Altme's documentation
  • 🧾Introduction
    • 📋What is Self Sovereign Identity ?
    • 🕵️Altme solution suite is made up of 3 components
      • 🗂️Altme Wallet
      • 📇Altme Saas
      • 📇Altme Web3 issuer
    • 🗂️Give an Identity to your crypto wallet
    • 🛠️Technical considerations
  • ☁️Altme Saas
    • Quick start
      • ⬇️Download Altme Wallet from Apple or Google store
      • 📁Get more credentials in your wallet
      • 🔒Connect to the Altme Saas platform to setup a SSI verifier
      • 📲Integration in your app
    • Beacon integration
      • 🖥️Overview
      • 🏅Verify the age of your users (+13, +18) in a dApp
      • 📲Receive the Verifier data with a webhook in your backend
      • 🪙On-chain and off-chain access with TezID
      • 💾Verify other data with other credentials
      • 📇Issue a Welcome card in a dApp
      • ✅Check user data of your Issuer (no code)
      • ✅Check user data of your Issuer with a webhook
      • 🕵️Under the hood : the process flow of a Beacon Verifier
    • OpenID integration
      • 🖥️Overview
      • 1️Example 1 with an “implicit flow” with no code
      • 1️Example 1 with an “authorization code flow” in Python
    • EBSII integration
  • 🗂️Alme Wallet
    • Protocols overview
      • 🔑Collecting a verifiable credential
      • 🔑Requesting a verifiable presentation
    • Credential offer protocol
      • 🧘‍♀️Motivation
      • 📖Issuer implementation
    • 🖥️Credential manifest of the credential offer protocol
    • 💰Wallet rendering
      • 📝Input descriptors
    • Presentation request query types
      • 🧘‍♀️Motivation
      • 📖Verifier implementation
      • 🔐DIDAuth
      • QueryByExample
      • QBE Examples
    • ✅Issuers and Verifiers return codes accepted by wal
    • 🔗Universal link
      • 🖥️Access from a desktop viewer
      • 📱Access from smartphone viewer
  • *️Others
    • 📂Flow between wallet, dApp and Verifier
      • 📱Hybrid dApp onboards a user with VCs
      • 📱dApp onboards a user with VCs
      • 📱dApp adds a user in whitelist
    • 📍Indices and tables
      • 📁Index
      • 🔍Search
    • 👨‍💻Show source
Powered by GitBook
On this page
  1. Introduction

What is Self Sovereign Identity ?

PreviousIntroductionNextAltme solution suite is made up of 3 components

Last updated 2 years ago

Self-Sovereign Identity, or SSI, is a new technology compatible with blockchain that gives users and organizations the ability to control their own digital credentials and identity data, rather than relying on a central authority or central database to manage their personal information. SSI does not require bockchain as a source of trust but DLT makes it easier to implement.

With SSI, users are able to store, manage and share their personal data in a decentralize manner, enabling greater privacy and security. SSI also uses Zero-Knowledge Proof, selective disclosure and data minimization to protect user privacy.

In practice SSI is made up of international standards defined by the World Wide Web Consortium (W3C) . Two documents are today W3C recommendations :

  • Verifiable credentials data model : an off-chain data container to gather personal data.

  • Decentralized Identifiers : a new generation of identifiers (DID) whose possession can be proven.

As opposed to client-server architectures which are carried by 2 actors, SSI implements 3 actors : Issuers, Verifiers and Holders.

Issuers : they hold and issue verifiable digital credentials such as certificates of identity (ID card, company or service ID card …), driver’s licenses (car/motorcycle, airplanes …), certificates (high school diploma, bachelor’s degree, master’s degree … ), confirmations (authenticity confirmation, vaccination confirmation, …) qualifications (license to practice medicine, nurse, master painter …), powers (official authority, residence authority …), qualifications (further education certificates, personal certificates …).

Verifiers : the acceptance points in this SSI ecosystem need verifiable digital evidence to use and further process the presented digital proof in a process or application. For this purpose, the application can use the cryptographic from the SSI blockchain to verify the identity of the issuers. It is essential that the transmission of the verifiable digital evidence between the owner and the verifier is encrypted but verifibale credentials themselves are not required to be encypted.

Holders (or users) : they usually have a corresponding SSI app named wallet on their mobile device or desktop, which stores SSI private keys and the digital verifiable credentials. It is also possible to use a cloud agent. Holders can request all verifiable digital proofs from the corresponding issuers and store them in their own SSI wallet.

Image from W3C Verifiable credential V2.0

The use of a blockhain to support SSI is not mandatory and it is necessary to understand the real relationship between SSI and blockchains : Verifiable credentials are totally off-chain data containers. The signature of the verifiable credential is integrated into the digital document itself, so it does not require a transaction on a blockchain. On the other hand, the latter brings significant added value as a decentralized source of trust for integrity content protection. An example is the link between the DID of an Issuer or a Verifier and their cryptographic materials (DID document) which can be stored efficiently on a DLT.

The data likely to be carried by a decentralized ledger are numerous: such as verifiable credential data model, revocation registries, public issuer keys, trusted issuer and verifier registries. See Verifiable Data Regitry.

For a natural person the added value of SSI is huge. It is a game changer compared to other “identity solutions”. An SSI wallet is different from a solution such as the Apple wallet because the user is the sole owner of his wallet and so he can add new credentials to it without asking for authorization from a third party. SSI is also different from a solution such as Google Connect or FranceConnect (Eidas v1) because the user carries his data on him and is able to authenticate with a third party without intermediation.

The verifiable credential model of SSI is also an improvment of the X509 certificate format first published in 1988 as authentication materials and identification attributes are now splited into 2 documents (DID Document and verifiable credentials) allowing simple key rotation and multiple asociations for long term use.

The Self Sovereign Identity model has been integrated into several ecosystems around the world and in particular in Europe with the deployment of the infrastructure for the European Blockchain EBSI ( ) which carries a large number of cross-border use cases in education, employment, health, etc.

🧾
📋
https://ec.europa.eu/digital-building-blocks/wikis/display/EBSI/Home
https://www.w3.org/
https://www.w3.org/TR/vc-data-model/
https://www.w3.org/TR/did-core/