The New Digital ID: Self-Sovereign Identity

Martin Schäffner

15 October 2019

We from Datarella are always encouraged to be experts in the field of blockchain-related concepts and technologies and also to share our knowledge with the blockchain community. This blogpost should raise awareness about Self-Sovereign Identity (SSI), a fundamentally new approach to enable users having autonomy about their decentralized identifiers (DIDs) on the internet. 

Managing identities on the internet is a problem since its early days as it doesn’t have an integrated identity layer. Conventional identities are represented by identifiers provided by identity providers, such as an e-mail or a social media account like Facebook. The problem with these is that the identifier is not owned but only borrowed. The identity provider remains in control of the identifier and not the user. Although registration at new services is an annoying process already, the major problem is that websites store this personal information on their servers to determine who their users are. Based on the user information, data is generated and passed on to third parties without the explicit knowledge of the user. Besides, it often happens that this information is not sufficiently protected against criminal attacks.

DIDs as the fundamental component in Self-Sovereign Identity

The concept of Self-Sovereign Identity should allow users to have full autonomy about their identifier and control over how related personal information is shared and used and with whom. The fundamental component which makes it possible is the so-called decentralized identifier (DID). A DID represents the user in a pseudo-anonymous way and is derived from a public key generated on a blockchain or other distributed ledger technologies. Users can create and register their DIDs without the need for a central authority. 

DIDs serve to create lifetime relationships with others in a decentralized and privacy-preserving manner. Only information that is needed should be disclosed. A popular example is that a verifier doesn’t care about the actual date of birth but only if the user is old enough to use or access a service. By using zero-knowledge proofs, the verifier only sees this information, derived from the date of birth. 

Self-Sovereign Identity further faces the challenge to merge the real-world identity closer to the offline world. This should be achieved by integrating verifiable credentials that can be issued to assert personal information to the DID. Credentials could contain any information, depending on the issuer, such as a valid digital ID, an attestation about a relationship like a club membership, or a digital diploma. By gathering such credentials, a user could integrate real-world identity characteristics to the online identity. 

Still a long way to go for SSI

Even though the concept of SSI is very promising, and standardized formats, such as DID, exist, there are still big hurdles to take. 

One challenge will be how this concept should be integrated on the internet. The usability has to be intuitive, so users tend to use their DIDs instead of a username and password combination. Then all actors have to be on-boarded. This is the typical chicken and the egg problem. It requires a significant amount of services and authorities to accept or issue credentials but it also needs enough users to incentivize authorities to offer credentials first. 

However, there are already several projects running that provide this technology. The Sovrin Network, for instance, provides an advanced identity ecosystem that allows users or authorities to form relationships with others and issue or receive credentials. The uPort project also provides a full SDK to implement Self-Sovereign Identity solutions on the Ethereum blockchain. 

 

If you are interested in more information about Self-Sovereign Identity feel free to contact me via e-mail (martin.schaeffner@datarella.com) or read into already existing documentation, such as the DID primer.