Self-Sovereign Identity Essentials
- Irene Hernandez
- Esther Saurí
- Samuel Gómez
What is Self-Sovereign Identity (SSI)?
Self-Sovereign Identity is a nascent technology combining the simplicity and usability of a single sign-on with advanced cryptography to provide government-grade secured access to digital services.
To understand this definition, let’s take a step back: have you ever thought about what’s happening to your data?
Think of the hundreds of accounts you’ve created throughout your lifetime and the personal information you provided these businesses: full name, birth date, address, credit card number, home address, etc.
These authentication methods are based on centralized models, characterized by users having to give up their personal information repeatedly without control.
These models are not just an inconvenience for users but organizations as well. These entities concentrate millions of records and sensitive user information in their databases, making them desirable targets for hackers and having to invest lots of money in security systems, GDPR compliance, and complex authentication processes to combat cyberattacks and identity fraud.
Big tech companies attempted to tackle some of these issues by developing federated identity management models: single sign-on authentication methods such as those of Google or Facebook (i.e. “Log in with Google”).
On the one hand, this model can drastically improve user experience by allowing users to sign up instantly, but on the other, it exacerbates privacy and security risks by further centralizing user data in their databases.
Self-sovereign identity (SSI) is the next-gen authentication architecture that solves all issues at once: an easy-to-use, privacy-preserving, and secure identity framework.
The SSI ecosystem
Digital relationships and transactions rely upon trust, but with the abrupt transition into a fully digital world, this trust has weakened as traditional authentication methods have become less reliable. To limit identity fraud, businesses must request more substantial proof of identity (scans of ID documents, second-factor authentication codes, dedicated authentication apps, etc.), and users suffer more complex onboarding processes.
SSI attempts to re-establish this trust by increasing security without compromising user experience or privacy. In doing so, the model proposes new methods of interactions and categorizes agents into three main groups:
Issuers: Entities that are authorized to issue specific Identity credentials such as universities (issuing student IDs and academic diplomas), governments (national IDs, driver’s licenses, passports, birth certificates, certificates of car ownership), financial institutions (credit scores), hospitals (medical records), employers (employee cards), etc.
Users (holders): Individuals or organizations subject to such Identity credentials. That is, the credential owners who store, manage, and share their own personal data via a digital ID Wallet.
Verifiers: Service providers that need to authenticate their users to provide access to their services (i.e. banks, retail stores, insurance companies, hospitals, universities, etc.).
The backbone of SSI
DIDs and VCs are two fundamental standards of SSI technology established by the World Wide Web Consortium (W3C), an international organization that generates recommendations and standards for the Internet. Both concepts, often combined with blockchain technologies, make up the powerhouse of SSI.
What are Decentralized Identifiers (DIDs)?
In real life and online, users need to identify themselves and do so through identifiers, which can be passport numbers, usernames, emails, telephone numbers, and more. In today’s world, these identifiers are issued and registered by centralized bodies such as government agencies, email providers, and telecommunication providers.
DIDs are decentralized, portable identifiers that are not tied to any centralized registry or identity provider. Instead, they are created and managed by the owner and often stored in distributed ledgers. In an SSI ecosystem, Issuers, Users, and Verifiers are all represented by one or more DIDs.
More on DIDs here:
What are Verifiable Credentials (VCs)?
Verifiable Credentials (VCs) enable users to finally have trustworthy, tamper-proof, and machine-verifiable digital identity documents.
Think of your passport in a secured, digital ID wallet that you can use to travel, or a digital academic diploma that you can use to apply for a job application without having to personally request the university’s administration to issue an “authentic version” every time a new entity requests it from you.
More on Verifiable Credentials here:
The Role of Blockchain
Although SSI platforms can be built without the need for blockchain technologies, most solutions are built on top of one or more ledgers as a source of trust. Blockchain ledgers are mainly used as Decentralized Public Key Infrastructure systems (DPKI) to store and distribute registries of DIDs and associated public keys and register authorized Issuers and credential schemas.
Recent announcements from European regulators have deemed DIDs of natural persons' private information. Only DIDs from legal entities may be registered in public blockchain networks.
More on DIDs and GDPR compliance here:
https://gataca.io/blog/ebsi-did-v2-a-test-to-ssi-usability-and-its-use-of-blockchain-technology
Benefits of SSI
A user-centric Digital Identity model has extensive benefits for individuals and businesses alike. In the short term, the implementation of Decentralized Identities lays down a means to reduce administrative and compliance costs and operational costs related to security for public administrations and online service providers.
Some of the benefits of implementing SSI technology include the following:
Decreased Identity fraud (identity theft) by eliminating centralized databases & passwords and introducing tamper-proof verifiable credentials and government-grade secure ID Wallets.
Improved conversion rates/reduced onboarding abandonment rates through one-click onboarding and authentication processes that enhance customer experience. Customers can forget about lengthy Know-Your-Customer (KYC) forms that force them to manually fill in the required information.
Increased efficiency for organizations, as resources, are no longer used to verify individual credential authenticity and legitimacy manually.
New revenue streams with the issuance of verifiable credentials.
Boosted privacy & security through the use of advanced cryptography.
Nonetheless, the SSI vision and philosophy go beyond instant benefits for the economy and, in the long term, aims to provide a solution to the 1 billion people who do not have any identification and the 3.4 billion without a digital self.
SSI Market Overview
2022 was a year in which the SSI industry was consolidated as a recognized global market. The evangelization and informational phase of previous years has transitioned into a piloting attitude as stakeholders gained knowledge on the applicability, impact, and benefits. Moreover, many early adopters started testing real use cases across the world.
The market maturation led to increased investments toward decentralized identity efforts, a proliferation in governments involved in user-centric identity proposals for their citizens, and progress made in regulations and standards.
Many governments and regulators included digital identity initiatives in their strategic agendas as part of their economic development and digital transformation priorities. So far, the European Union has taken the lead in promoting a legal and technical framework for digital identities, but other regions, such as Canada, are following closely.
In June 2021, the European Commission (EC) took a giant leap towards launching a trusted, secure digital identity for all European citizens with the announcement of the new eIDAS 2.0 proposal, which seeks to set a single legal framework for the mutual recognition of digital identities among European Union member states based on SSI principles.
In February 2023, the EU published the first version of the Architecture and Reference Framework (ARF) to provide a set of specifications needed to develop an interoperable European Digital Identity (EUDI) Wallet Solution based on common standards and practices.
Moreover, three major public tenders have been started by the EC - one for the development of Large Scale Pilots, a second one for the development of a reference Wallet, and a third one for the advancement of EBSI.
Gataca will participate in the Digital Credentials for Europe (DC4EU) consortium, focused on using the EU Digital Identity Wallet for three specific use cases: Identity, Social Security, and Education.