10 things you need to know about Self Sovereign Identity, part 1

Authors Kaliya “Identity Woman” Young and Heather Vescent recently released, A Comprehensive Guide to Self Sovereign Identity, a 130+ page report covering the building blocks, standards, projects and companies. We asked them to share ten things you should know about SSI. Their first five come in today’s instalment.

1. Introducing layer 8: a new layer of the internet

The current Open Systems Interconnection model (OSI) of the internet stack has 7 layers, 1) Physical, 2) Data Link, 3) Network, 4) Transport, 5) Session, 6) Presentation and then 7) Application. SSI technologies are so fundamentally new that they create a whole new layer just for individuals and users -- this is called Layer 8. In this layer, identifiers are managed and owned by individuals and companies. Verifiable credentials can be issued to the identifiers, which can then be shared with any number of services they might interact with.

2. Open Standards make it true Self-Sovereign Identity

There are more than 10 emerging standards that enable true SSI. The most important standard, at the center of all others, is the Decentralized Identifiers (DID) Standard. It’s critical that companies use DIDs as described in the standard to ensure interoperability. Any organization not using DIDs cannot leverage the power of the interoperable standards. Protocols are both freeing and constraining. The DID standard and the accompanying format for DID Documents clearly state how to format a DID Doc and support universal resolution. At the same time the DID standard allows newly documented methods to be added. This supports innovation in how to Create, Read, Update, Delete (CRUD) operations on target systems.

3. Blockchains are used, but in not the way you know

Blockchains used for cryptocurrency exchanges solve the double spend problem. Their simple system of identifiers is a ledger of public keys. Decentralized Identifiers (DIDs) and the accompanying DID Documents enable individuals to share abstract identifiers (DIDs) with an associated public key and a resolution end-point. This supports the ability to message and transact with the DID owner. PII is never put on the blockchains, whether directly or hashed. Anyone doing either of these two things with your PII is endangering you.

4. Potential to reduce Data Security Risk

The Public Key Infrastructure that underlies SSI provides a significant improvement by providing a secure encrypted tunnel of communication between an institution and its customers. Banks are some of the early adopters of SSI not because they want to support “individuals owning their own identity” but because the security profile of the technology is so much higher than the current technology available to them with various forms of two factor authentication.

5. Still early in the game

While we are still in the early stages of SSI, there is solid traction with standards in development at the World Wide Web Consortium (W3C), governments funding the development of ledgers and proof of concepts and a growing number of companies developing products. As a new layer of the internet, there are new platforms based on the standards, and products and services for verticals to be built. SSI can address some GDPR regulation requirements. Any company that collects, stores or sells personal information can potentially be revolutionized using SSI technology. We expect to see a lot of growth. Come play in the sandbox.

Find out why SSI is a technology solution unlike previous solutions in their new report, A Comprehensive Guide to Self Sovereign Identity. Authored by industry insiders for C-level executives, this report makes the world of SSI accessible with a comprehensive understanding of the technology, standards, projects and companies. Learn more at https://ssiscoop.com/.

About Heather Vescent

Heather Vescent owns and operates The Purple Tornado, a foresight and strategic intelligence consultancy. Vescent has delivered research insights to governments and corporations in digital identity, military learning, payments, transactions, and new economic models. Clients include US & UK governments, SWIFT, Disney, IEEE, mid-size companies and start-ups. Her research has been covered in the New York Times, CNN, American Banker, CNBC, Fox, and the Atlantic. She is an author of the Cyber Attack Survival Manual, published by Weldon-Owen.

About Kaliya Young

Kaliya “Identity Woman” Young holds a Master of Science in Identity Management and Security from UT Austin. She co-Founded the Internet Identity Workshop in 2005. She was elected as a founding management council member of National Strategy for Trusted Identities in Cyberspace (NSTIC) Identity Ecosystem Steering Committee. In 2012 she was named a Young Global Leader by the World Economic Forum (WEF). She consults with governments, companies and startups about Personal Data and Self-Sovereign Identity.