Beyond the Buzz: self-sovereign identity
The rise of cryptocurrency has introduced the concept of digital wallets. In addition to their main purpose – to store and secure online money – wouldn’t it make sense to also store our digital identity in an online wallet, just as we do in real life? Well, that’s exactly how self-sovereign identity works. Meet SSI, the future of online identity.
SSI in a nutshell
Self-sovereign identity is a new way to approach online identity. Instead of creating a new account for every digital service you visit, SSI proposes a single decentralized digital identity on the blockchain. The main benefits of SSI are simplicity (one account for all services), continuity (information and relations are carried over) and ownership (you are in full control of which info you reveal).
The evolution of online identity
Identity has always been a difficult concept to define, especially in a digital context. In the early days of the Internet, sharing your identity online was perceived as something negative. Instead, people often made up nicknames or fictitious email addresses to hide their real identities. This changed with the launch of Facebook when, for the first time, users began to actively share their personal information online.
Over time, the boundaries between our real and online identities have gradually disappeared. Today, many digital services require you to connect with your real identity, while terms and conditions usually explicitly prohibit the creation of fake accounts. Moreover, account verification is more popular than ever. Seems like a great evolution, right? Yet there are still some significant issues to be resolved.
A tangle of fragmented identities
One of the biggest problems with online identity is that the Internet is set up in such a way that each time you visit a new online service, you need to create a new identity. This results in a hodgepodge of similar yet disconnected versions of yourself. Managing all these identities and their associated logins and passwords can be a real nightmare, especially for non-digital natives.
Ownership is also problematic: every time we create a new identity to access an online service, we put our data in the hands of third parties. In fact, instead of giving them only the specific piece of info they need, we tend to reveal way more than is actually necessary. For example, when you buy a bottle of vodka in a liquor store, all you really need to do is verify your age. But instead, you show or scan your full ID, which then also reveals your name, national registration number, gender, place of birth etc. The store, in turn, can then sell all your personal information to advertisers, essentially monetizing your identity for its own profit.
One identity to rule them all: SSI
The concept of self-sovereign identity radically changes all of the above. It means that you only need one decentralized online identity, stored in a digital wallet on the blockchain, which can move between services and platforms, carrying with it all the relationships you've built there. This means you no longer need to build new identities from scratch and can easily switch services without all the hassle.
Even more importantly, SSI enables you to take back control of your personal data. If an HR manager wants to verify whether you’ve followed a specific course, you won’t have to send your entire curriculum. In fact, you don’t even need to share any documents at all, you can simply use your SSI to confirm that you’ve indeed followed this particular course. You have complete control over what information you reveal.
That sounds great! Why isn’t SSI here yet?
Although SSI was first put forward more than 10 years ago and has since been actively supported by a small group of privacy activists, three challenges have delayed its full adoption. These challenges relate to three classic areas of digital innovation: regulation, trust and transparency.
The solution to the first challenge is quite straightforward: to promote the widespread uptake of SSI, we need a solid framework with clear rules and constraints. Europe is working on ESSIF, a framework that supports SSI as a next-gen, open and trusted digital identity solution for all member states. In Flanders, SolidLab is developing data pods, which are similar to SSI, only without the blockchain technology.
Two game-changing technologies that drive SSI forward
The challenges associated with trust and transparency can be solved by combining two existing technologies: asymmetric encryption and zero-knowledge proof.
- Asymmetric encryption
- The challenge: SSI doesn’t involve third trusted parties. When you arrive at an online service with your SSI, how can the provider be sure that it’s actually you on the other side of the screen?
- The solution: asymmetric encryption, a technique that uses two digital keys to prove that any info you share actually comes from you. When you create a digital wallet, you receive a private key to encrypt documents and a public key to decrypt them. When you share a document with someone, you send them the public key. That way, the other person can verify that the document was indeed sent by you and thus make sure that the transaction is correct.
- Zero-knowledge proof
- The challenge: SSI runs on public blockchain technology. If your entire identity is deployed on a public blockchain then you are exposed to real dangers, such as identity theft. How can you store your identity online without actually revealing it to other people?
- The solution: zero-knowledge proof, a cryptographic concept that allows you to prove that something is true without conveying any additional information beyond the fact that it is indeed true. For example, when you buy an 18+ game online, instead of revealing your age, your SSI simply answers ‘yes’ to the question ‘are you 18 or older?’ The computer system uses a series of mathematical probability calculations to determine whether your statement is correct and your transaction is valid.
More than just another way of looking at identity
Self-sovereign identity is without a doubt the future of online identity. Today, governments and companies are more open than ever to adopting SSI. In addition to our understanding of identity, SSI will have an unprecedented impact on many other domains of society. Consider, for example, the world of digital advertising: if you don’t need to give your personal data to third parties, they can no longer sell it to advertisers. In essence, SSI would herald the end of the data economy as we know it today.
In a business context, implementing SSI would greatly ease access management. Instead of having to configure a completely new set-up in all systems for each new employee, companies could choose to allow the new employees’ SSI to access their services and platforms, saving a lot of time and money. When the employee leaves the company, the latter would simply deny access to its services.
Finally, SSI could take privacy regulation to a whole new level. Today, concepts like ‘the right to be forgotten’ do exist, but they are extremely hard to enforce without imposing fines. With SSI, you could anchor privacy regulations through cryptographic truth, making it impossible for companies to abuse the data they collect. In the future, we might even see evolutions like fingerprinting to enable you to track your data when companies sell it to other parties.