If you landed on this article, there is a good chance that you’ve already heard of Self-Sovereign Identity (SSI). And it all sound very nice, but how will it really affect everyday people’s lives? Will I have to understand very complex terminology in order to benefit from this paradigm change?
In this article, I will try to describe a few use cases of how SSI will be used on everyday life on this new normality that is being built and implemented right now. Self-Sovereign Identity is no longer a distant future, it’s here and you will start using more and more.
Self-Sovereign Identity recap
Before I get into the use cases, let me do a quick recap of what SSI is and some common terminologies. SSI is “a new paradigm of online and decentralized identity management, whereby individuals and entities can manage their identity-related information by storing them on their own devices and selectively grant access to this information to authorized third parties, without the need to refer to any trusted authority or intermediary operator to provide or validate these claims” (Wang and De Filippi, 2020).
In summary, SSI puts the control of your identity back into your own hands, with you choosing with who and what parts to share, granting you more control, privacy, and flexibility.
The DID component
Additionally, you need to know that your Identity Agent will create you a DID (decentralized identifier) that will be used to identify you and issue diverse verifiable credentials. It is important to not confuse this identifier with the identity itself.
The identity is “all the attributes of a person that uniquely defines the person over the course of a lifetime, providing sameness and continuity despite varying aspects and conditions” (Wang and De Filippi, 2020). On the other hand, an identifier is “a reference to a real-world identity” (Wang and De Filippi, 2020). The identifier is basically data (it could be a DID, an ID number, or biometric data) that is used to authenticate a particular individual.
The turn of the Verifiable Credentials. What they are?
Finally, the last key concept that you need to know is Verifiable Credential (VC). A VC is a claim issued to a specific DID with an attestation regarding the holder. This credential can be a driver’s license, a passport, a bachelor’s degree, your work ID, or even a discount to a product. A VC always has an issuer, a holder, and a verifier. The issuer is in charge of doing de KYC for the DID requesting the VC, making the attestation, signing, and sending the VC. The holder receives the VC, stores it on its agent and presents it whenever it is needed to verify information. The verifier will request the VC from the holder in order to check some information needed and validating the authenticity of the VC by validating the signature of the issuer.
I know it sounds complicated, but for the users it is way easier than what it appears. Let’s now see some use cases being implemented right now around the world that will shape everyday life and create a new normality.
Self-Sovereign Identity everyday use cases
For this example, I will assume that you already registered with your local government, and they issued you a Verifiable Credential validating your personal information such as: name, nationality, date of birth, address, etc. This will be the replacement of the current government ID that you hold.
Let’s start…
You start your day and head to your new job that you are starting today at XYZ Company. During the onboarding process, they let you know that your work ID will be issued as a VC and it will grant you access to the building, free lunch in the office, and a discount at the café around the block. They ask you to scan a QR code with your identity agent to issue you this ID. So, you get your phone, open the app and scan the QR.
You will then receive on the agent app a notification letting you know that XYZ is requesting that you share information from your government ID stored in the agent. You accept this petition, and your agent then shares the information. Then, your agent asks you if you accept the Verifiable Credential that XYZ issued you. You accept and the VC is now available on your agent. You don’t need to complete any information, because the company received all the necessary information to issue your work ID from the government ID that you shared at first.
SSI accompanies you in the following
At lunchtime, you go down to the building cafeteria and choose your food. Since you have free lunch for being an XYZ employee, you have no need to go to the register. You just scan a QR at the end of the line with your agent. It will ask you to confirm if you want to share your work status from your Work ID credential, you accept, it verifies the validity, and you are ready to go.
See how you only shared your work status from the credential, and not any other information on it (such as starting day, position, name, etc). This is call selective disclosure, where you only share relevant information from a credential and not all the information on it.
Verifiable Credential Flow: Issuer, Holder, Verifier & Distribute Ledger.
So…what’s next?
Before going back to work, you decide to make use of that café discount, and head to the store around the block. You make your order, and before paying you scan once again a QR code and your agent will show you the information being required to share, which you accept. You then pay the barista the price with a 30% discount that your identity agent validated.
Next, head back to work, and again validate your work VC to get into the building. It’s your first day on the job, and you already used your agent 3 times!
And your day goes on
Once in your computer, you register for a new health insurance that your job is covering. You get into their website, and they prompt you to validate your identity using your government issued VC.
For this, the website will ask you to login using your agent, and then you will receive a notification on the agent once again with the information being asked to share which belongs to both credentials you own. You accept and see that once inside, most of the information is already completed because you shared it from your government and work VC on your agent.
Then, you complete remaining information pertaining your health and finally the health insurance issues you a VC with the coverage of your plan to your wallet.
Self-Sovereign Identity accompanying you in your routine
Since you are already on the computer, you decide to get an appointment for an eye annual checkpoint that you have been postponing. Thankfully they have an opening for this afternoon! They ask you to scan yet another QR code to connect with your agent and issue you a VC for the appointment.
Time to leave work (but don’t forget that your Self-Sovereign Identity is with you).
Once the workday is over, you head out and go get your car to go to the doctor. Since your city offers free parking for its residents, before getting into your car, you scan a QR code at the parking spot and your agent will ask you if you authorize to share with the parking company your address information from your government VC. So, you accept, it validates, and you are ready to go.
Then, you arrive at the doctor. You can check in at a self-station where you scan to authenticate with your agent, it then asks you to share information from both your appointment VC and your health insurance VC. You accept, it validates, and you are ready for the doctor to see you. Thankfully, your sight it’s still perfect.
We get the point, but what do we mean by all this?
I could continue to narrate yet many more cases that you might soon encounter on your everyday life, but I think you get the point. Benefiting from SSI for users is as easy as using any other app on your phone. For this example, on most cases I used a QR code to authenticate the wallet and share the information. However there will be many other ways to generate the connection, such as login for online situations, NFC technology, or even sending a proof via email.
I find the QR as the most graphic to be able to explain everyday situations using SSI.
On a last note, there are probably many questions that you may have from this, such as: what happens if I lose my phone with my agent? What happens if someone gets access to my agent, will they be able to use my identity? Can the issuers modify the information on my VCs?
All of these are real problems that are being treated on SSI implementations, and on other articles we will describe how these will work. Stay tune to our blog for all these answers.
If you would like to test some of these SSI scenarios for yourself, you can check our interactive demo here or request that we show you a demo here.
Sources:
Fennie Wang and Primavera De Filippi (2020) Self-Sovereign Identity in a Globalized World: Credentials-Based Identity Systems as a Driver for Economic Inclusion. Front. Blockchain 2:28