Introduction to Self Sovereign Identity

Controlling our own identity by ourselves

What is Self Sovereign Identity?

In this concept, only the user should own their identity data fully without intervention from outside any third party (including the administrators).

This concept can be applied to both people and organizations. When this applies to a person,

  • The person can obtain, hold, manage and present their own verifiable credentials
  • No third party involvement.
  • Preserves the privacy and security

When this applies to organizations,

  • The organization can have and maintain their own digital identity
  • This identity can be used as proof when dealing with certificates

A Sample UseCase

In a typical system,

  1. He needs to login to the website of ‘Bank A’, creates an account there, have to fill a lengthy form of registration and send a copy of the National Identity Card.
  2. He needs to login to the website of ‘Bank B’, creates an account there, have to fill a lengthy form of registration, and send a copy of the National Identity Card, Pays Slips, Degree certificate, and Birth Certificate.
  3. He needs to login to the website of ‘Bank C’, creates an account there, have to fill a lengthy form of registration, and send a copy of the National Identity Card, Pays Slips, Degree certificate, and Birth Certificate.

When using SSID,

Fill the wallet with a credential

Sam pre-registered and obtained a User DiD for digital bank users license from the central bank using the following steps.

  1. Sign in to the Central Bank’s system and scan the QR code using his mobile phone to obtain a verified digital bank users’ license.
  2. The bank returns a credential created for Sam signed by the private key of issuer DiD.
  3. Sam accepts the credential and stored it on his device.

Then,

  1. Sam Navigate to ‘Bank A’ website to open a bank account. Sam scans the QR Code and gives consent to the subset of verified claims to share with the bank from his device.
  2. ‘Bank A’ verifies the signature of User DiD and issuer DiD by communicating with the central bank.
  3. ‘Bank A’ verified the identity of Sam and allows him to open the bank account.

When Sam needs to request a personal loan or a credit card from any bank which trusts the central bank he does not need to register and fill lengthy forms. He can use the above credential which is issued by the central bank and fulfill his need.

Summary

This is a basic introduction to explain the self sovereign identity. Hope you get an idea about SSID from this article.

Associate Technical Lead @ WSO2