Wednesday W.O.W - Self-Sovereign Identity πͺͺπ§βπ»π
[5min read] Your mid-week bite sized treat on emerging tech on our journey to the Metaverse. Today, learn about why self-sovereign identity is the key to a more secure and private digital world
A nibble of knowledge in your inbox every Wednesday with a simple format:
πΌ What the technology is
π΄ Objective(s) - what is it trying to achieve, with some examples
πΌ Why it is important to users as well as businesses & brands.
This is week 20 of the 520 weeks of writing I have committed to, a decade of documenting our physical and digital lives converge.
What is Self-Sovereign Identity?
Have you ever thought about who owns your personal data and how it's being used? Self-sovereign identity (SSI) is a concept that puts the control back in your hands. While there is no exact definition for SSI yet, it's clear that it's a necessary step towards ensuring user control is at the foundation of our identity systems.
Here is how I would have a go at explaining SSI at 3 levels of complexity:
For a 10-year-old: Itβs like having a secret box that has all your important information, like your name, age, and where you live. Only you have the key to open the box and see what's inside. You can decide who you want to share your information with, like your teacher or doctor, and they can only see the information that you let them see. SSI helps keep your information safe and secure, so only the people you want to see it can see it.
For a non-techy adult: Itβs like having your own personal ID card that you control and decide who sees your information. Instead of other people, like companies or governments, having your information and deciding who can see it, you get to choose. It's like having a secret password that only you know and you get to decide who you share it with. This is important because it helps keep your information safe and gives you more control over who knows about you.
For a techy adult: It means individuals and organizations have complete control over their digital and analogue identities, including their personal data. SSI adds a layer of security and flexibility, allowing users to only reveal necessary data for any given interaction, without going through intermediaries. The best way to implement SSI is through blockchain technology, which allows for a secure and decentralized system without the need for a central authority.
Objectives of Self-Sovereign Identity
For this section, I will lean on the pioneering work in this space by Christopher Allen, an internet cryptography pioneer and co-author of the Transport Layer Security Security Standard. You use TLS every day, it keeps your online conversations private and secure. It's used to protect things like email, instant messaging, and phone calls from hackers who might try to spy on them. You might have heard of HTTPS - this is the secure version of websites that use TLS to keep your information safe when you're shopping or banking online.
His 2016 article βThe Path to Self-Sovereign Identityβ is a must-read for anyone wanting to learn more. He proposes ten guiding principles of self-sovereign identity that ensure user control, transparency, fairness, and support of the commons while also protecting the individual. These principles are as follows:
Existence: Users must have an independent existence that is ultimately based on the ineffable "I" that's at the heart of identity, which can never exist wholly in digital form.
Control: Users must control their identities, and they should always be able to refer to it, update it, or even hide it. Subject to well-understood and secure algorithms that ensure the continued validity of an identity and its claims, the user is the ultimate authority on their identity.
Access: Users must have access to their own data and should be able to easily retrieve all the claims and other data within their identity. There must be no hidden data and no gatekeepers.
Transparency: Systems and algorithms must be transparent, open, and independent of any particular architecture, allowing anyone to examine how they work.
Persistence: Identities must be long-lived and last as long as the user wishes, with a firm separation between an identity and its claims.
Portability: Information and services about identity must be transportable, ensuring that the user remains in control of their identity no matter what.
Interoperability: Identities should be as widely usable as possible, crossing international boundaries to create global identities, without losing user control.
Consent: Sharing of data must only occur with the consent of the user, and other users, such as an employer, must also agree to use the user's identity.
Minimalization: Identities should contain only the information that is necessary and appropriate for the intended use.
Protection: The rights of individuals must be protected against financial and other losses, human rights abuses by the powerful, and to be oneself and to freely associate.
Why will Self-Sovereign Identity impact the future of society and the emerging Metaverse?
There are several examples of SSI being used already. One example is in the BC Digital Trust initiative where organisations and teams in British Columbia, Canada are contributing to the fields of Digital Trust and Verifiable Credentials. Another example is the Swiss-based WISeKey, which is using SSI to provide individuals with secure digital identities that can be used for authentication, signing documents, and other purposes. SSI is also being used in the healthcare industry to provide patients with control over their medical records and in the financial industry for secure and efficient customer onboarding and transactions
As our lives become more digital, our data and identity online become increasingly valuable. Self-sovereign identity will be increasingly demanded, putting the user at the centre of identity administration and allowing users to have true control of their digital identity, creating user autonomy. This requires that the user's identity can be transported and interoperable across multiple locations with the user's consent, and should also allow ordinary users to make claims about themselves, including personally identifying information or facts about personal capability or group membership. The hope is that SSI will facilitate the protection of individuals, including defending against financial and other losses, preventing human rights abuses by the powerful, and supporting the rights of the individual to be oneself and to freely associate.
In conclusion, the principles of self-sovereign identity seek to ensure that the user has control of their digital identity and data, while also balancing the benefits and risks associated with identity systems. By following these principles, a self-sovereign identity can provide a secure, private, and user-centric solution to the challenges of identity administration in the digital age.
Thatβs all for this week! If you have any organisations in mind that could benefit from learning about emerging technology, be sure to reach out. Educational workshops are one of many consulting services I offer.
Thanks for this explainer. Good to see some actual tangible use cases as at the moment the idea everyone will just want control over their identity vs not having control I think is flawed (and seems very western centric). Most people are happy to trust institutions, if the majority was not then Bitcoin etc would all have mainstream adoption by now.