Self Sovereign Identity
In a rapidly evolving digital world where blockchain technology is being adopted to redefine identity and access management, self-sovereign identity is no longer a distant dream to ensure privacy and consumer protection.
From banking and employment to shopping and social media accounts we’ve left pieces of our identities, like DNA, scattered across digital and analog systems to an extent that it is difficult to manage, to monitor, and to protect, leaving us vulnerable to identity theft and fraud, and giving bad actors a treasure trove of data to use for nefarious purposes. At the same time, financial institutions and other organizations that use our data pour a huge amount of operational and financial resources into risk management and regulatory compliance, the overhead for which results in inefficient transactions and long processing times.
Self-Sovereign Identity (SSI), managed by the individual and verifiable on decentralized ledger has been touted for some ten years as a viable solution to some of the biggest privacy and efficiency challenges related to digital identities. More providers enter the space every day, and according to Infopulse, Goode Intelligence Research indicates that 5% of all digital IDs were based on blockchain technology in 2020, and predicts an increase up to 20% in 2025.
What is Self-Sovereign Identity (SSI)?
In the context of digital identity systems, SSI for humans is, in theory, a persistent, portable, interoperable digital identity that belongs to the individual (rather than to a third party such as a bank, a government, or a social login service like Google), that can be used to interact with those third parties, and that is used only at the discretion of the individual. The digital identity consists of encrypted and digitally signed, verified credentials or decentralized identifiers (DIDs) that represent bits of identifying and personal information. The individual chooses which credentials to share and with whom. Commonly, the individual manages their digital identities through browser wallets and mobile apps which they then use to conduct transactions online or by touching their phone to an NFC sensor.
In his 2016 blog post, The Path to Self-Sovereign Identity, Christopher Allen, a blockchain technology speaker and advisor, identified ten principles of SSI to remain focused on as the technology grows and evolves:
- Users must have an independent existence.
- Users must control their identities.
- Users must have access to their personal data.
- Systems and algorithms must be transparent.
- Identities must have persistence.
- Identities must be portable and go with the user.
- Digital identities should be interoperable and global.
- Users must consent to the use of their identity data.
- The amount of data shared should be minimized, meaning that no more information than is needed should be required.
- The rights of users should be protected.
What is Blockchain?
Blockchain is a linear form of distributed ledger technology (DLT). It is characterized by cryptographic hashes assigned to each block in the chain, which serve as reference points for subsequent blocks in the chain. The most familiar use of blockchain is cryptocurrencies, but there are many other potential applications, including SSI.
How does Blockchain enable SSI?
As a distributed ledger technology (DLT), the decentralized nature of blockchain technology makes it one of the primary technologies enabling SSI today. In some implementations, smart contracts are used to execute agreement provisions such as fund transfers when a new block is added to the chain.
Whether in a public or private blockchain or a blockchain consortium, blockchain’s decentralization and cryptography serve as a strong defense against data tampering and hacking. Through a linear structure and a hashing system in which each block references the previous block in the chain, the validity of the chain is maintained such that a change made to a block impacts the block’s hash and invalidates the hash of all subsequent blocks in the chain. Like a series of auto-locking security gates, this framework acts as a security fail-safe for planned and unplanned modifications to the chain.
How does SSI solve today’s privacy issues?
SSI puts the individual in control of how much information to share, reducing over-sharing as suggested by the KAOS framework in the Identity Diet book and CIPA certification program. Because individuals share digital credentials with verifying institutions instead of their actual personal data, institutions don’t need to collect or store personal data, greatly reducing institutional liability for data privacy protections.
SSI’s distributed ledger keeps data in sync across a transparent, decentralized, peer-to-peer network, leaving no inconsistencies to exploit and making tampering evident.
However, as Sheila Warren and Sumedha Deshmukh of the World Economic Forum explain, standardization and regulation are needed to safeguard and promote privacy, inclusivity, interoperability, and portability, the essential principles of digital identity systems.
How does SSI benefit consumers and businesses?
Buoyed by supporting technology, consumer relationships become more trusted. The institutions that issue credentials, the credential holder (i.e., the individual), and the verifying institution can have confidence that the technology and the framework are inherently trustworthy, removing much of the friction from customer experiences.
Some of the benefits of SSI include:
- Increased data security
- Speedier transactions
- Immutable audit trail
- Reduced compliance cost for Customer Identification Program (CIP), Know Your Customer (KYC), anti-money laundering (AML) and other regulatory requirements
- Increased business confidence in the customer’s identity/data
- Effective Identity and Access Management (IAM)
- Reduced friction in the customer experience and time it takes to process things like applications for mortgage loans
- Faster employee onboarding
Where is SSI applicable?
There are seemingly innumerable possible applications for SSI in identity nd access management, due in part to the interoperability of SSI solutions. Some common applications for individuals include:
- Address validation and age verification
- Licenses
- Qualifications and diplomas
- Proof of employment
- Credit reports
- Account details
- Account access
- Asset ownership
- Vaccination and testing records
- Prescriptions
- Boarding passes
Other applications for Self-Sovereign Identity involve the Identity of Things (IDoT), where supply chain management in areas such as the COVID-19 vaccines can benefit.
Self-Sovereign Identity and Blockchain
There are many blockchain solutions in the market which are capable of solving the pressing privacy issues. Below are some examples of blockchain solutions for self-sovereign identity:
Atala PRISM is an open-source, linear blockchain solution built on the Cardano system, an IOHK technology. It’s implementation includes a mobile app, a browser wallet, a management console, and SDKs and APIs. Atala’s use cases include education, health, government, enterprise, finance, travel and social.
IOTA’s non-linear, distributed ledger solution, The Tangle, is a blockchain alternative that allows for zero fee transactions (vs Bitcoin and Ethereum which require purchase of a cryptocurrency token). The IOTA Tangle is designed to function on low tech devices and in areas of low connectivity, making it an option for identity-less and bank-less people around the world.
Other Self-Sovereign Identity Technology Solutions
Amazon, Microsoft, Oracle and IBM offer blockchain-as-a-service (BaaS) by providing the infrastructure and management of the blockchain for companies who are then free to build their own apps and functions on the blockchain.
Some other SSI options available in early 2021 include:
- Evernym’s Verity solution for issuing and verifying digital credentials, its Connect.Me digital wallet, and its mobile SDK
- Indicio.tech’s IDRamp solutions
- Sovrin’s SSI network and digital wallet
The future of Self-Sovereign Identity
The ways companies do business may change significantly as SSI is adopted, and among other things the legal implications will have to be sorted out. One of the questions before the U.S. legal community is whether digital smart contracts are enforceable legal agreements. A Harvard Law School Forum on Corporate Governance article, An Introduction to Smart Contracts and Their Potential and Inherent Limitations, explains that contract law is at the state level, meaning that treatment may vary by state, and points out that some states such as Arizona and Nevada have amended laws to account for blockchain and smart contracts.
As SSI technology evolves and use increases, so will the need for standardization and regulation. Likewise, digital literacy among citizens, consumers, and policy makers will be key to large-scale adoption.
In their 2021 report, New Directions for Government in the Second Era of the Digital Age, Blockchain Research Institute and the Chamber of Digital Commerce encourage the U.S. government to focus on five digital priorities:
- Ensuring security, privacy, autonomy, and citizen-owned identities
- Embracing cryptocurrencies and the digital dollar
- Retooling services and service delivery to meet world-class digital standards
- Building trust by engaging citizens and holding elected officials accountable
- Rebooting American’s innovation economy to include a diversity of entrepreneurs
Around the world, many are looking to SSI technology to bring new opportunities to underserved populations. According to the World Bank there are one billion people in the world without an official proof of identity, and one in two women in low income countries lack an ID, which inhibits their ability to do things like obtain government services, enroll in school, and open bank accounts. In his blog, Bill Gates notes that giving everyone access to a legal identity is one of the targets of the UN’s Global Goals for 2030. Because SSI systems are decentralized and all participants are treated equally, SSI is thought to be a more democratic option than third-party systems that give some consumers preferential treatment. More and more countries are adopting digital identity systems. India has launched a biometric ID system, and in what is being called the world’s largest blockchain deployment, Ethiopia was reported in February 2021 to be launching a blockchain-based national identity system using the Atala PRISM decentralized identity platform.
Digital identities can also transform the supply chain by bringing transparency to track and trace initiatives, compliance including supplier due diligence and onboarding. In a recent Forbes article, Lora Cercere, CEO of Supply Chain Insights LLC, promotes the development of digital identities for manufacturing and distribution locations and for ocean freight, entities that don’t currently have their own Employer Identification Number (EIN). The possibilities for cost reduction in supply chains are enormous.
Also being explored is the concept of disposable self-sovereign identities (DSSID) which are valid for a limited time after which they expire. Such a solution could give individuals even greater control over their privacy by allowing them to revoke shared credentials when they are no longer needed by the verifying entity. A use case proposed by the Disposable ID citizen-community in the EU is COVID-19 test results which are only relevant for a time period of weeks or less, after which a new test is needed. In January 2021, international technology standards organization Object Management Group® (OMG®) issued a request for information for a Disposable Self-Sovereign Identity (DSSID) standard.
Conclusion
In conclusion, the opportunities for improving individuals’ privacy and data autonomy and reducing corporate operational costs are great, but an SSI revolution is no light undertaking. To become ubiquitous, SSI technologies will need to be standardized and affordable to the organizations that support and use them, data privacy and other regulations will need to be proposed and passed, and even more critically, consumers must be able to access, afford and trust the technology.