You have an online identity as a user, but you don’t own it. Although Google and Facebook know your name and email and sometimes track your location, you have no control over this information. These details are stored in their data silos, where they can do whatever they want with them. There is a limitation of Web 2.0 federated identity management systems, where users’ data is stored in central servers, giving tech giants total control over this data.
What Is Self-Sovereign Identity (SSI)?
SSI is an emerging technology that aims to revolutionize the digital identity ecosystem. Unlike traditional centralized databases, SSI gives users complete control over how their identity and digital footprints are stored and handled. With self-sovereign identity, users own their information and can specify how much information is released to a website, application, or service, which ultimately protects them from large-scale hacks of centralized servers that can lead to identity theft and fraud.
One of the key benefits of SSI is that your mobile phone can be one of the devices that hosts or stores your identity and personal information. This way, your personal data is always at your fingertips, and your mobile device can act as your new ID card or like a wallet that contains various credentials that can be presented for verification as needed. But the question remains: is SSI secure? Won’t this lead to an increase in fake IDs and fake credentials? In fact, the reverse is true; read on to find out more.
Why The Need For SSI Is Non-Negotiable
Data stored in a centralized system is vulnerable to hacking and can be unreliable when needed the most. Moreover, it takes longer to verify credentials, resulting in an increased number of fake IDs and unchecked certifications. However, self-sovereign identity (SSI) is solving these problems and more. It’s not just about handing control of data back to users.
Currently, credentials require users to open their wallets and retrieve an ID to access a service that requires verification. But how can one ensure that the identification is genuine and not forged? Some organizations try to verify the validity of the ID from the central online database, but sometimes the absence of an internet connection makes this impossible. In other cases, the website/server cannot be reached, so the vendor or entity has no choice but to accept the ID, hoping it is valid.
These scenarios happen multiple times, leading to the unnoticed presence of fake credentials. In the worst-case scenario, a database where IDs are to be authenticated could be hacked to introduce more fake IDs, leading to a compromised central server or database.
Federated identity management, handled by government-centralized systems and tech giants such as Facebook, Twitter, and Instagram, is contributing to the rise in fake IDs, identity theft, and identity fraud. SSI is revolutionizing the identity ecosystem, which is estimated to be worth one billion dollars in 2024. Several industry experts predict it will become the next trillion-dollar market within a few years. However, concerns about its security have been raised. The frameworks that make up self-sovereign identity, known as the pillars of SSI, are proving to be a secure solution to combat the global identity theft epidemic, which is worth billions of dollars.
The Pillars of Self-Sovereign Identity (SSI)
Any data or internet footprint traceable to an individual or entity is referred to as a digital identity. With centralized identity management, data can easily be traced, but with SSI, users’ information can be used in unrelated patterns, providing more privacy. As a result of SSI’s three pillars, fraud-proof identity and credentials are created. This technology is so detailed and unique that credentials cannot be tampered with yet are not stored centrally. Additionally, the owner’s real-world identity can be easily verified through a blockchain-powered Uniform Resource Identifier (URI), called Decentralized Identifiers (DIDs). Below are the three pillars of SSI:
- Decentralized Identifier (DIDs)
- Verifiable Credentials (VCs)
Decentralized Identifiers (DIDs)
DIDs, or Decentralized Identifiers, are a type of Uniform Resource Identifier (URI) that are globally unique and built on decentralized databases. Unlike third-party identifiers that use centralized databases, DIDs use the blockchain framework, which is decentralized. This means that individuals can be identified and verified on the blockchain, without relying on a central authority.
One of the key features of DIDs is that they are based on encryption and decryption technology, making them cryptographically verifiable. Furthermore, DIDs do not contain any personally identifiable information (PII), which enhances privacy and security. DIDs are created, owned, and controlled by users and are independent of any organization. Check out this extensive article about Decentralized Identifiers (DIDs).
Verifiable Credentials (VCs)
Verifiable credentials (VCs) offer a more secure and tamper-evident means of digital credential presentation than simply converting physical copies into digital copies. VCs are cryptographically enabled digital credentials that rely on digital signatures to ensure validity and authenticity. This means they cannot be forged or faked without proof of tampering, making them highly secure.
VCs can be presented to organizations or verifiers as a new form of digital credential. The validity and authenticity of VCs can be verified directly from the issuer within seconds, making them a highly efficient means of digital credential verification. The issuance, validity, and authenticity of verifiable credentials are all managed by an ecosystem called the “trust triangle of verifiable credentials” or the “three participants of SSI.” This ecosystem includes the holder, issuer, and verifier, all of whom play a critical role in ensuring the security and authenticity of VCs. To learn more about verifiable credentials, check out this extensive article.
Verifiable credentials and decentralized identifiers are closely tied to blockchain technology, which makes self-sovereign identity (SSI) secure, private, and accessible anywhere and anytime. Blockchain is a decentralized database or ledger shared across a network of computers globally, known as a blockchain network. Each computer in the network is called a node, and together they form a continuously active network that records information in a distributed manner.
The blockchain system is an excellent example of a distributed ledger technology (DLT) because it is impossible to alter data stored on a blockchain through the backdoor. This is due to the blockchain system’s design, which makes it impossible to hack or cheat the system, even with the most powerful supercomputer in the world. This is because you would have to hack all the connected nodes of thousands of computers scattered globally, which is practically impossible.
Information on the blockchain is stored in blocks, with each block containing information about the previous block, known as a “cryptographic hash,” as well as a timestamp and transaction data. These pieces of information are verified through computing before being added to the existing blocks. Adding new blocks to the previous blocks forms a chain of blocks, hence the name “blockchain.” The information stored in these blocks is immutable and cannot be backdated, denied, or destroyed. Blockchain technology is the foundation for self-sovereign identity (SSI), making it the best development for identity management.
The Benefits of Self-Sovereign Identity (SSI)
American Association of Retired Persons (AARP) released a report about the victims of identity theft losing over $50 billion in 2021. Thousands of credit/debit cards were compromised, and personal information was stolen from millions of people. The Federal Trade Commission (FTC) also published some identity theft cases based on reports lodged by consumers.
Many signs indicate the need to migrate to a more secure identity system urgently. With SSI, users have more control over their online identity and credentials, keeping their data away from bad actors. The benefits of SSI aren’t limited to individuals; organizations and developers can also benefit. The following are a few SSI benefits:
- Neither your personal data nor your online footprint is stored on a centralized server.
- You have complete control and ownership of your identity without relying on a third party.
- Digital wallets allow you to own your decentralized identifiers (DIDs) and fully manage your data.
- The data you share and with whom you share it is your decision, and you can remove an entity’s access at any time.
- Sharing excess and unnecessary data will stop as you can now share the exact information a service needs (e.g., you can supply proof of name if that is the only information needed. As a result, the vendor/entity requesting doesn’t see other sensitive information, like your address and age, which would’ve been unavoidable if you presented your international passport, medical card, student ID, etc..).
- Through SSI, you can log in to websites and apps using your digital wallet, so you won’t have to memorize passwords for multiple apps and websites. Using similar passwords across multiple websites protects you from easy hacks.
- Credentials can easily be issued, fast and simple.
- Reduced inefficiency and costs of credentials issuance and verification. Credentials can now be verified instantly instead of taking days or weeks, which reduces the human resources needed, resulting in cost savings.
- Created credentials are more secure and fraud-proof through public key cryptography.
- Credentials can be verified regardless of whether the issuer is still active or no longer exists online.
- Developers can build apps that rely on SSI-powered digital wallets for login, thus eliminating the need for passwords and giving users faster access and a better experience.
- Using inefficient two-factor authentication methods such as text or email is eliminated.
- Digital identities can be kept private and controlled with selective identity disclosure technology.
- Data are fetched or requested directly from the user instead of the third party.
- A peer-to-peer channel allows the ID issuer, the ID owner (holder or user), and the verifier of the ID to exchange data securely in a way that even the SSI system provider does not know what data is being exchanged.
The Three Participants of an SSI System
SSI system consists of three parties that make a credential credible and valid, just as it is in traditional credential issuance and presentation. For example, a university issues a result for a graduating student, who then presents it to a company for a job application. Three parties are involved in this traditional process: the university, the student, and the company that wants to hire the graduate. These three participants are known respectively as; the issuer, the holder, and the verifier. The three participants of SSI are also referred to as the “Trust Triangle” in the Verifiable Credential Ecosystem.
- The Issuer — The organization or authorized individual that issues a credential to a user is called the issuer. This entity can be a university, high school, healthcare center, government agency, bank, or individual.
- The Holder — The receiver of the credential issued by the issuer is the second participant of the SSI system. Using the earlier illustration given above, each student that receives the certificate issued by the University is a holder (i.e., the owner, the user). Holders have complete control over who they share their credentials with. The user can also revoke the access of any group to which the credential was previously shared.
- The Verifier — This entity or organization receives the credential after a request from the holder, and they instantly make a verification request to the issuer. Verifications are done immediately without any phone call or email to the issuing organization (the issuer).
The Function Digital Wallet
Blockchain-powered digital wallets serve as secure and decentralized storage for users’ identities and verifiable credentials. As opposed to centralized identity management systems that send credentials to users’ email addresses or tell them to download the PDF version. Users’ credentials are stored in digital wallets, completely under their control. With digital wallets, users have their credentials at their fingertips. They don’t have to worry about the credential’s security or losing it.
Additionally, when verifiers request IDs, information, or credentials, the request is sent to the digital wallet, where the user can accept or reject it. One of the other functions of the digital wallet is the ability to log in or access other websites and apps without the need for multiple logins and password brouhaha.
Ten Principles of Self-Sovereign Identity
In 2016, Christopher Allen wrote about Self-Sovereign Identity with a list of guiding principles to which any SSI system must adhere. A quick summary of these principles is listed below in support of all you’ve read above:
- Existence — Users must have an independent existence; that is, the digital identity should and must result from a physical entity or individual.
- Control — The management of the identity must be under the control of users, not a third party or an affiliate. The user must have ultimate control over the level of access the requesting entity (verifier) has.
- Access — Users must always have access to their data. This is crucial because identities under a federated identity management system are at the mercy of the third-party service provider as they can decide to delete it anytime or block the users’ access due to an issue.
- Transparency — The SSI identity management network used to serve users must be transparent. The algorithm used must be open-source so that its operation, management, and updates can be viewed and examined by anyone.
- Longevity — Identities must be persistent, long-lived, and preferably last forever, but if this forever-permanence isn’t guaranteed, the lifespan of the identity must be at the owners’ discretion, not the SSI identity network.
- Portability — Identities must be transportable, i.e., information and services about identities must be portable. The ability to move one’s details to another SSI service provider without losing any data must be embedded into the system. This further emphasizes the importance of ensuring that users’ identities and data aren’t subject to third parties.
- Interoperability — Users’ identities must operate in a “plug and play” manner, meaning identities should be as widely usable as possible. Regarding technology, it is essential to ensure that identities are interplatform in their operation and that they’re usable across border (internationally).
- Consent — Users must agree to the sharing of their identities. The primary purpose of collecting a user data in a wallet is to share it with requesting parties. With the interoperability of identity platforms/systems, more identities will be shared across borders, apps, platforms, etc., which is why all sharing needs to be done with the users’ consent.
- Minimalization — Only needed data should be disclosed. Date of birth shouldn’t be submitted if a service requires a minimum age. If nationally is to be confirmed, the house address shouldn’t be seen, etc. Disclosure of users’ data must be strictly based on what is needed/requested.
- Protection — Users’ rights must always be protected. No matter the issue, users’ right to their data must be protected, even in the case of conflict between the identity network and the users.
With Web 2.0, data mismanagement got worse for users, but many developments and protocols are presently changing this. Among them is Self-Sovereign Identity (SSI). As a result of SSI, social interaction will be revolutionized, and internet-based marketing platforms will have their business model disrupted. Sadly, this isn’t good news for the tech giants. Fortunately, it favors the end users in the identity management ecosystem this time. Let the revolution begin!
The SSI approach to identity management aligns with what Identity.com represents. One of our pursuits is a user-centric internet, where users have control over their data. More reason why Identity.com doesn’t take the back seat in contributing to this future via identity management systems and protocols. We also belong to the World Wide Web Consortium (W3C), the standards body for the World Wide Web.
The work of Identity.com as a future-oriented company is helping many businesses by giving their customers a hassle-free identity verification process. Identity.com is an open-source ecosystem providing access to on-chain and secure identity verification. Our solutions improve the user experience and reduce onboarding friction through reusable and interoperable Gateway Passes. Please get in touch for more info about how we can help you with identity verification and general KYC processes.