What is Self-Sovereign Identity (SSI)?
Self-Sovereign Identity is a nascent technology combining the simplicity and usability of a single sign-on with advanced cryptography to provide government-grade secured access to digital services.
To understand this definition, let’s take a step back: have you ever thought about what’s happening to your data?
Think of the hundreds of accounts you’ve created throughout your lifetime and the personal information you provided these businesses: full name, birth date, address, credit card number, home address, etc.
These authentication methods are based on centralized models, characterized by users having to give up their personal information repeatedly without control.
These models are not just an inconvenience for users but organizations as well. These entities concentrate millions of records and sensitive user information in their databases, making them desirable targets for hackers and having to invest lots of money in security systems, GDPR compliance, and complex authentication processes to combat cyberattacks and identity fraud.
Big tech companies attempted to tackle some of these issues by developing federated identity management models: single sign-on authentication methods such as those of Google or Facebook (i.e. “Log in with Google”).
On the one hand, this model can drastically improve user experience by allowing users to sign up instantly, but on the other, it exacerbates privacy and security risks by further centralizing user data in their databases.
Self-sovereign identity (SSI) is the next-gen authentication architecture that solves all issues at once: an easy to use, privacy-preserving and secure identity framework.
The SSI ecosystem
Digital relationships and transactions rely upon trust, but with the abrupt transition into a fully digital world, this trust has weakened as traditional authentication methods have become less reliable. To limit identity fraud, businesses must request more substantial proof of identity (scans of ID documents, second-factor authentication codes, dedicated authentication apps, etc.), and users suffer more complex onboarding processes.
SSI attempts to re-establish this trust by increasing security without compromising user experience or privacy. In doing so, the model proposes new methods of interactions and categorizes agents into three main groups:
Issuers: Entities that are authorized to issue specific Identity credentials such as universities (issuing student IDs and academic diplomas), governments (national IDs, driver’s licenses, passports, birth certificates, certificates of car ownership), financial institutions (credit scores), hospitals (medical records), employers (employee cards), etc.
Users (holders): Individuals or organizations subject to such Identity credentials. That is, the credential owners who store, manage, and share their own personal data via a digital ID Wallet.
Verifiers: Service providers that need to authenticate their users to provide access to their services (i.e. banks, retail stores, insurance companies, hospitals, universities, etc.).
The backbone of SSI
DIDs and VCs are two fundamental standards of SSI technology established by the World Wide Web Consortium (W3C), an international organization that generates recommendations and standards for the internet. Both concepts, often combined with blockchain technologies, make up the powerhouse of SSI.
What are Decentralized Identifiers (DIDs)?
In real life and online, users need to identify themselves and do so through identifiers, which can be passport numbers, usernames, emails, telephone numbers, and more. In today’s world, these identifiers are issued and registered by centralized bodies such as government agencies, email providers, and telecommunication providers.
DIDs are decentralized, portable identifiers that are not tied to any centralized registry or identity provider. Instead, they are created and managed by the owner and often stored in distributed ledgers. In an SSI ecosystem, Issuers, Users, and Verifiers are all represented by one or more DIDs.
More on DIDs here:
What are Verifiable Credentials (VCs)?
Verifiable Credentials (VCs) enable users to finally have trustworthy, tamper-proof, and machine-verifiable digital identity documents.
Think of your passport in a secured, digital ID wallet that you can use to travel, or a digital academic diploma that you can use to apply for a job application without having to personally request the university’s administration to issue an “authentic version” every time a new entity requests it from you. Goodbye administrative headaches!
More on Verifiable Credentials here:
The role of Blockchain
Although SSI platforms can be built without the need of blockchain technologies, most solutions are built on top of one or more ledgers as a source of trust. Blockchain ledgers are mainly used as Decentralized Public Key Infrastructure systems (DPKI) to store and distribute registries of DIDs and associated public keys, but also to register authorized Issuers and credential schemas.
Recent announcements from European regulators have deemed DIDs of natural persons private information. As such, only DIDs from legal entities may be registered in public blockchain networks.
More on DIDs and GDPR compliance here:
https://gataca.io/blog/ebsi-did-v2-a-test-to-ssi-usability-and-its-use-of-blockchain-technology
Benefits of SSI
A user-centric Digital Identity model has extensive benefits for individuals and businesses alike. In the short term, the implementation of Decentralized Identities lays down a means to reduce administrative and compliance costs and operational costs related to security for public administrations and online service providers.
Some of the benefits of implementing SSI technology include the following:
Decreased Identity fraud (identity theft) by eliminating centralized databases & passwords and introducing tamper-proof verifiable credentials and government-grade secure ID Wallets.
Improved conversion rates/reduced onboarding abandonment rates through one-click onboarding and authentication processes that enhance customer experience. Customers can forget about lengthy Know-Your-Customer (KYC) forms that force them to fill in the required information manually.
Increased efficiency for organizations, as resources are no longer used to verify individual credential authenticity and legitimacy manually.
New revenue streams with the issuance of verifiable credentials.
Boosted privacy & security through the use of advanced cryptography.
Nonetheless, the SSI vision and philosophy go beyond instant benefits for the economy and, in the long term, aims to provide a solution to the 1 billion people who do not have any identification and the 3.4 billion without a digital self.
SSI Outlook
Europe has positioned itself as one of the most advanced regions globally for Self-Sovereign Identity.
On June 3, 2021, the European Commission took a firm step toward digital identity with the announcement of the construction of a single European digital identity. For this purpose, a proposal was presented to amend the existing eIDAS regulation to fully align with the principles of decentralized identity.
This announcement triggered several key announcements in favor of Self-Sovereign Identity by strategic Member States, such as Germany, Spain, Finland, and the Netherlands.
As we see with European local governments, other nations such as Korea, Ethiopia, Canada, and India are already pioneering this technology in various use cases.
Self-sovereign identity technologies are becoming the linchpin of economic growth.
At GATACA, we work towards making SSI a reality.