Control of identity in the hands of individuals is a positive long leap from the traditional Issuing Authority routine.
The moment a child opens his eyes to the world, their brain starts recording all the visual data they come across in the form of a data model and start assigning them identity. This is Mother, Father, or a friend or competition 🙂
As they grow they understand more about their identity, as a Student provided their school, as a driver provided by the DMV, as a scholar provided by their University, as an Employee provided by their Organization, as a Parent recorded by the local administration. The list keeps growing with the digital IDs we create with Email providers, and all other online subscriptions we add, and social networking providers like Facebook, Snapchat, etc.
With each item in the list they have a separate identity, issuing authority and need to produce such identity as self-attested or attested by another authority. The need for so many identities, having them at you when needed, and presenting copies of them, sharing them can be exhaustive. And with so many copies out there, it becomes an open invitation to the Identity Frauds despite numerous rules & protocols associated with them. Hence the need for Self Sovereign Identity.
Self Sovereign Identity aims at providing individuals control over whom they share this identity with and to what extent in terms of knowledge. And the knowledge may come with an expiry date for the business with whom this information is shared.
A step towards SSI is Decentralized Identity & Verifiable Credentials (VC).
Decentralized Identity uses decentralized identifiers (DIDs) created by the owners of the identity. This allows for creating entity or relationship-specific DIDs thereby avoiding unwanted correlation. DIDs can also have associated attributes. But these attributes are like self-declaration without any proof.
Thus, Verifiable Credentials is how an issuing authority can provide the missing trust to DID attributes.
There are numerous examples now available with Blockchain, which can realize the concept of Decentralized Identity with Verifiable Credentials.
- Users to create & manage their own identity (DIDs) which is cryptographically secured. They can create multiple DIDs such as one did for each relationship/connection.
- Users can share part of their identity as and when needed thus satisfying the principle of Minimal sharing.
- Entities can issue Verifiable credentials to Users using their DIDs.
- Other Entities can request Proof of identities, where VCs can be used to provide the necessary proof. The received proof can then be verified with the issuing entities.
- Currently we use our Email accounts/Facebook/LinkedIn accounts to establish relationships with multiple organizations providing service thereby allowing them to obtain correlation data. With DIDs, users can create DID for each relationship, unwanted correlation, identity breaches can be avoided.
- Currently if I have to share my photo id proof, I provide them with identities that also contain my DOB and Address, which was not required. With VCs, we can achieve minimalization.
- The use of VCs will allow organizations to concentrate more on their business and avoid huge costs & time associated with Identity checks and confirmations.
- VCs can be monetized by organizations issuing the credentials.
Blockchain has made it possible to implement VCs & DIDs. It has opened a completely new dimension to identities and a lot of work is being done by enterprises across the world towards implementation and wider acceptance for DIDs backed by VCs.