This article takes the mental models of identity and explores how they can be achieved with a self-sovereign identity (SSI) solution.
To pin down the meaning and definition of identity is a challenging task due to its uniquely human nature. It can have totally different meanings for different people. However, there are reoccurring themes when speaking about the term. The following five mental models describe what people refer to, when speaking about identity and provide a useful structure of how these models can be executed in a digital environment leveraging SSI infrastructure and components. While the concept of SSI can be applied for individuals, legal entities and things alike, the following paragraph solely focuses on individuals and explains how these models can serve as a guideline for SSI implementations. The five mental models were published by experts of the RWOT community and are quoted in the following paragraphs.
“The space-time mental model sees identity as resolving the question of the physical continuity of an entity through space and time. (…) It answers the question: Does the physical body under evaluation have a continuous link through space and time to a known entity?”
An identity is established in the past, it acts in the present and continues to be useful in the future. To secure the sum of recorded interactions and relationships in digital form one requires a backup when using a wallet, which stores the identity data and their associated cryptographic keys locally on the device of the user. This backup enables the user to restore the received credentials as well as established relationships. When losing access to the wallet, the backup enables the user to reestablish the aspects described in the space-time mental model. A backup generally consists of the identity data itself and a key, which is used to en- and decrypt the backup data.
“The presentation mental model sees identity as how we present ourselves to society. This is the mental model behind Vendor Relationship Management, user-centric identity, and self-sovereign identity. (…) It answers the question: Is this how the subject chooses to be known?”
Individuals can choose, which information about them should be known by third parties or the public. The granularity of this information varies dependent on the social context. While one might only want to provide the required minimum of information to a government authority, one might have the desire to share very personal details with a certain social circle such as family or friends. Hence, the user requires different social profiles and circles, which help to present the right information to the target audience. Since one part of a SSI ecosystem is the creation of trusted peer to peer relationships, these contacts can be sorted by the user and allocated to a social circle according to the preferences of the individual.
However, when it comes to the sharing of information it gets tricky. There are currently no SSI implementations with enable a user-experience similar to current social media platforms. Hence, the presentation of information is currently limited to one contact at a time.
“The attribute mental model sees identity as the set of attributes related to an entity as recorded in a specific system. Enshrined in ISO/IEC 24760–1, an international standard for identity management, this mental model is the primary focus for many engineers. (…) It answers the question: Who is this data about?”
From a birth certificate to a university degree or a language certification, we collect a variety of credentials, which attest certain information about us. The sum of all these credentials can also be seen as one mental model of identity. These credentials are issued, stored and managed by the individual and are standardized within the specification of the verifiable credentials data model 1.0 by the W3C. It is the only mental model with a formal specification.
SSI implementations use cryptography to provide the necessary proofs that presented information is about the individual in question. There are different options of implementations to ensure that a certain identifier relates to the specific person, however most implementations use decentralised identifiers (DIDs) to identify the identity subject.
“The relationship mental model sees identity emerging through interactions and relationships with others. Our identity is not about what we are in isolation from others, but is rather defined by the relationships we have. This is the fundamental model in the South African idea of ‘Ubuntu’, meaning ‘I am because we are.’ (…) It answers the question: How is this person related?”
The relationship to other individuals or entities can help to determine the status of a person within society. We can observe different domains of relationships, which depend on the social context like a professional, official, legal, personal, public, business or employment context to name a few. For example a representative of a government like a diplomat has special rights and obligations due to this relationship. Depended on the context, e.g. an interview of said diplomat, it can touch multiple domains by being an official interview, with legal consequences, which is presented to the public and can have a direct effect on the employment relation for the diplomat. Generally, individuals initiate and maintain hundreds or even thousands of relationships to different entities. An SSI solution enables an individual to initiate this relationship by accepting or requesting a connection. Once established this connection serves as communication channel to facilitate the exchange of (verified) information between the two parties. Since both parties are able to validate the identity of the other party it enables the necessary trust in a digital environment. However, a the establishment of a connection isn’t necessary and credentials can also be issued or requested without one. There are special protocols, which standardise the credential exchange and communication between two entities like the DiDcomm protocol.
“The capability mental model pragmatically defines identity in terms of an individual’s capability to perform some task, including their physical ability now, in the past, or in the future. It is the inevitable approach for anyone in an emergency. (…) It answers the question: What can the subject actually do?”
The primary reason why an identity is required in the online world in the first place are the capabilities that come with it. Without an identity one is still able to browse the web and gather information, however when it comes to online shopping, banking, government applications, employee portals, access control and many other aspects, an identity is necessary to execute those actions. Not all actions require a verified identity. In most cases a self-attested identity is sufficient for the verifier. However, there are multiple cases for which the verifier either has a legitimate interest for only allowing access to verified parties or is obligated by law to verify the identity of an individual. An example for the first case can be access to information for a specific audience like a university, which wants to grant students access to internal documents. The students would not be required to verify their identity every time they want to access the repository, but instead only need to prove that they are a student of said university, without disclosing further personal details. The second case includes telecommunication providers, or financial institutions, which need to comply with know your costumer (KYC) regulations.
Mindmap of the mental models enabled by SSI
To conclude it can be said, that all mental models of SSI can be enabled to a certain degree, however when it comes to the space-time (backup) mental model or the presentation (social network) model, we also see that the integration of the concept is quite nascent and requires more development to be comparable with current centralised alternatives.
Disclaimer: This article does not represent the official view of any entity, which is mentioned in this article or which is affiliated with the author. It solely represents the opinion of the author.
Own your keys