Self-Sovereign Identity

Alternative Forms

Definitions

Definition 1

A Self-Sovereign Identity Management System is a User-Centric Identity Management System with a particular architectural model. One of the key distinguishing characteristics of this model is that the role of the identity registration authority played by the identity provider in traditional identity management systems is replaced by the general ledger of a blockchain. This setup enables the presentation to third parties of verifiable claims linked to identities while simultaneously allowing entities to autonomously manage their identities throughout their lifecycle.

It should be noted that even though the necessity of a centralized registration authority is removed with this model, the system may nevertheless reuse credentials and attestations from such authorities, including governments and organizations, as indicia of identity.

In this model, identities are loosely coupled to the service providers, which distinguishes it from Service-Centric Identity Management System.

Empowering the identity subject to the detriment of a central authority has diverse motivations. From a security perspective, a central authority may be compromised via attacks or coercion and consequently constitute a potential weakness. Limiting the capabilities or completely removing the authority from the system limits de facto its potential for exploitation. From a socio-political perspective, the management of digital identities is a significant public policy issue spanning a wide spectrum of domains including data privacy rights, socio-economical inclusion through accessibility of public and private digital services.

The following are core capabilities of SSI:

  • iden­tification of entities,

  • authentication of entities,

  • issuance of verifiable claims about identities,

  • storage of identity attributes.

A number of key desirable characteristics of Self-Sovereign Identity systems have been identified in Tobin et al., 2017 and organized in 3 categories:

  • Security

    • Protection

    • Persistance

    • Minimization

  • Controllability

    • Existence

    • Control

    • Consent

  • Portability

    • Interoperability

    • Transparency

    • Access

    • Portability

Multiple implementation approaches are possible for SSI with countless nuances, including:

Known weaknesses and limitations

At the time of writing, SSI is a field of active research and its specific weaknesses and limitations are not very well documented. A minima, it is presumed to be subject to the generic weaknesses and limitations of blockchains and proof-of-work.

Example Sentence

Bob was using his social network identity to authenticate to a multitude of other services. Eve, the CEO of the social network, decided to change the service data privacy policy to increase her profits by selling more data related to the social network users. Bob was thus placed in a difficult dilemma: accept the new privacy agreement he disagreed with to maintain his identity in the other services, or spend significant efforts to migrate all his service identities. Fortunately, Eve setup a Self-Sovereign Identity system which helped Bob regain control over his digital identity.

Example SSIs

Blockstack, Civic, Interplanetary Identifiers, SelfKey, Sovrin, uPort, Veres One, W3C decentralized identitiers (DID).

Conceptual Diagram

Related Terms

Quotes

Self-Sovereign Identity: The concept of a lifetime portable digital identity, completely controlled by the individual, that does not depend on any central authority and can never be taken away.17

Bibliography

See Also


Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.


This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.