Identity is a key component of human life, as it has a bearing on most aspects of it. People’s identity credentials have, for decades, been controlled by third parties. Self-sovereign identity (SSI) restores an individual’s right to own and manage their own identity.
Identity is everything
It permeates everything we do, every activity (both on and offline), and has a huge bearing on our relationships. We go through life sharing parts of our identity, with people, institutions, service providers, even with our pets. Whatever animal we choose to love knows us for who we are, and how we treat them.
In the offline world, we can control who we are, to a certain degree. And though emotions sometimes get in the way, humans own who they are as a parent, husband, partner, business associate, or pet owner. We behave the way we want to behave, as much as our personality traits allow us to anyway. In this world, we can trust those whom we know well, or those with whom we have formed solid bonds. To a certain extent, of course. The human mind is fickle and ever-changing. But the point is, we can control and own our identity, while offline.
But in the online world, the picture is quite different. In the online universe, identity is a far more ethereal thing. Thinner, if you will. It is fair to say that the virtual world can resemble a wild and global carnivale where everyone can hide behind a mask of anonymity. In this landscape, trust is far harder to establish.
Centralised third-party authorities supposedly exist to prop up society’s pillars. The passport office; social security; tax agencies; driver’s license bureau; your broadband provider; civil registers: electricity suppliers; waste collectors. And so on. Each and every one of these administrative authorities holds a record of people’s identities, and each of them gets to control and manage those identities in every way they see fit. The person who actually owns that identity has no say whatsoever.
Centralization does have inherent risks. When too much information is concentrated in a single point, that point becomes a target for hacking. The Equifax incident is perfect proof of this. Also, there are privacy concerns, and what do corporations and other agencies actually do with people’s data. The Cambridge Analytica event revealed the extent to which some organisations will go to monetize and exploit personal information.
The overriding issue in all this is that we, the individuals, have been artificially excluded from owning our identities for decades. We are forced to implicitly trust these organisations that they will always do the right thing, and if they don’t, well, remember those ‘I agree’ buttons at the end of pages and pages of text that we skipped over? Within those pages one can usually find clauses exonerating the company of any wrongdoing, if they get caught doing the wrong thing.
The move towards a more connected society, and the rise of blockchain technology, in particular, are bringing about a paradigm shift in the identity field thanks to Self-Sovereign Identity (SSI).
The core notion of self-sovereign identity
Identity is central to human life. Without it, we’re literally nobody. Yet, in the world of today, there are about 1 billion people who cannot prove who they are, because they have no access to verifiable or trusted sources of credentials. Their birth certificates might be lost, or never existed in the first place. In sub-Saharan Africa, around 20 million children do not have a birth certificate. Because of this shortcoming, these children might never be able to access proper education and other vital services.
With the advent of the internet, the identity problem multiplied tenfold. As websites began to pop up in their millions, identity became diluted among a thousand different ways to identify ourselves and a major issue became apparent. There was no identification standard. Each site issued its own requirements, and hence the rapid proliferation of individualised username/password combinations for every site. Strangely, this stopgap solution became a standard in itself.
But lack of standardisation could not hold for long. This siloed approach would not be sustainable in the long run, because of the sheer scale of the problem. How many username/password combinations can the human mind retain, at the end of the day? And while internet browsers and apps do offer a certain degree of automation, and many websites have adopted a federated Single-Sign on (SSO) doctrine built around two or three major providers, this approach to user authentication is fraught with problems, including vulnerability to hackers, spoofing, and plain and simple trust and privacy concerns.
The natural evolutionary step towards correcting this global (and very significant) flaw of the current system is harmonisation. In other words, the creation of a standard, a common identity layer that enables everyone (individuals, organisations, etc.) to have a unique set of identifiers that can be utilised and reutilised across different providers that are part of a network of trust.
This is Self-sovereign Identity’s central tenet. The ability for individuals and organisations to own and control their identities, without intervention or interference from any third parties. In this context, ‘self-sovereignty’ refers to the ability of the individual or the organisation in control of the identity to share it and present it to other agencies with no intermediaries.
SSI as the fabric that binds the internet’s identity layer
Somebody once said that the internet was just a bunch of pages held together by blue links, and at a certain point in time, this might have been partially true. (According to apocryphal tales, hyperlinks are blue because almost everyone can distinguish the colour blue from other colours, whereas colour-blind people cannot, or have great difficulty with, identifying red and green, which were allegedly the other two colour options for hyperlinks when the internet began to grow. Facebook chose blue as its main palette because Mark Zuckerberg is red-green colorblind.) The internet has now grown far beyond its humble beginnings. It now permeates pretty much everything, from our TVs to our smartphones, to certain home appliances, and even the cars we drive. Everything is connected, and everything needs to know who we are, and trust us.
This perma-connection, and the need for trust do require a solid, constant -and more importantly, standard- means of authentication, something that binds everything together with a mantle of authenticity, and this can only be achieved through digital means. More precisely, through Self-sovereign Identity.
Digital identity management solutions are quickly emerging and built around the Self-sovereign Identity concept. my.D, for instance, follows the SSI principles and identity regulations such as General Data Protection Regulation (GDPR) to build part of the internet’s binding fabric, a layer of digital identification that’s part of the new identity and authentication paradigm in the ever-growing internet space.
- Identity is a key component of human life, as it has a bearing on most aspects of it
- People’s identity credentials have, for decades, been controlled by third parties. This means that individuals have had no control over their own identity/credentials
- Events like the Cambridge Analytica leak and the Equifax hack starkly revealed the inherent vulnerability of centralised identity repositories, and the cost of a data breach
- SSI restores an individual’s right to own and manage their own identity
- My.D is built around SSI principles and identity regulations such as GDPR, offering a secure data vault to empower the individual to own their identity