Self-Sovereign Identity: a necessity in the Digital World
By Susmith Karan
It is shocking to know that there were 1,767 publicly reported breaches in the first half of 2021, which exposed a total of 18.8 billion records. These breaches exposed the name, dob, social security number, bank accounts, credit history, medical data, licence numbers and other credentials of the individuals. It is required to minimize sharing our data with service providers and reduce the exposure to a security risk.
The problem lies in sharing our details with the service provider as proof of identity, and they store the data to verify with the Issuer and for future reference. In some cases, when you provide consent to an online service provider to remove your data, there is no proof that they are complying with our request.
The Self-Sovereign Identity (SSI) or Decentralised Identity (DID) emerged to solve this data privacy and verification problem by leveraging technology like blockchain. It enables the users to exercise control of their digital identity by storing their verifiable digital identity in a secured digital identity wallet without depending on a third party.
For example, a user is given a unique wallet address like 3nioefs9kmfs3nd4cdwo03f20fseo called user DID to store their data. The users request certified issuers (such as the Government, Universities, Employers) to validate their digital identity information so that they can store it in their digital wallet. The issuing authority will confirm the identity through a blockchain-based ledger using their DIDs (Issuer DID). When a Service Provider like a car rental or airline wants to verify the credentials, the user can share the whole or part of the verified credentials through their secured wallet. The Service Provider verifies the presented claim against the user DID and Issuer DID on the decentralized ledger and provides the required service.
It also enables the user to modify the identity details. For example, one can reveal their age as 18+ years rather than disclosing the complete date of birth if the requirement is to check only age limit.
It is called self-sovereign identity because each person is now in control of their own identity, just like a sovereign nation. People can control their own information and relationships. The third party need not reach out to the Issuer to verify the digital identity because the cryptography proof of the credentials was registered and maintained by the Issuer in a standardized and trustable way.
Benefits of the SSI:
· Personal Data Management and Limited bureaucracy.
· Prioritizes user’s data security and privacy
· Better efficiency in the identification processes.
· Reduced management costs for the companies and Issuing Authorities.
· Increases digital penetration and digital transactions.
· User can even control the advertising model by allowing for viewing only interesting products or services.
Limitations of SSI:
· User is responsible for their own security.
· Multiple identity platforms require the user to maintain multiple apps.
· Keeping track of personal data and permissions can become complex
· Challenges for the companies to find and buy data.
Financial Inclusion: In Sierra Leone, Kiva, a US-based nonprofit organization, is implementing a blockchain-based identity protocol that allows citizens to perform electronic Know Your Customer (eKYC) verifications in about 11 seconds, using just their national ID number and a fingerprint.
Zero Hunger: UN-based World Food Programme has been rolling out a blockchain-based Cash-Based Interventions project called “Building Blocks”. It enables to make cash transfers more efficient, secure and transparent. They have been using it to deliver food assistance more effectively to 106,000 Syrian refugees in Jordan.
Employee’s Data: UN has provided UN Digital ID to all its employees by harnessing blockchain, biometrics and mobility, making UN identity verification efficient, secure, portable and universal. Using this wallet, UN personnel can access their personal, human resources, medical, travel, security, payroll and pension data kept over time from onboarding into UN to retirement/parting.
Potential SSI Platforms:
Self-Sovereign Identity is becoming a basis for many DeFi applications. There is a lot of innovations that are ongoing on Self-Sovereign Identity platforms. Some include Civic, Veres One, BlockPass etc.
Civic is an Ethereum-based decentralized identity management platform that enables real-time verification using permissioned blockchain. Users can use the mobile application to manage their identity data. It also provides a SaaS compliance tool for DeFi, public blockchain and other businesses to meet the KYC and AML requirements.
Veres One is a global interoperable network for identity management. It uses a public and fit-for-purpose blockchain explicitly built for Decentralized Identifiers. It provides interoperable identity management infrastructure that enables citizens to connect with different government services using the same digital credentials.
Blockpass is a digital identity verification provider which provides a one-click compliance gateway to financial services and other regulated industries. Blockpass provides a comprehensive KYC & AML SaaS for businesses and merchants that requires no integration and no setup cost.
Moving towards “The Right to be forgotten.”
The EU’s General Data Protection Regulation and many countries, including the US, India, Argentina, etc., advocate ensuring its citizens’ right to be forgotten. This right is an individual’s claim to make the companies forget or delete their data so that third persons can no longer trace them. Self-Sovereign Identity will be creating a trust-based system that will push the current system towards realizing this right. Very soon, the SSI trust model will become a pre-requisite and basis for all digital identifications.