Self-sovereign identity explained

Self-sovereign identity (SSI) is an approach to digital identity that gives individuals control over the information they use to prove who they are to websites, services, and applications across the web. Without SSI, individuals with persistent accounts (identities) across the internet must rely on a number of large identity providers, such as Facebook (Facebook Connect) and Google (Google Sign-In), that have control of the information associated with their identity.^{[1] [2]} If a user chooses not to use a large identity provider, then they have to create new accounts with each service provider, which fragments their web experiences. Self-sovereign identity offers a way to avoid these two undesirable alternatives. In a self-sovereign identity system, the user accesses services in a streamlined and secure manner, while maintaining control over the information associated with their identity.^{[3] [4]}

Background

The TCP/IP protocol provides identifiers for machines, but not for the people and organisations operating the machines. This makes the network-level identifiers on the internet hard to trust and rely on for information and communication for a number of reasons: 1) hackers can easily change a computer’s hardware or IP address, 2) services provide identifiers for the user, not the network. The absence of reliable identifiers is one of the primary sources of cybercrime, fraud, and threats to privacy on the internet.^[5]

With the advent of blockchain technology, a new model for decentralized identity emerged in 2015.^[6] The FIDO Alliance proposed an identity model that was no longer account-based, but identified people through direct, private, peer-to-peer connections secured by public/private key cryptography. Self-Sovereign Identity (SSI) summarises all components of the decentralized identity model: digital wallets, digital credentials, and digital connections.

Technical aspects

SSI addresses the difficulty of establishing trust in an interaction. In order to be trusted, one party in an interaction will present credentials to the other parties, and those relying on the parties can verify that the credentials came from an issuer that they trust. In this way, the verifier's trust in the issuer is transferred to the credential holder.^[7] This basic structure of SSI with three participants is sometimes called "the trust triangle".^[8]

It is generally recognized that for an identity system to be self-sovereign, users control the verifiable credentials that they hold, and their consent is required to use those credentials.^[9] This reduces the unintended sharing of users' personal data. This is contrasted with the centralized identity paradigm where identity is provided by some outside entity.^[10]

In an SSI system, holders generate and control unique identifiers called decentralized identifiers. Most SSI systems are decentralized, where the credentials are managed using crypto wallets and verified using public-key cryptography anchored on a distributed ledger.^[11] The credentials may contain data from an issuer's database, a social media account, a history of transactions on an e-commerce site, or attestation from friends or colleagues.

National digital identity systems

European Union

The European Union is exploring decentralized digital identity through a number of initiatives including the International Association for Trusted Blockchain Application (INATBA), the EU Blockchain Observatory & Forum and the European SSI Framework. In 2019, the EU created an eIDAS compatible European Self-Sovereign Identity Framework (ESSIF). The ESSIF makes use of decentralized identifiers (DIDs) and the European Blockchain Services Infrastructure (EBSI).^{[12] [13]}

Korea

The Korean government created a public/private consortium specifically for decentralized identity.^[14]

Germany

In the German and European legal area, there are two regulations that are of particular importance for the topic. These include the eIDAS Regulation, which forms the most important framework for trust in electronic identification in the EU and is a fundamental building block of the digital single market. The European Blockchain Service Infrastructure (EBSI)^[15] has provided the SSI eIDAS Bridge,^[16] as a technical implementation that enables a substantial level of trust.^[17] The eIDAS SSI legal report also describes several scenarios of how SSI can fulfill the necessary regulatory conditions.

Furthermore, the General Data Protection Regulation (GDPR) forms the legal basis for the handling of personal data. The EBSI GDPR Legal Report provides more information on this.^[18]

Concerns

Implementation and semantic confusion

SSI is a value laden technology whose technical operationalizations differ (see Technical aspects).^[19] Therefore, its implementations can vary significantly and embed into the very technology different goals, agenda, and intentions.^[20]

The term "self-sovereign identity" can create expectations that individuals have absolute control and ownership over their digital identities, akin to physical possessions. However, in practice, SSI involves complex technical infrastructure, interactions with identity issuers and verifiers, and compliance with legal frameworks. The reality may not align with the perception generated by the term, leading to semantic confusion.^[21]

Digital literacy

Critics argue that SSI may exacerbate social inequalities and exclude those with limited access to technology or digital literacy.^[22] SSI assumes reliable internet connectivity, access to compatible devices, and proficiency in navigating digital systems. Consequently, marginalized populations, including the elderly, individuals in developing regions, or those with limited technological resources, may face exclusion and reduced access to the benefits of SSI.^[23]

See also

• Decentralized identifier
• Decentralized web
• Digital self-determination

Notes and References

1. Web site: Chaffer. Tomer Jordi . Goldston . Justin . On the Existential Basis of Self-Sovereign Identity and Soulbound Tokens: An Examination of the "Self" in the Age of Web3. Journal of Strategic Innovation and Sustainability . November 2022 . July 19, 2023 .
2. 10.3389/fbloc.2021.626726 . free . Sovrin: An Identity Metasystem for Self-Sovereign Identity . 2021 . Windley . Phillip J. . Frontiers in Blockchain . 4 .
3. Web site: 12 August 2022 . Verifiable Claims Working Group Frequently Asked Questions . 12 August 2022 . World Wide Web Consortium (W3C).
4. Ferdous. Md Sadek. Chowdhury. Farida. Alassafi. Madini O.. 2019. In Search of Self-Sovereign Identity Leveraging Blockchain Technology. IEEE Access. 7. 103059–103079. 10.1109/ACCESS.2019.2931173. 2019IEEEA...7j3059F . 2169-3536. free. 10044/1/77538. free.
5. Book: Preukschat, Alexander . Self-sovereign identity : decentralized digital identity and verifiable credentials . 2021 . Drummond Reed, Christopher Allen, Fabian Vogelsteller, Doc Searls . 978-1-63835-102-3 . Shelter Island, NY . 1275443730.
6. Web site: 2020-01-02 . History (2010-2014) Personal Data: Emergence of a New Assets Class . 2022-08-12 . Decentralized Identity Web Directory . en.
7. Mühle. Alexander. Grüner. Andreas. Gayvoronskaya. Tatiana. Meinel. Christoph. 2018. A survey on essential components of a self-sovereign identity. Computer Science Review. 30. 1. 80–86. 10.1016/j.cosrev.2018.10.002. 1807.06346. 49867601 .
8. Book: Reed . Drummond . Preukschat . Alex . 2021 . Self-Sovereign Identity . Manning . Chapter 2 . 9781617296598.
9. Web site: The Path to Self-Sovereign Identity. Allen. Christopher. April 25, 2016. Life With Alacrity. February 19, 2021. Users must control their identities.… Users must agree to the use of their identity..
10. Web site: eIDAS supported self-sovereign identity . . May 2019 . 16 June 2020 . "".
11. Web site: Blockchain and digital identity . eublockchainforum.eu . 2 May 2019 . 16 June 2020 . "".
12. Web site: Understanding the European Self-Sovereign Identity Framework (ESSIF) . ssimeetup.org . 7 July 2019 . 22 June 2020 . "".
13. Web site: European Blockchain Services Infrastructure (EBSI) . . 1 March 2021 . "".
14. Web site: 협회입니다 . 한국디지털인증협회는 디지털신원증명의 진본성과 신뢰성을 확고히 하는 디지털 신원 인증 서비스를 위해 설립된 오픈 산업 . 한국디지털인증협회 . 2022-08-12 . 한국디지털인증협회 . ko.
15. Web site: 2024-02-15. en. European Commission. What is EBSI?. europa.eu.
16. Web site: 2021-01-04. Technical Specification (15) – eIDAS bridge for VC-eSealing.
17. Web site: eIDAS supported self-sovereign identity. European Commission. May 2019. 2020-07-09. en.
18. Web site: 2021-01-04. Legal Assessment Reports.
19. Sedlmeir . Johannes . Smethurst . Reilly . Rieger . Alexander . Fridgen . Gilbert . 2021-10-01 . Digital Identities and Verifiable Credentials . Business & Information Systems Engineering . en . 63 . 5 . 603–613 . 10.1007/s12599-021-00722-y . 1867-0202 . 8488925.
20. Book: Weigl . Linda . Barbereau . Tom . Rieger . Alexander . Fridgen . Gilbert . Proceedings of the 55th Hawaii International Conference on System Sciences . The Social Construction of Self-Sovereign Identity: An Extended Model of Interpretive Flexibility . 2022 . http://hdl.handle.net/10125/79649 . 10.24251/HICSS.2022.316. 10125/79649 . 978-0-9981331-5-7 . 245902333 .
21. Smethurst . Reilly . 2023 . Digital Identity Wallets and their Semantic Contradictions . Proceedings of the 31st European Conference on Information Systems . AIS Library.
22. Giannopoulou . Alexandra . 2023-05-11 . Digital Identity Infrastructures: a Critical Approach of Self-Sovereign Identity . Digital Society . en . 2 . 2 . 18 . 10.1007/s44206-023-00049-z . 2731-4669 . 10172062 . 37200582.
23. Web site: Decent Work Reduces Inequalities, Protects Vulnerable Groups in Global Crises, Speakers Stress, as Commission for Social Development Opens Session UN Press . 2023-10-11 . press.un.org.