Note: This blog post is the script for the video on YouTube. List of sources are in the video description!
This post aims to provide an overview of the emerging online identity framework known as SSI and explain why our current form of digital identity is broken.
Identity is an uniquely human concept and before we dive into online identity I want to explain what we are talking about:
Identity is what defines a person and distinguishes it from another person. In psychology, the scientific study of the mind and behavior, it includes qualities, beliefs and personality. When we ask sociology, the scientific study of society, we get a slightly different answer, which includes culture, history and religion.
So what-ever technology we use as a framework for this concept, it needs to be flexible enough to display an incredible amount of human diversity.
The miserable status quo
So let’s take a look on how online identity currently works: Every one of us got a lot of personas at different companies or organisations.
A persona is a subset of an identity, taken from a particular standpoint. One person can have multiple personas, dependent on social context like work, close friends, hobbies etc.
However, most of the administrative identity systems in use are proprietary and owned by the organization that provides it. We use usernames and passwords to authenticate our-self. Proprietary user-centric approaches like sign-in with google, apple or other surveillance capitalists will just lock you up in their ecosystem again.
The consequences are that the user isn’t in control, it’s cumbersome and data breaches, and identity fraud are prevailing issues. We deserve better, and your identity, needs to be truly yours.
The Need for a new base layer framework:
We use the terminology of self-sovereign identity (SSI), as the concept of individuals or organizations having sole ownership of their digital and analogue identities, and control over how their personal data is shared and used. The user is central to the administration of one’s own identity. This adds a layer of security and flexibility allowing the identity holder to only reveal the necessary data for any given transaction or interaction. It gives individuals or organizations agency to control their identity information and therefore acknowledges that identity is about much more than logging in.
Since this explanation sound is a little incomprehensible, let me explain a key concept of self-sovereign identity.
The trust triangle
The trust triangle explains the issuance of a credential and its usage. Here we have three main Stakeholder: The holder of a certain attribute or credential, who is also referred to as the subject. The issuer of identity information and the verifier, who requested the information.
Before we dive deeper into the topic, I want to explain what an attribute is. An attribute explains what qualifies a person, without necessarily being unique to that person. These are elements like gender, height, weight etc. An attribute can also be a verified credential, which is issued by a third party such as citizenship, university degrees or a membership status.
But then obviously you ask yourself, where the data of the credential is stored? And for that question we don’t have a common answer yet. However, the SSI community has a consensus to not store this data on a blockchain. A blockchain is only used to store a decentralized identifier, DID in short, acting as a pointer for further information. The identity data itself is rather stored on a decentralized data storage.
Decentralized Identifiers (DID)
An Identifier refers to a real-world identity about a particular use case or domain, which has legal and practical implications like passport number, phone number, e-mail address.
An Decentralized Identifier servers as identifier for verifiable, “self-sovereign” digital identity. DIDs are aimed to be fully under the control of the holder of the DID, independent from any centralized registry, identity provider, or certificate authority.
Basically: A globally unique identifier that does not require a centralized registration authority, because it is registered with distributed ledger technology or other form of decentralized network, which points to a DID document, containing further instructions where to find attributes, claims or similar information and how to communicate with the identity holder.
Real world examples:
The first use case I want to illustrate here is buying alcohol, where the identity holder is proofing his age. But the alcohol vendor doesn’t need to know your birthday, they only need to know if you reached the age, which permits you to buy alcohol.
With the trust triangle this works like this:
The Government issues a verified credential — an ID to the Holder who shows zero knowledge proof (ZKP) to the verifier, who in this case is the alcohol vendor. The merchant then verifies the signature and cross checks the DID with a public registry from the issuer. The ZKP contains super fancy cryptography and basically proofs that you are 18 or older without revealing your birth date or any other information.
Another use case is access to mobility. Here a collaboration between Jolocom, XRide, Deutsche Telekom T-Labs, Riddle & Code, and Simple Mobility offers a fully decentralized scooter rental system enabling the user to share their credentials directly with the scooter company, without revealing unnecessary information to the mobility provider.
A nascent identity standard
To conclude we can say that the SSI community aims to build a universal identity layer for the web and wants to enable technical interoperability between identity systems of all sorts that puts the user in the center.
Promising projects like Hyperledger, uPort, Sovrin, Jolocom, Bloom and many more already enable us to experience a small taste of what’s coming. Nevertheless, it is still a nascent technology and further exploration, standardization and integration will be necessary to develop a holistic framework and unleash the immense potential of self-sovereign identity.
By Adrian Doerk — Hodl Helper
Own your keys