Self-Sovereign Identity
It has been a while since I haven’t published an article about web3 concepts and today I want to start a great topic. Please note that I am not an idenitity professional yet but I am keen to learn everything about it including its philosophy, tech and cryptography. As I get more seasoned in this, I will keep sharing my experiences and thoughts.
As early adopters of a disrupting technology, we will always be considered as dreamers and they will tell about people like us-first movers-, we are like coming from a space movie, talking about non-sense new technological terms, trying to solve problems that are already solved many years ago and probably heavily criticized constantly by society. But we will always stand for what we believe in and will make this innovation dream real!
“What is a digital identity? How this started in the first place?“
Let’s have a look at what this is all about one by one.. In today’s world, identity has many forms including a digital persona of yours because you have a digital footprint from every move you make online, in your browsing history, from social media activities, and even from your blog posts. That means, in addition to your real-world identity, you already have a digital counterpart that is already linked to your real persona. For many years, you have been protecting some of your sensitive real-world identity attributes from 3rd parties with your passwords and usernames which were introduced to our lives by Web 1.0. Everything was ok back then, but in time our digital world started to expand and we drown into millions of passwords, multiple social media accounts, social networks, thousands of interactions with the community…
Then our planet’s technology giants found a brilliant way to manage all of these. Single-Sign On was a great technology, and it still is. We owe a lot of things to the person who invented this technology. SSO allows all developers to reduce the friction of user acquisition. Everyone who is building something today can use Google’s, and Facebook’s OAuth Servers to integrate their platform freely to get your credentials to create an account. Actually its really an easy way to sign-up for a platform but we missed something. Your digital identity is almost as important as your actual one. In fact, it is more valuable because thanks to technology we can anticipate your shopping habits and use them against you. Data science and AI have a huge impact on advertisements and even sometimes elections! And we don’t actually know when we use these services which data is shared. What do they do with this data? I am not saying that we shouldn’t trust Google. It would make me look insane but how can you trust a service that is built by any company that can access your all digital identity, therefore, linked real identity? Is it really wise to don’t know about your data’s condition in a world full of cyber crimes, sexual or racial harassment, impersonation, identity thefts… What if there is a world that gives the control of your identity back?
What is Self-Sovereign Identity?
Self-Sovereign is quite a strong word in Web 3, but it should be a concern everywhere. Basically, it refers that you being in control of your data objects like fingerprint, digital or real identity.
A real-life example?
Let me shed a bit more light with an example of how this process could work in our daily lives. Assume that you are working in an extremely secure facility and you are expected to enter the building with your fingerprint. Now, if the organization holds your fingerprint data in their database then we can not talk about self-sovereignty but if they, for example, give you a card that stores your fingerprint, and every morning you are expected to put that card o an RFID reader and put your finger to fingerprint reader to compare then yes that definitely indicates that facility concerns your self-sovereignty. You may wonder are there really places like this, I can say yes!
How bad is this?
In the virtual world (while using a social media app, doing some groceries online, logging in to a website, doing monthly payments for bills) you are using your identity everywhere. Here is the problem with this, can you justify the reason for sharing your address to like your childhood friend’s dog’s photo? Or does a geek platform really require your social security number to show you some memes? Don’t you really care what is shared and what data get solicited by these platforms among them?
What we can do?
It is actually quite simple, you can take your own data responsibility, but how? Basically you by owning it. Let’s step back and look at the reason about why we are having this in the first place? To protect our privacy, to be able to access some sensitive content, etc. But our aim is to provide enough number of data, not more.
Critical question, how? Thanks to a cryptographic invention called Zero Knowledge Proofs we are able to provide this service. I will deepen my knowledge about them and will deep dive into ZKP world in another article but basically it allows you to prove that an information you have is correct without sharing it with anyone else. This brilliant technology will be the biggest key driver of our Self-Sovereignity journey!
Why now?
We have waited for a technology that totally belongs to people. Blockchain gives you true ownership of what is yours that was lost a long time ago. How? Because the data is everywhere and publicly available, due to its accessibility everybody can control if it is tampered with or somehow its integrity is preserved. It has no point to use a centralized service even if you are the owner of it, right? The centralization brings its own issues like how will you provide data security, how’d you make people believe you that you are not gonna use their data for their good, can you guarantee that data will remain as is without any modifications based on some actions on your end. In one of my old articles, I described web3 as a movement against data barons because it gives you more control over your data by utilizing the power of decentralization via blockchain technology. We don’t need to rely on neither governments nor big corporations to provide trusted data services.
I’d like to conclude this article now, and having some hope that this will create curiosity in your minds for the rest. Because upcoming parts of this series will be about Decentralized Identifiers(DID), ZKPs and Soul-Bound Tokens. Bare with me to find out these new technologies, best practices and recent news from the industry!
Author
Boğaçhan Yiğitbaşı is a technical product manager at Concordium which is a business-oriented, regulation-ready Layer-1 blockchain that has the ID layer at the protocol level. Some of his primary responsibilities are designing blockchain-based solutions, developing tools and tutorials for the community, doing technical assessments and due diligence on the projects, and helping with their integrations. His fields of interest are in a wide spectrum of projects including carbon markets, NFT Marketplaces, Web 3 gaming, metaverses, IP, and utility NFT dApps. He has a real passion for this brilliant technology and outstanding excitement for improving/educating himself.
He holds a Bachelor’s and Master’s Degree in Computer Engineering and completed several certification programs at the Frankfurt School Blockchain Center (FSBC).
You can contact him via LinkedIn or follow him on Twitter (@BogacYigitbasi)
