What are we talking about when we say “Self-Sovereign Identity”?
First, a bit of history. When societies were smaller, individuals could trust each other. They all knew one another. But throughout history, with the advancement of societies and population growth, today institutions are the ones endorsing and recording the identities of each individual.
However, your identity is about you.
And this does not mean just a document number, or a code. Your identity is all of you, completely. Your tastes, your social circle, your work, your reputation, etc.
So, when we talk about identity it is not enough to say “My name is…”, it must be proven. No one is going to trust you and who you are, just by naming you as such.
Identity represents a great asset. But we do not have control of this asset, as it is in the hands of organizations, governments, institutions, etc. These entities know everything about us from all this data.
But, what if we had all this information in one place?
Let’s think about it, and more importantly, what happens if we are the ones who have control over our data in that place? Can you imagine that?
We speak here of Decentralized Identity or (as we will refer to the rest of the article) Self-Sovereign Identity or SSI. Well, one of the biggest problems of looking for this kind of solution, would be security. This is why, one of the concepts that has started to become more renowned within blockchain technology is the one of Self-Sovereign Identity.
Let’s talk then about the concept of security. This new way of looking at identity will radically transform the way we handle and manage our data and certificates in an increasingly interconnected world. It is also intended to enable individuals to access financial services, stock exchanges, jobs, credit, etc.
The concept of trust is based on certificates. But, can we trust those who have ownership of that information? Do we know what they use it for? With whom do they share it?
With SSI, you can regain control and power of your identity. How? Through DIDs (Decentralized Identifiers). You can view these as your credentials (one or several), within the blockchain and associated with the address of your identity wallet.
Self-Sovereign Identity, then, is nothing more than a form of digital ID in which the user has full control of their data. And, in addition to allowing you to manage who can access them and on what terms. Individuals own their identity.
Transparency is very important in the principle of trust. That is why, the fact that everything that happens on the Blockchain is visible and decentralized, is very important for the concept of Decentralized ID because the best way to implement a system with sovereign identity would be through blockchain technology where no intermediary is needed.
SSI and the solution to lack of data security
Going back to the problem of data security, most of the digital identity systems that exist today are centralized. That means that their operation is based on large centralized databases containing large amounts of stored data, which makes it a very interesting target for hackers, since the reward for a successful attack increases exponentially with the number of identities deposited by the database in question.
But, not least, the entity in charge of “safeguarding” our data, has a much thinner security policy inside the company. Therefore, it can make internal use of that information for purposes not accepted by the owner of that identity.
For example, social networks have in their hands the identity data (more or less private) of their users.
This is the case of centralized structures in companies such as Facebook, which have been victims of several security flaws, which hackers have taken advantage of to steal databases of these users without their consent (of course).
We use the terminology of SSI, as the concept of individuals or organizations having exclusive ownership of their digital and analog identities, and controlling how their personal data is shared and used.
Features of an SSI system:
In April 2016, Christopher Allen published a blog post called “The Path to Self-Sovereign Identity”, where he details the 10 Guiding Principles of SSI:
- Existence : Users must have an independent existence.
- Control: users must control their identities.
- Access: Users must have access to their own data.
- Transparency: Systems and algorithms must be transparent.
- Persistence: identities must be durable.
- Portability: Identity information and services must be portable.
- Interoperability: identities should be as widely usable as possible.
- Consent: users must agree to the use of their identity.
- Minimization: disclosure of claims should be minimized.
- Protection: Users rights must be protected.
So, how does Sovereign Identity work? Well, as we have already explained, in a SSI system, the user who owns the identity has full sovereign control of his identity at all times.
This identity data is stored in a cryptographic format protected by asymmetric cryptography. In this way, the user can share data with third parties securely and without being exposed to unauthorized or unwanted data leaks.
In addition, each data exchange takes place on the terms established by the user. In other words, the user is the one who decides what information to share, how much and with whom. This level of control is the main difference with centralized digital identity systems.
To keep learning more about Decentralized Identity, follow the Extrimian Blog and keep learning with us.