What is Self-Sovereign Identity?

What is Self-Sovereign Identity?

by Linus Naumann

You are someone.

The world has stepped into a new age of digital connection. Our lives, societies and economies are now fully mingled with the digital world. This also means that both our digital and physical lives have something important in common, they rely heavily on our personal identity. Be it meeting with friends and family, finding job opportunities or romance, it is important for us to be able to show to others who we are.

However, our identities are not one single “thing”. Instead, they are complex constructs, consisting of not only our personal information, like our names, age, gender, or appearance, but also our qualifications and credentials, including job positions, memberships, and so much more. Our identities can look very differently to others, depending on the context of our interactions. In some situations, our names don't matter, but our vaccination status might do so. In yet other situations the only important information about us might be if we own some event ticket or are older than a certain minimal age.

Whenever such information about us gets used on the internet or via electronic devices, we call it our digital identity.

The problem: We currently don’t own our digital identities

As of today, people on the internet have no immediate control over the entirety of their digital identities. In fact, all the important data about us is generally stored and aggregated across a few corporate and government databases. From here our data is regularly sold or exchanged, and often becomes the target of hacking or data leaks, in most cases without our expressed permission and without any share of the profits of such exploits.

Ironically, even though the current system sifts through our digital existence and eats into our privacy, it is currently not possible to create a true digital representation of ourselves. The key roadblock here is the lack of trust, which is a direct result of these unequal power structures. Important real-life credentials, like passports, job qualifications and health-data can currently not be part of our digital identity until trusted issuers such as governments and authorities engage in an interoperable digital identity system. As a direct consequence, our digital identities remain somewhat incomplete and require us to still rely on physical documents and third-party verifiers to store sensitive data. Physical documents however can easily be lost, stolen, or even forged by criminals and are becoming increasingly inconvenient in many everyday circumstances.

Own yourself with Self-Sovereign identity

Over the past decade a technology has evolved which can offer a way out of these currently centralised digital identities: distributed ledger technology (DLT), more commonly known as blockchain technology.

DLTs are one technology that allows users to fully control their digital assets and data, including crypto currencies (like Bitcoin or Ethereum), NFTs, and, less known to many, also Decentralised Identifiers (DIDs), one of the building blocks of Self-Sovereign Identity (SSI). SSIs that are based on DLTs (sometimes referred to as “decentralised identities”) offer users full control and ownership over their identity. Using a SSI users have full control over when, where, and how their data is shared, and with whom.

We could go as far as to say SSIs can fully re-create our own physical wallets in the digital space. Enabling us to not only carry digital currency, but also digital records of our ID-cards, drivers’ licences, health-insurance, and other personal documents.

And it doesn't stop there. From school degrees, job-certificates, car-ownership documents, movie-tickets, or simple coupons for the local supermarket, all can now lie in the palm of our hand in the digital world. They can all be linked to a decentralised identifier (DID), which is a unique piece of data on a DLT that is under full control of its owner.

Security and privacy standards are achieved by storing all sensitive data only on the device of the user or with chosen trusted entities. SSI using DLT is in fact a decentralised system that allows all parties involved to easily sign, share, and verify these documents, all whilst allowing the identity holder to choose with whom, when, and where these documents are shared.

Just like with physical cards, our digital cards, called verifiable credentials (VCs), can be shown to others whenever we choose to do so. These VCs are statements from one entity about another identity, for example “Government A states that this identity belongs to John Doe” or “Event organiser X says that this identity is the owner of an event ticket”. Since these credentials are cryptographically signed by their issuers, others can easily verify their origin and check if they come from the correct source. For example, claims about citizenship might only be believed if they were signed by the government, whereas a certain event ticket would need to be signed from the respective event organiser to be accepted.

This fundamental interaction between the issuer of a credential, the holder of the identity and the verifier that checks the validity of that VC is called a trust triangle. When using SSIs, instead of current day centralised digital identities, this whole process works without any third-party entities other than the three protagonists of that specific triangle of trust (see “The airport example” below).

This basic scenario also highlights the limits of digital trust: Yes, a verifier can be sure that any given VC was issued by a certain issuer. However, at the end of the day he also needs to believe in the real-world trustworthiness of that issuer. For example, nobody would simply believe some random stranger´s statement that another stranger is the owner of an event ticket. This statement would only be believed if it comes from the event organiser, traditionally in the form of physical tickets or QR codes. For this reason, SSI still needs real-world trust- and governance frameworks, backed-up by legal standards and enforcement, in order to unfold its full potential.

SSI´s in practice - the airport example

Imagine you would like to take a flight from your local airport. Nowadays you would be required to bring your passport, flight tickets, and potentially other documents like vaccination pass, medical information, insurance, or visa – a messy mix of physical documents, printouts, emails, and QR codes.

This looks very different when a decentralised identity infrastructure is in place. Within one single identity wallet application, verifiable credentials can replace all of these documents and through the simple sharing of QR codes or exchanging a few NFC scans, you can pass each checkpoint, with airport personnel verifying the origins and validity of your credentials in seconds.

Scenario: Alice has a "passport verifiable credential" from her government and shares it with the airport personnel. The airport personnel checks on the DLT if the credential was indeed issued by the government by comparing Alice´s verifiable credential with information stored on a governmental server.

Entry to SSI through dApps

For the everyday person, using decentralised identities will start by downloading an identity wallet app. These are easy to use apps that can perform all important functions to secure your Self-Sovereign Identity with just a few clicks. Within these decentralised applications a user will be able to secure and manage their identity and credentials, retaining full control and ownership of their data, creating a privacy compliant solution that supports trust and security.

An SSI Wallet may provide the following functionality, for example:

  • Creating new decentralised identities
  • Displaying well-arranged overviews of an identity's verifiable credentials.
  • Sharing verifiable credentials with others either online, via NFC, or QR-code.
  • Verifying the credentials of others.
  • Issuing verifiable credentials to other identity holders.

An example identity wallet (Vira by Tangle Labs).
An example identity wallet (Vira by Tangle Labs).

Decentralised identities and SSIs are currently spearheaded by visionary tech-providers and international organisations. Although the technology is new, more and more user-friendly identity wallets are being released and the interest surrounding SSI is steeply rising.

This new technology lies now at the beginning of an exciting journey that will reward its pioneers and early adopters around the globe, with the vision of a fair and secure internet of everything on the horizon.

The endgame of decentralised identities and SSI goes far beyond just representing people. Organisations like governments, companies, and sports-clubs can be represented by SSIs as well as objects like machines, cars, and even consumer products. In short, the potential use of digital identity encompasses every scenario in which the identity and information surrounding someone, or something matters in any way.