Where is your passport from? Who gave you your driver’s license? Who issued your birth certificate? These things make up the basis of who we are, our identities, and the answer to all three questions is exactly the same: a central authority (most likely the government) issued and has control over these pieces of identifying information.
In today’s digital world, however, things are a lot cloudier when it comes to ‘identity’.
In the social media age, our identifying information is dispersed across the web. Whether it be our address or date of birth, our data is spread across our personal and work apps, sites and social media accounts. We all have hundreds of different identities online, with most of this data owned and managed by third-party companies.
Against this backdrop, high-profile privacy and security failures over the last decade have brought much-needed attention to the issue of data control and resulted in an ongoing drive for the creation of digital identities controlled only by those whose information they contain.
This is the concept of “self-sovereign identity” (SSI) – the idea that individuals and businesses should be able to take ownership of and control their identifying information digitally – and its effects could be hugely transformative.
What is self-sovereign identity?
Answering this question is a little tricky, as there is no current consensus on an exact definition of self-sovereign identity. However, SSI is most widely understood as the (somewhat utopian) concept of individuals and organizations having sole ownership of, and a greater level of control over, both their analogue and digital identities.
Whether your identification is a business license or university degree, everyone, including organizations, has unique sets of identifying information. These need to be presented when a person or organization needs to prove their identity. SSI is the idea that an individual or organization can manage and control access to those credentials digitally.
Crucially, under this model, individuals and organizations, also known as the ‘holders’ who have one or more ‘identifiers’ (something that enables an individual or organization to be identified), can then provide validation of those credentials without relying on a central authority.
Why is the SSI model needed?
From a security perspective, this concept seems to solve the issue of data control and digital privacy. In other words, the risk of a person’s or organization’s identity and identifying information being stolen by criminals is significantly reduced, as they no longer have to surrender their identifying information to thousands of databases each time they want to, for example, purchase something online.
However, the effects of SSI could be quite profound and go much further than this.
For example, if you lost your passport, you would not need to contact a third party to verify or access it. It will also help to remedy the parts of the world where people have no identity, particularly in areas where birth certificates aren't common practice or their birth was never registered, which means that they don't have a passport and cannot ever get one.
How could it work?
In theory, the first move would be to transform all analogue documents, such as birth certificates, businesses licenses and university diplomas, into a single, digital document stored by the individual or organization themselves. Practically, all identifying information could be held in a single, secure ‘digital wallet’.
For example, after getting a degree or diploma, instead of receiving paper certificates, students would get credentials sent directly to their digital wallet, which would be digitally signed by the university to prove they are official and have not been tampered with. This means that they will not have to worry about searching for a paper copy to validate their educational background.
Enough of the theory – can SSI be made a reality?
The criticism often levelled at the concept of SSI is that it is ‘too utopian’ and some way off from being made into a practical reality. However, there is potential in new decentralized technologies — most notably blockchains — to build data privacy and control into the center of digital systems and help make SSI a reality.
In simple terms, a blockchain is a shared file which records transactions. Each of the transactions, such as a piece of identifying information, is added in as a ‘block’ and is stored decentralized in the chain which means that once added in, no one can interfere with or control its content. This means that blockchain removes the need to have a central authority responsible for securing personal details, allowing people to secure their own details with high levels of security.
Through blockchain, highly sensitive documents – such as a university certificate – can be stored digitally as “fingerprints” instead. Each fingerprint is individual and does not reveal any information about the document it belongs to, which of course safeguards the information it contains and enables the owner of the document to choose exactly who can access their verified personal information.
In practice, this means if someone secures a university diploma, they can add the “fingerprint” of that verified diploma to their self-sovereign identity from one of the leading providers, such as uPort, and the individual handles the control of their identity and how it is used entirely at their discretion. Then, when an individual has to present some form of identifying information, their identity can be validated by just accepting a “verifiable credential” issued to the user by competent and trusted identity authorities.
Close, but we aren’t there just yet
There are a host of questions that come from the potential in blockchain to help make SSI a reality. For example, if one person’s or organization’s data is all in one place, will personal identifying data become more private under SSI or more visible? What about if countries don’t have control over citizenship, who does?
These issues will become clearer and debated more extensively once the SSI model becomes more practical. After all, we are still a long way of making SSI a practical reality, with very little use cases in operation.
However, once we do, we at TrueProfile.io believe it could be a game changer for data control and data privacy, as decentralized technologies like blockchain can clearly provide individuals and organizations with the tools they need to have greater control over how and when their identifying data is being used.
Rene Seifert, Co-Founder & Co-Head, TrueProfile.io