Self-sovereign identity

Last updated
Relationship between entities, identities and attributes / identifiers Identity-concept.svg
Relationship between entities, identities and attributes / identifiers
Decentralized identifiers (DIDs) can be used to enable self-sovereign identities. Decentralized-identifiers-dids-the-fundamental-building-block-of-selfsovereign-identity-ssi-37-1024 DIDs-enable-digitally-signed-verifiable-claims.jpg
Decentralized identifiers (DIDs) can be used to enable self-sovereign identities.

Self-sovereign identity (SSI) is an approach to digital identity that gives individuals control over the information they use to prove who they are to websites, services, and applications across the web. Without SSI, individuals with persistent accounts (identities) across the internet must rely on a number of large identity providers, such as Facebook (Facebook Connect) and Google (Google Sign-In), that have control of the information associated with their identity. [2] [3] [4] If a user chooses not to use a large identity provider, then they have to create new accounts with each service provider, which fragments their web experiences. Self-sovereign identity offers a way to avoid these two undesirable alternatives. In a self-sovereign identity system, the user accesses services in a streamlined and secure manner, while maintaining control over the information associated with their identity. [5] [6]

Contents

Background

The TCP/IP protocol provides identifiers for machines, but not for the people and organisations operating the machines. This makes the network-level identifiers on the internet hard to trust and rely on for information and communication for a number of reasons: 1) hackers can easily change a computer’s hardware or IP address, 2) services provide identifiers for the user, not the network. The absence of reliable identifiers is one of the primary sources of cybercrime, fraud, and threats to privacy on the internet. [7]

With the advent of blockchain technology, a new model for decentralized identity emerged in 2015. [8] The FIDO Alliance proposed an identity model that was no longer account-based, but identified people through direct, private, peer-to-peer connections secured by public/private key cryptography. Self-Sovereign Identity (SSI) summarises all components of the decentralized identity model: digital wallets, digital credentials, and digital connections. [3]

Technical aspects

SSI addresses the difficulty of establishing trust in an interaction. In order to be trusted, one party in an interaction will present credentials to the other parties, and those relying on the parties can verify that the credentials came from an issuer that they trust. In this way, the verifier's trust in the issuer is transferred to the credential holder. [9] This basic structure of SSI with three participants is sometimes called "the trust triangle". [3]

It is generally recognized that for an identity system to be self-sovereign, users control the verifiable credentials that they hold, and their consent is required to use those credentials. [10] This reduces the unintended sharing of users' personal data. This is contrasted with the centralized identity paradigm where identity is provided by some outside entity. [11]

In an SSI system, holders generate and control unique identifiers called decentralized identifiers. Most SSI systems are decentralized, where the credentials are managed using crypto wallets and verified using public-key cryptography anchored on a distributed ledger. [12] The credentials may contain data from an issuer's database, a social media account, a history of transactions on an e-commerce site, or attestation from friends or colleagues.

National digital identity systems

European Union

A SSI example of a student (20201118)(Piloting with EBSI Webinar 2 Roadmap Your Pilot)(v1.01)-23.png
A SSI example of a student
A SSI example in the European Union

The European Union is exploring decentralized digital identity through a number of initiatives including the International Association for Trusted Blockchain Application (INATBA), the EU Blockchain Observatory & Forum and the European SSI Framework. In 2019, the EU created an eIDAS compatible European Self-Sovereign Identity Framework (ESSIF). The ESSIF makes use of decentralized identifiers (DIDs) and the European Blockchain Services Infrastructure (EBSI). [13] [14]

Korea

The Korean government created a public/private consortium specifically for decentralized identity. [15]

Germany

In the German and European legal area, there are two regulations that are of particular importance for the topic. These include the eIDAS Regulation, which forms the most important framework for trust in electronic identification in the EU and is a fundamental building block of the digital single market. The European Blockchain Service Infrastructure (EBSI) [16] has provided the SSI eIDAS Bridge, [17] as a technical implementation that enables a substantial level of trust. [18] The eIDAS SSI legal report also describes several scenarios of how SSI can fulfill the necessary regulatory conditions.

Furthermore, the General Data Protection Regulation (GDPR) forms the legal basis for the handling of personal data. The EBSI GDPR Legal Report provides more information on this. [19]

Concerns

Implementation and semantic confusion

SSI is a value laden technology whose technical operationalizations differ (see Technical aspects). [20] Therefore, its implementations can vary significantly and embed into the very technology different goals, agenda, and intentions. [21]

The term "self-sovereign identity" can create expectations that individuals have absolute control and ownership over their digital identities, akin to physical possessions. However, in practice, SSI involves complex technical infrastructure, interactions with identity issuers and verifiers, and compliance with legal frameworks. The reality may not align with the perception generated by the term, leading to semantic confusion. [22]

Digital literacy

Critics argue that SSI may exacerbate social inequalities and exclude those with limited access to technology or digital literacy. [21] [23] SSI assumes reliable internet connectivity, access to compatible devices, and proficiency in navigating digital systems. Consequently, marginalized populations, including the elderly, individuals in developing regions, or those with limited technological resources, may face exclusion and reduced access to the benefits of SSI. [24]

Related Research Articles

Identity management (IdM), also known as identity and access management, is a framework of policies and technologies to ensure that the right users have the appropriate access to technology resources. IdM systems fall under the overarching umbrellas of IT security and data management. Identity and access management systems not only identify, authenticate, and control access for individuals who will be utilizing IT resources but also the hardware and applications employees need to access.

A digital identity is data stored on computer systems relating to an individual, organization, application, or device. For individuals, it involves the collection of personal data that is essential for facilitating automated access to digital services, confirming one's identity on the internet, and allowing digital systems to manage interactions between different parties. It is a component of a person's social identity in the digital realm, often referred to as their online identity.

Electronic authentication is the process of establishing confidence in user identities electronically presented to an information system. Digital authentication, or e-authentication, may be used synonymously when referring to the authentication process that confirms or certifies a person's identity and works. When used in conjunction with an electronic signature, it can provide evidence of whether data received has been tampered with after being signed by its original sender. Electronic authentication can reduce the risk of fraud and identity theft by verifying that a person is who they say they are when performing transactions online.

Privacy-enhancing technologies (PET) are technologies that embody fundamental data protection principles by minimizing personal data use, maximizing data security, and empowering individuals. PETs allow online users to protect the privacy of their personally identifiable information (PII), which is often provided to and handled by services or applications. PETs use techniques to minimize an information system's possession of personal data without losing functionality. Generally speaking, PETs can be categorized as either hard or soft privacy technologies.

Identity assurance in the context of federated identity management is the ability for a party to determine, with some level of certainty, that an electronic credential representing an entity with which it interacts to effect a transaction, can be trusted to actually belong to the entity.

<span class="mw-page-title-main">Bitcoin</span> Decentralized digital currency

Bitcoin is the first decentralized cryptocurrency. Nodes in the peer-to-peer bitcoin network verify transactions through cryptography and record them in a public distributed ledger, called a blockchain, without central oversight. Consensus between nodes is achieved using a computationally intensive process based on proof of work, called mining, that requires increasing quantities of electricity and guarantees the security of the bitcoin blockchain.

A decentralized autonomous organization (DAO), sometimes called a decentralized autonomous corporation (DAC), is an organization managed in whole or in part by decentralized computer program, with voting and finances handled through a blockchain. In general terms, DAOs are member-owned communities without centralized leadership. The precise legal status of this type of business organization is unclear.

A blockchain is a distributed ledger with growing lists of records (blocks) that are securely linked together via cryptographic hashes. Each block contains a cryptographic hash of the previous block, a timestamp, and transaction data. Since each block contains information about the previous block, they effectively form a chain, with each additional block linking to the ones before it. Consequently, blockchain transactions are irreversible in that, once they are recorded, the data in any given block cannot be altered retroactively without altering all subsequent blocks.

Hyperledger is an umbrella project of open source blockchains and related tools that the Linux Foundation started in December 2015. IBM, Intel, and SAP Ariba have contributed to support the collaborative development of blockchain-based distributed ledgers. It was renamed the Hyperledger Foundation in October 2021.

eIDAS EU electronic identification regulation

eIDAS is an EU regulation with the stated purpose of governing "electronic identification and trust services for electronic transactions". It passed in 2014 and its provisions came into effect between 2016 and 2018.

A cryptocurrency wallet is a device, physical medium, program or an online service which stores the public and/or private keys for cryptocurrency transactions. In addition to this basic function of storing the keys, a cryptocurrency wallet more often offers the functionality of encrypting and/or signing information. Signing can for example result in executing a smart contract, a cryptocurrency transaction, identification, or legally signing a 'document'.

Distributed ledger technology law is not yet defined and recognized but an emerging field of law due to the recent dissemination of distributed ledger technology application in business and governance environment. Smart contracts, which are also enforceable legal contracts and were created through interaction of lawyers and developers, are called smart legal contracts.

A blockchain is a shared database that records transactions between two parties in an immutable ledger. Blockchain documents and confirms pseudonymous ownership of all transactions in a verifiable and sustainable way. After a transaction is validated and cryptographically verified by other participants or nodes in the network, it is made into a "block" on the blockchain. A block contains information about the time the transaction occurred, previous transactions, and details about the transaction. Once recorded as a block, transactions are ordered chronologically and cannot be altered. This technology rose to popularity after the creation of Bitcoin, the first application of blockchain technology, which has since catalyzed other cryptocurrencies and applications.

<span class="mw-page-title-main">Verifiable credentials</span>

Verifiable credentials (VCs) are digital credentials which follow the relevant World Wide Web Consortium open standards. They can represent information found in physical credentials, such as a passport or license, as well as new things that have no physical equivalent, such as ownership of a bank account. They have numerous advantages over physical credentials, most notably that they're digitally signed, which makes them tamper-resistant and instantaneously verifiable.

<span class="mw-page-title-main">Decentralized identifier</span> Verifiable digital identity technology

Decentralized identifiers (DIDs) are a type of globally unique identifier that enables an entity to be identified in a manner that is verifiable, persistent, and does not require the use of a centralized registry. DIDs enable a new model of decentralized digital identity that is often referred to as self-sovereign identity or decentralized identity. They are an important component of decentralized web applications.

Proof of personhood (PoP) is a means of resisting malicious attacks on peer to peer networks, particularly, attacks that utilize multiple fake identities, otherwise known as a Sybil attack. Decentralized online platforms are particularly vulnerable to such attacks by their very nature, as notionally democratic and responsive to large voting blocks. In PoP, each unique human participant obtains one equal unit of voting power, and any associated rewards.

Chainlink is a decentralized blockchain oracle network built on Ethereum. The network is intended to be used to facilitate the transfer of tamper-proof data from off-chain sources to on-chain smart contracts. Its creators claim it can be used to verify whether the parameters of a smart contract are met in a manner independent from any of the contract's stakeholders by connecting the contract directly to real-world data, events, payments, and other inputs.

Web3 is a marketing term for uses of the World Wide Web which incorporate concepts such as decentralization, blockchain technologies, and token-based economics, all of which existed on the web prior to the term being created. Some technologists and journalists have contrasted it with Web 2.0, wherein they say data and content are centralized in a small group of companies sometimes referred to as "Big Tech". The term "Web3" was coined in 2014 by Ethereum co-founder Gavin Wood, and the idea gained interest in 2021 from cryptocurrency enthusiasts, large technology companies, and venture capital firms. The concepts of Web3 were first represented in 2013.

Colored Coins is an open-source protocol built on the Bitcoin 2.0 that allows users to represent and manipulate immutable digital resources on top of Bitcoin transactions. They are a class of methods for representing and maintaining real-world assets on the Bitcoin blockchain, which may be used to establish asset ownership. Colored coins are bitcoins with a mark on them that specifies what they may be used for. Colored coins are also considered the initial step toward NFTs built on top of the Bitcoin network.

China Real-Name Decentralized Identifier System is China's national-level decentralized identifier system. China RealDID was officially launched on December 12, 2023, by the Ministry of Public Security of China's First Research Institute and the Blockchain-based Service Network (BSN) China.

References

  1. "Decentralized Identifiers (DIDs)". World Wide Web Consortium . Retrieved 15 July 2020.
  2. Chaffer, Tomer Jordi; Goldston, Justin (November 2022). "On the Existential Basis of Self-Sovereign Identity and Soulbound Tokens: An Examination of the "Self" in the Age of Web3". Journal of Strategic Innovation and Sustainability. Retrieved July 19, 2023.
  3. 1 2 3 Reed, Drummond; Preukschat, Alex (2021). Self-Sovereign Identity. Manning. p. Chapter 2. ISBN   9781617296598.
  4. Windley, Phillip J. (2021). "Sovrin: An Identity Metasystem for Self-Sovereign Identity". Frontiers in Blockchain. 4. doi: 10.3389/fbloc.2021.626726 .
  5. "Verifiable Claims Working Group Frequently Asked Questions". World Wide Web Consortium (W3C). 12 August 2022. Retrieved 12 August 2022.
  6. Ferdous, Md Sadek; Chowdhury, Farida; Alassafi, Madini O. (2019). "In Search of Self-Sovereign Identity Leveraging Blockchain Technology". IEEE Access. 7: 103059–103079. Bibcode:2019IEEEA...7j3059F. doi: 10.1109/ACCESS.2019.2931173 . hdl: 10044/1/77538 . ISSN   2169-3536.
  7. Preukschat, Alexander (2021). Self-sovereign identity : decentralized digital identity and verifiable credentials. Drummond Reed, Christopher Allen, Fabian Vogelsteller, Doc Searls. Shelter Island, NY. ISBN   978-1-63835-102-3. OCLC   1275443730.{{cite book}}: CS1 maint: location missing publisher (link)
  8. "History (2010-2014) Personal Data: Emergence of a New Assets Class". Decentralized Identity Web Directory. 2020-01-02. Retrieved 2022-08-12.
  9. Mühle, Alexander; Grüner, Andreas; Gayvoronskaya, Tatiana; Meinel, Christoph (2018). "A survey on essential components of a self-sovereign identity". Computer Science Review. 30 (1): 80–86. arXiv: 1807.06346 . doi:10.1016/j.cosrev.2018.10.002. S2CID   49867601.
  10. Allen, Christopher (April 25, 2016). "The Path to Self-Sovereign Identity". Life With Alacrity. Retrieved February 19, 2021. Users must control their identities.… Users must agree to the use of their identity.
  11. "eIDAS supported self-sovereign identity" (PDF). European Commission . May 2019. Retrieved 16 June 2020.
  12. "Blockchain and digital identity" (PDF). eublockchainforum.eu. 2 May 2019. Retrieved 16 June 2020.
  13. "Understanding the European Self-Sovereign Identity Framework (ESSIF)". ssimeetup.org. 7 July 2019. Retrieved 22 June 2020.
  14. "European Blockchain Services Infrastructure (EBSI)". European Commission . Retrieved 1 March 2021.
  15. 협회입니다, 한국디지털인증협회는 디지털신원증명의 진본성과 신뢰성을 확고히 하는 디지털 신원 인증 서비스를 위해 설립된 오픈 산업. "한국디지털인증협회". 한국디지털인증협회 (in Korean). Retrieved 2022-08-12.
  16. "What is EBSI?". europa.eu. European Commission. Retrieved 2024-02-15.
  17. "Technical Specification (15) – eIDAS bridge for VC-eSealing" . Retrieved 2021-01-04.
  18. "eIDAS supported self-sovereign identity" (PDF). European Commission . May 2019. Retrieved 2020-07-09.
  19. "Legal Assessment Reports" . Retrieved 2021-01-04.
  20. Sedlmeir, Johannes; Smethurst, Reilly; Rieger, Alexander; Fridgen, Gilbert (2021-10-01). "Digital Identities and Verifiable Credentials". Business & Information Systems Engineering. 63 (5): 603–613. doi:10.1007/s12599-021-00722-y. ISSN   1867-0202. PMC   8488925 .
  21. 1 2 Weigl, Linda; Barbereau, Tom; Rieger, Alexander; Fridgen, Gilbert (2022). "The Social Construction of Self-Sovereign Identity: An Extended Model of Interpretive Flexibility". Proceedings of the 55th Hawaii International Conference on System Sciences (PDF). doi:10.24251/HICSS.2022.316. hdl:10125/79649. ISBN   978-0-9981331-5-7. S2CID   245902333.
  22. Smethurst, Reilly (2023). "Digital Identity Wallets and their Semantic Contradictions". Proceedings of the 31st European Conference on Information Systems via AIS Library.
  23. Giannopoulou, Alexandra (2023-05-11). "Digital Identity Infrastructures: a Critical Approach of Self-Sovereign Identity". Digital Society. 2 (2): 18. doi:10.1007/s44206-023-00049-z. ISSN   2731-4669. PMC   10172062 . PMID   37200582.
  24. "Decent Work Reduces Inequalities, Protects Vulnerable Groups in Global Crises, Speakers Stress, as Commission for Social Development Opens Session | UN Press". press.un.org. Retrieved 2023-10-11.

See also

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.