We continue to talk about potential uses of smart contracts in different areas. Today our topic is a bit different. Digital self-sovereign identity is not an area, it is the concept that will make our lives way lot easier. Moreover, self-sovereign identity will provide more room for smart contracts usage between individuals, because this way, processes will be automated.
The idea of self-sovereign identity is not new. In fact, it has its roots originating from the 1970’s when pioneers like Whit Diffie, Martin Hellman, and Ralph C. Merkle, creators of Public Key Cryptography aimed to help people protect their privacy in the new digital age of computers. Blockchain technology is the crucial breakthrough that is now propelling digital identity forward into the era of self-sovereign identity — a watershed powerful enough to reshape the future of the decentralized P2P economy.
Governments and companies are struggling to protect citizen and customer information from escalating cyber-attacks. This includes a major event that compromised over a billion identities. On the other hand, there is an increasing awareness from Internet users around the world that there is no free lunch. When you are not paying for a service online, you are the product i.e. you are paying for it with your data. Data is literally becoming the fuel of the digital age, and the owners of that data literally have the keys to the future.
But before talking more specifically about self-sovereign identity, we should focus on one of the curious constructions of the Internet is the term identity provider. You don’t need anyone to provide you with an identity, of course. You have an innate one by virtue of being human. Rather, so-called identity providers, or IDPs, provide you with an identifier, a means of recording attributes important to that provider, and some method of proving it’s you — usually a password.
This is not surprising since online identity has traditionally been viewed through the lens of an organization and its needs, not the individual and his or her needs. Identity systems are created to administer identifiers and attributes within a specific domain. The result: people end up with hundreds of online personas at hundreds of organizations. Each of these administrative identity systems is proprietary and owned by the organization that provides it; you really don’t have an online identity that’s independent of these many systems. Got a new address, or an updated credit card number? You’ll have to deal with each of these systems one at a time in whatever manner they require.
Now we can get back to the concept of self-sovereign identity. Self-sovereign identity means that we all are the makers of our own identity, online and off. Because they do not rely on any centralized authority, self-sovereign identity systems are decentralized, mirroring the way identity works in real life.
Offline, our interactions flexibly support the use of attributes and credentials from numerous third parties, all presented by the very person they’re about, typically by taking those credentials out of a wallet or purse and presenting them to someone else to verify. For example, take a driver’s license. States issue it as a credential that you’re authorized to drive. But, it’s useful for a lot more. When you show up at a bar and the bartender wants proof you’re over 21, you show them your driver’s license.
Self-sovereign identity works great in real life, where we carry paper or plastic credentials with us; it’s been much harder to duplicate online. Online identity has suffered from five very real problems:
Self-sovereign identity systems solve these problems using decentralization and cryptography. Decentralized identity has been difficult because one of the core requirements of functional identity is discovery: if you give me an identifier, I need to look it up. In the past, this has always led to centralized directories, which led to centralized identity systems.
Distributed ledgers don’t solve the identity problem by themselves, but they do provide a missing link that allows things we’ve known about cryptography for decades to suddenly be used. That allows people to prove things about themselves using decentralized, verifiable credentials just as they do offline.
To be self-sovereign, an identity system must have certain key features:
The concept is still new and undergoing rapid changes. Standards for decentralized identifiers and verifiable claims are being developed. Ultimately, these systems should promote human dignity and protect the basic human desire for self-determination. Several self-sovereign identity systems exist now in various stages of development. We would to briefly inform you about the projects working on this concept:
Implemented correctly, self-sovereign identity systems provide scalable, flexible, private interactions with consent despite the issues that distance introduces. More importantly, they support natural human activities without threatening the privacy or liberty of people who use them.
What do you think? How long will it take us to adopt this concept, at least partially? Leave your thoughts and comments in our Telegram group and in the comments section below!