top of page

Comprehensive guide into Self-Sovereign Identity

Updated: Oct 19, 2022

Before we come to the description of what Self-Sovereign Identity (SSI) is, let me ask one question.

Have you ever thought that something is wrong with the modern internet? Or even with the world? And are these questions related to one another?

It would be too bold to claim that there is not only a specific explanation why they are wrong, but also there is an ultimate fix for the issue.

I dare to spoil the whole further article and probably the whole of this blog with the short answers.

Yes — the modern world is wrong and the internet, as a mirror of the world, is wrong too. And the cause is the outdated tools of trust management we are accustomed to use so heavily, that we perceive them as a natural part of us and our lives (like breathing, food, sun or earth).

No — Self-Sovereign Identity isn’t a magic bullet to solve the issues of trust. But this is a significant step toward fixing them…


For those who are in a hurry…

Self-Sovereign Identity is a set of principles and approaches that claim to transfer all your legal documents to the digital world. When I tell documents, I mean: IDs, diplomas, driving license, library card, etc.

SSI ideologists also claim that such principles would add a proper layer of addressation to the Internet. The layer of addressation that is missed, because initially the Internet architecture was invented for relatively small private networks.

At the same time SSI principles would allow you to stop sharing your data with different internet services without losing a capability to use these services. For example, if a service supports SSI principles, you don’t need to login into it, you don’t need to create an account there, and store your personal data in it.

I believe this explanation brings more questions than answers… Especially: how all these things are related to one another and can be implemented with a single “solution”. Also, please, do not forget that I claimed that it could help to fix the world.

So, if you are still with me, let’s dive deeper.


Self-Sovereign Identity as a set of principles

The short answer regarding which principles allow this magic is: “trust”. A bit more complicated one is: “trust and cryptography”. If we look closer, all capabilities discussed above are about trust management.

  • To own digital documents — this is a capability to prove someone some claim digitally. For example, you can prove to an employer that you have a valid digital university diploma. Thus the employer can trust you to do some job.

  • To use internet services without an account — this is a capability to prove some internet service that you have proper access. It’s required to make the service trust you. But let’s do it without entering your login and password, and without storing there any data you need to use this service.

  • To add a proper layer of addressation the Internet lacks — things become more complicated here. Any document (resource) online has an address. If this address is cryptographically calculated from some content parameters (meta-data), you can uniquely identify a resource in the network based on the information about this resource. The cryptocurrencies use quite a similar approach to generate an account address. As a result, you can confidently link some specific resource with a specific address and with a specific owner. This trick allows users to self-register resources without necessity to rely on some authority (e.g. DNS).

Trust is necessary for such a solution, but it’s not enough. To build the whole picture we need something more.


The trust triangle.

The idea is, that to make sense of trust, you need 3 parties:

  • issuer — someone who is trusted and can issue documents to document owners. For example, a university can issue a diploma for a graduate;

  • holder — someone who owns an issued document and can prove that it is issued for him or her. For example, a university graduate can prove that the digital diploma is his or her;

  • verifier — someone who trusts the issuer and can verify that the provided document belongs to the holder and issued by a trusted issuer. For example, an employer who trusts a specific university can check if a job candidate’s diploma is issued by the trusted university and really belongs to this particular candidate.




Shared standards.

Thousands of apps and millions of issuers can create a total mess out of trying to reshape trust in a digital form. It may ended up as a war of standards won by some corporation in the end. What we don’t want for sure. This is why W3C yields specific standards that are used to support Self-Sovereign Identity ideas.


Last but not least — cryptography

Cryptography is the key of keys here. More precisely: asymmetric cryptography, which allows you to create a pair of private and public kays. Private key is stored secretly and allows you to sign some data. Public key is something that you share with others. It allows others to check if the data signature is yours and valid.

Thus, anyone can sign some document while other parties can verify it. For example, your university can sign your digital diploma and give it to you. Then everyone who trusts the university takes its public key. When you come to an employer, he or she can check if the signature on your digital diploma is valid and signed by your university.

To be honest, things are a bit more complicated than that, but this abstract should give you a concise idea, about what is going on under the hood of SSI related implementations.


Put it all together — the wallet

Probably, this is the most clear and important part, that puts all things together. The implementation. It’s funny but it’s freaky simple. You have an app on your device, that is called Wallet. A wallet can be developed by different vendors and its main function is to store your crypto keys and personal documents that follow SSI related standards. When you need to share or use them, you confirm a request from your browser or another device with your wallet by scanning a QR code or entering one time code. When you scan a QR code, some system (e.g. an internet store) asks for some type of credential from you. Your wallet provides them signing the response with your key. The same key the document relates to. It’s required to prove that this is you who owns the document. It’s like signing a contract and providing your passport to check the signature, but without people time spent. That’s it.


Afterwords

I know, that in this article I failed to explain how SSI can fix the world — which wasn’t the goal. But I hope I succeeded with an explanation of what it is — which was. Please, inform me in comments if you still don’t get it, and I’ll try to improve the article for you (any other comments and questions are welcome too.)

Anyway, I should say “sorry” to the reader, but to discover my findings regarding fixing the world with SSI, my honorable reader needs to proceed to the next article about my project — ID Karma.



35 views0 comments

Related Posts

See All
bottom of page