πWhat is Self Sovereign Identity ?
Last updated
Last updated
Self-Sovereign Identity, or SSI, is a new technology compatible with blockchain that gives users and organizations the ability to control their own digital credentials and identity data, rather than relying on a central authority or central database to manage their personal information. SSI does not require bockchain as a source of trust but DLT makes it easier to implement.
With SSI, users are able to store, manage and share their personal data in a decentralize manner, enabling greater privacy and security. SSI also uses Zero-Knowledge Proof, selective disclosure and data minimization to protect user privacy.
In practice SSI is made up of international standards defined by the World Wide Web Consortium (W3C) https://www.w3.org/. Two documents are today W3C recommendations :
Verifiable credentials data model https://www.w3.org/TR/vc-data-model/ : an off-chain data container to gather personal data.
Decentralized Identifiers https://www.w3.org/TR/did-core/ : a new generation of identifiers (DID) whose possession can be proven.
As opposed to client-server architectures which are carried by 2 actors, SSI implements 3 actors : Issuers, Verifiers and Holders.
Issuers : they hold and issue verifiable digital credentials such as certificates of identity (ID card, company or service ID card β¦), driverβs licenses (car/motorcycle, airplanes β¦), certificates (high school diploma, bachelorβs degree, masterβs degree β¦ ), confirmations (authenticity confirmation, vaccination confirmation, β¦) qualifications (license to practice medicine, nurse, master painter β¦), powers (official authority, residence authority β¦), qualifications (further education certificates, personal certificates β¦).
Verifiers : the acceptance points in this SSI ecosystem need verifiable digital evidence to use and further process the presented digital proof in a process or application. For this purpose, the application can use the cryptographic from the SSI blockchain to verify the identity of the issuers. It is essential that the transmission of the verifiable digital evidence between the owner and the verifier is encrypted but verifibale credentials themselves are not required to be encypted.
Holders (or users) : they usually have a corresponding SSI app named wallet on their mobile device or desktop, which stores SSI private keys and the digital verifiable credentials. It is also possible to use a cloud agent. Holders can request all verifiable digital proofs from the corresponding issuers and store them in their own SSI wallet.
Image from W3C Verifiable credential V2.0
The use of a blockhain to support SSI is not mandatory and it is necessary to understand the real relationship between SSI and blockchains : Verifiable credentials are totally off-chain data containers. The signature of the verifiable credential is integrated into the digital document itself, so it does not require a transaction on a blockchain. On the other hand, the latter brings significant added value as a decentralized source of trust for integrity content protection. An example is the link between the DID of an Issuer or a Verifier and their cryptographic materials (DID document) which can be stored efficiently on a DLT.
The data likely to be carried by a decentralized ledger are numerous: such as verifiable credential data model, revocation registries, public issuer keys, trusted issuer and verifier registries. See Verifiable Data Regitry.
For a natural person the added value of SSI is huge. It is a game changer compared to other βidentity solutionsβ. An SSI wallet is different from a solution such as the Apple wallet because the user is the sole owner of his wallet and so he can add new credentials to it without asking for authorization from a third party. SSI is also different from a solution such as Google Connect or FranceConnect (Eidas v1) because the user carries his data on him and is able to authenticate with a third party without intermediation.
The verifiable credential model of SSI is also an improvment of the X509 certificate format first published in 1988 as authentication materials and identification attributes are now splited into 2 documents (DID Document and verifiable credentials) allowing simple key rotation and multiple asociations for long term use.
The Self Sovereign Identity model has been integrated into several ecosystems around the world and in particular in Europe with the deployment of the infrastructure for the European Blockchain EBSI (https://ec.europa.eu/digital-building-blocks/wikis/display/EBSI/Home ) which carries a large number of cross-border use cases in education, employment, health, etc.
