WHY SSI?
Today, the current digital identity management platforms cannot eliminate the following challenges, and Self Sovereign Identity Management is the solution to overcome them :
- Users do not have the control of how their personal data is used and stored.
- Digital Credentials are centralized and trapped in silos. Identity theft or misuse is a serious risk. Fraud, breaches & loss of trust cost trillions each year.
- Physical credentials in forms such as paper and plastic cards are useless in online scenarios. There is bureaucracy and lack of automation in credential issuance/verification processes
- What verifiers usually need is proof that you are who you’re claiming to be. But given the current system, verifiers get also access to additional info they don’t need.
SELF SOVEREIGN IDENTITY (SSI)
Today, the current digital identity management platforms cannot eliminate the following challenges, and Self Sovereign Identity Management is the solution to overcome them. SSI is a framework that enables an entity to control where and how one’s data is stored and with whom it is shared. The main principles of SSI are as follows:
You disclose only the information you choose to share with others. Decentralized identity management — Since every entity is responsible for its identity, there is no more centralized storage and management of digital identities.
The user has complete control over his/her information and can determine where and how it must be shared.
There is complete transparency for the user on how his/her data is being used and by whom.
SSI supports interoperability across different systems
This is a process by which one entity can prove if a statement is true by revealing as little information as required.
SSI supports the use of data formats that are portable across devices.
Since it uses cryptography and blockchain, the information tends to be secure.
Terminology
Verifiable Credentials (VCs) are commonly used way to implement SSI and open standards to represent digital identities. These credentials are expressed using JSON and are digitally signed, thereby making them tamper-evident and machine verifiable. There are three important parties in VC-based transactions:
An issuer is an entity that is authorized to issue a credential. These issuers are typically government organizations, healthcare centers, banks and financial institutions, schools and universities, and possibly even organizations that provide proof of employment. These entities use a combination of methods such as digital signatures and custom schemas to prove that they are competent to issue a credential.
A holder is someone who is the owner of the credential and has complete control over how it can be managed, with whom these credentials can be shared, or revoked. Holders are typically individuals or organizations. Since the holder is the owner of the credential, the onus is on this entity to create a verifiable presentation, which is the compilation of data sent by one or more issuers in a machine-verifiable format that adheres to the existing standards.
A verifier is an entity that verifies a credential and ensures that it comes from a competent issuer, is tamper-evid, and is still relevant (not expired or revoked). A verifier takes the verifiable presentation from the holder to determine its authenticity. You can check the section Use-cases in order to see how these parties interact with each other in VC-based transactions.