Self-Sovereign Identity (SSI)
📂 Self-Sovereign Data
The self-sovereign identity vision was introduced several years ago, describing a future where individuals would be able to regain control of their identity and participate at a peer-to-peer level. And technology has advanced to a level that open community-networks, codes and standards are mature enough for early adopters to build long-tern sustainable solutions.
Certain solutions, like DID systems, attempt to follow this philosophy by placing the power firmly in the user’s hands. In doing so, they empower people to reclaim control over their personal data and identity, supporting the belief that it is people, not organizations, who should be the ones owning their data.
🌠 Principles of Self-Sovereign Identity
Christopher Allen, a pioneer in self-sovereign identity describes two ways to interpret self-sovereign identity. The first is ideological, which emphasizes the necessity of being able to control one's own identity on the network without having to rely on trust. The second one being technological, meaning to determine whether technologies and technological standards are capable of achieving this goal.
Allen first wrote the 10 principles of Self-Sovereign Identity in his blog which partially mirrored Satoshi Nakamoto’s well-known whitepaper on Bitcoin. The 10 principles were introduced to define the goals and values that digital identity technology should pursue. Each principle is further defined by the SSI's technology standards, which include decentralized identifiers, verifiable credentials, DKMS, DID-Auth, and blockchain.
Existence: The owner of an identity must be real, self-aware, and sentient. Identity today has linked itself to physical credentials like ID cards and licenses; however, SSI allows an individual to take back their identity in both the physical and digital world without the need for physical tools.
Control: Sovereignty allows an individual to control and make the decisions regarding their own data.
Access: Users must be able to access their own data and any claims related to it without any intervention, even if they are unable to directly modify credentials connected to their identity.
Transparency: Transparency guarantees that users are able to monitor any possible mismanagement of claims, credentials, or relationships connected to their identity. To achieve this, systems and algorithms must work in a comprehensible and simple accessible way such that it is clear and readable for the user at all times.
Persistence: Most credentials held by individuals and institutions are meant to last a long time, if not indefinitely. Persistence aids users in maintaining their identities despite possibly owning many private keys, the variations in data storage systems, and having to deal with private key rotation.
Portability: Information and services must be portable and cannot be retained only by a centralized third-party organization. A user’s identity may be moved and kept in different locations whenever they like.
Interoperability: Identity information and services must be flexible. This is because portable identities may mean they are also widely available, making them suitable for use across international borders.
Consent: Any personal data in SSI systems must only be shared with the user's permission. A self-sovereign identity system must include consent at all times guaranteeing that the identification data is kept private, only to be shared with the user’s approval.
Minimisation: Minimisation in self-sovereign identity gives significance to the protection of data of users when disclosing identity-related information. For example, the if user information must be disclosed, then it should be minimised to the bare minimum of the requirement.
Protection: Stresses that the rights of users must be guarded, and though conflicts between identity networks and the users themselves are inevitable, in such instances, networks should focus on the protection of users and their rights instead of the network’s own needs.
🎭 Self-Sovereign Identity (SSI)
Growing concerns about data privacy and the control of personal information have prompted the development of self-sovereign identity (SSI). This approach to digital identity allows individuals full autonomy over their personal data. Users possess the authority to share or withhold information, ensuring that consent is explicitly granted. SSI empowers users with the ability to manage their digital footprints, fostering a transparent digital ecosystem where consent is explicit and privacy is respected.
🤝 Consent Management in SSI
In the SSI model, consent management is integral. Users are prompted for approval every time an application or website requests access to their data. This process is often visualized through user-friendly interfaces and clear opt-in mechanisms, ensuring users are aware of the data being shared and the entities accessing it.
🔐Blockchain's Role in SSI
The blockchain acts as a trust layer in SSI systems, providing an immutable ledger of transactions. Each entry on the blockchain is encrypted and linked to the previous one, preventing unauthorized alterations and establishing a verifiable history of data exchanges. By harnessing the power of blockchain, SSI can offer a tamper-proof infrastructure that underpins the security of personal data.
🚫 Enhanced Security through Zero Trust and Encryption
SSI solutions are designed on a zero-trust security model, using encryption and distributed ledger technology. Data is not stored in a central repository but is instead distributed across a network of nodes, making it less susceptible to hacking and unauthorized access. Advanced cryptographic techniques, such as zero-knowledge proofs, allow for the verification of credentials without revealing any additional information.
🔄 Integration and Interoperability
SSI systems are built to be interoperable, ensuring seamless integration with existing digital infrastructure. By adhering to established standards and protocols, SSI can be adopted across various platforms and industries, promoting widespread acceptance and utility.
📋Compliance with Data Protection Regulations
SSI aligns with international data protection regulations, such as the GDPR in Europe, by design. It provides a framework for individuals to exercise their privacy rights, enabling organizations to manage personal data in a compliant and ethical manner.
🚀 Real-World Applications and the Future of SSI
Organisations like the Decentralized Identity Foundation and the World Wide Web Consortium are supporting the evolution of SSI, with initiatives like the European Self-Sovereign Identity Framework (ESSIF) exploring its implementation at scale, partly through its open API network. As the technology matures and gains recognition, its adoption is set to accelerate, promising to reshape how personal data is handled across the globe.
🏛️ The European Self-Sovereign Identity Framework (ESSIF)
The European Self-Sovereign Identity Framework (ESSIF) is the EU’s take on self-sovereign identity, launched in November 2019. It provides open-source research and technology necessary to build an extensive DSSI system. This project, thus enabling safer interactions and faster transactions across the region as a whole.
The ESSIF is a part of the European Blockchain Service Infrastructure (EBSI), a collaborative initiative of the European Commission and the European Blockchain Partnership (EBP) to supply EU-wide cross-border public services using blockchain technology.
The goal of EBSI is to become the “gold standard” digital infrastructure that supports the launch and operation of EU-wide cross-border public services. It is a multi-blockchain network with several use-cases such as document notarisation, diploma certification, trustworthy data exchange, and the ESSIF itself. It’s stated strategic goals are:
Offer individuals seamless cross-border services
Contribute to the efficiency of institutions and their relevant processes
Allow for the free movement of economic activity across borders.
While operating under the following guiding principles:
Public Permissioned: All participating nodes' identities are known.
Decentralised: Each member state should maintain its own network of nodes.
Scalable: High-throughput and large-number-of-nodes support.
Open-Source: Open-source (Preferred)
Sustainable: Energy-efficient
Interoperable: The EBSI should be founded on well-known requirements and technical specifications as much as feasible.
In enabling users to manage their own identity seamlessly across all borders, ESSIF aims to apply a generic self-sovereign identity (SSI) capability that diminishes centralized authorities in the network. While there is an EBSI wallet, it is currently in testing and is not available to the general public.
The ESSIF represents arguably the most complete SSI framework available in the world today. Although a relatively new entry in the virtual space, ESSIF’s completeness and its open-source nature make it the trailblazers for SSI technology. myBID, in turn, also draws heavy inspiration from their framework, choosing to adopt many of their capabilities whilst simultaneously adding a few of their own.
🛠️ ESSIF Implementation
The ESSIF foundation offers monetary support to selected projects built on or supporting their SSI framework. At this point, they plan to select 62 projects from two main categories. The first category is infrastructure-oriented projects (20) seeking to expand upon the existing SSI framework through technical enhancements and the second is business-oriented projects (42) meant to derive commercial components and use cases.
🏆 ESSIF-Supported Projects
These are just some of the projects that are supported by ESSIF:
Go Aries! Enabling CL-Support on Aries Framework Go by Datarella GmbH: The “Go Aries!” project focuses on enabling CL signatures and credentials within the Aries Framework Go to make it compatible with Aries Cloud Agent Python (ACA-Py) agents and the Indy-SDK. Therefore, the benefits of the Aries Framework Go are accessible to ACA-Py and Indy.
Verifiable Credential Authority by NYM Srl: A DLT/blockchain independent platform to issue and verify certified attributes and claims, under different formats, and for any SSI system
European Bank Identity Credentials (Eubic) by yes.com: This project aims to extend about 1,000 banks with the ability to issue verifiable credentials. This bank identity scheme will allow graduates to verify their identities when requesting their diploma. Once issued, both credentials can be used in combination to prove their education credentials and the identity of the diploma’s holders.
These projects illustrate the ESSIF’s commitment to expanding the technology. By issuing an open-call for institutions to develop their own components, the ESSIF is ensuring that their solution is scalable. Through this, we can also see the real-world applications for SSI technology.
Last updated