacks, as businesses won’t have to store individuals’ identity data.Loss of access, as a lost phone or a dead battery can mean an individual loses their ability to verify their identity.

On balance, those who support the growth of SSI technology feel that the pros of giving individuals control back over their own identity data, and the efficiencies in business operations that this can deliver, far outweigh the cons.

It is estimated that identity fraud cost businesses in the US $56 billion in 2021, with the Federal Trade Commission Consumer Sentinel Network receiving reports of 1.4 million identity thefts during the year. Implementing SSIs has the potential to reduce this figure significantly.

Self-Sovereign Identity Standards

Technical standards, such as the OpenAPI Specification and OpenTelemetry standards, can support greater interoperability and efficiency. Some of the most important SSI standards include the below.

W3C DID: Decentralized Identifiers (DIDs) v1.0This uses a common data model and specifies criteria such as DID operations and processes.
W3C: Verifiable Claims Data Model and Representations 1.0This relates to the control and use of verifiable identifiers.

While standards such as these help with issues such as interoperability and scale in the development of SSI frameworks, not everyone is keen on them. Google, Apple, and Mozilla all raised objections to the W3C DID standard in 2021 – although it’s unsurprising to hear of pushback from organizations whose models include monetizing individuals’ identity data.

Working groups under the leadership of the Decentralized Identity Foundation and the Trust Over IP Foundation continue to develop a range of further SSI standards.

How Does It Fight Fraud?

The use of DIDs and blockchain technology provides individuals with a secure, private way to control their identity data. Blockchain transactions cannot be changed – not unless hackers corrupted at least half the nodes simultaneously, and there are far easier and faster ways for fraudsters to make their money. As such, SSIs provide far greater protection against fraud.

The fact that individuals’ data no longer needs to be stored by a wide range of third parties also reduces the potential for fraud. Given that 27 million consumers in the US fell prey to identity theft scammers in the US in 2021, the more that can be done to use SSIs to fight fraud, the better.

From a corporate efficiency perspective, SSIs can also be used to support thorough but rapid Know Your Customer (KYC) checks. KYC is a key way that companies can help to fight fraud and ensure compliance with legislation such as the 6th Anti-Money Laundering Directive (6AMLD). Using verifiable credentials can help to streamline the KYC process. This can help businesses to fight fraud while reducing friction for their customers – as well as helping businesses to avoid any 6AMLD breaches that could result in them being fined.