What Is Self-Sovereign Identity And How Does It Protect My Privacy?
The concept of “self-sovereign identity” (SSI) is at the core of lifeID and its blockchain-based identity solution. The crypto-identity sphere uses this term a lot, but what does it really mean?
Take a moment to consider how digital identities are used in the world today. Currently, people don’t have full control of their identity information or the digital identifiers used to uniquely represent themselves online. Instead, their personal identity information and their online account IDs are maintained by each organization with which they interact. Consequently, a large number of usernames and email addresses are needed to identify users with all these various organizations. The current approach relies on passwords and security questions like “what was the name of your first pet” to prove that a user is an account holder. This scatters personal identity and account information across each of the organizations a user interacts with.
There are several problems with this approach to digital identity management. The most concerning is that personal identity information is stored on so many different servers which means a security breach at any one of them will expose your personal identity information to hackers. Along with security concerns, the management inconvenience created by needing individual username and passwords for every separate organization is a heavy burden on users.
In most cases, it is this email address that is used to prove you are the rightful owner of some online account, and although most of us don’t consider this fact, we don’t own email addresses, we rent them. Email addresses hosted at popular domains such as Yahoo or Gmail are subject to terms and conditions which allow companies to suspend their users’ access without providing justification. Even “owning” a domain is still vulnerable to loss through attacks or even simple neglect. Ultimately, if we lose access to this email account for any reason, we lose the ability to prove ownership of all the online accounts that use it to verify our identity.
So back to the original questions: What is self-sovereign identity? How does it help me? A self-sovereign identity is a credential that an individual maintains absolute control over and uses to represent themself in the digital world. So rather than using an email address that is rented, or usernames that are controlled by other organizations, a self-sovereign identity remains under the control of the identity holder at all times.
How does a Self Sovereign Identity protect my privacy?
A self-sovereign identity on its own does not protect a user’s privacy, but when combined with the power of cryptography, it allows us to control and protect what private information we share with others. This “proving” of various facts about ourselves is accomplished through something called a verified claim. A verified claim can be thought of as a trusted 3rd-party endorsement of an identity detail pertaining to an individual.
A verified claim in the digital world is like a state-issued driver’s license in the real world. My driver’s license is a card that I carry around in my wallet. It contains a picture of me, details about my name address, birthdate and other information, along with a special holographic security element to help identify fake cards. This holographic mark is what helps others verify that this driver’s license was indeed issued by the state, and not a forgery. Once I have possession of this license, I control who I hand it to when I need to prove my age, address, or other information.
Verified claims function in the same way. I present my digital identifier to some verifying authority such as the DMV, but instead of issuing me a card, they use a computer to cryptographically sign the data about my name, photo, date of birth, etc.
To understand how using a verified claim preserves our privacy, let’s explore the example of showing our license to gain entry into a nightclub. The bouncer at the door to the nightclub requires every patron to show their license in order to get in. The bouncer looks at the driver’s license and confirms that the picture matches the patron, they are over the age of 21, and the security marking is legitimate ensuring the ID is not a fake.
In the same way, verified claims in the digital world are used to allow a trusted third party to verify attributes such as a birthdate of an individual. For example, I can request that the state cryptographically signs my digital self-sovereign identifier confirming my age is greater than 21. This claim can then be used for an apartment rental application, where all the leasing company needs to know is that I am old enough to rent from them. As long as they trust my state, I don’t need to provide the date of birth itself. For many business transactions, this verification is all that is needed, immensely cutting down on the amount of personal data individuals need to share.
Importantly, in the example above, when I showed my license to the bouncer, this interaction is private between me and the bouncer. The issuer of my license has no idea who I show it to. In the same way, when a self-sovereign-based verified claim is presented a specific website, the issuer of that claim is not involved in the transaction, meaning it has no way to track which sites I log into. This is the stark opposite of using an online social credential like Facebook because they track every internet site I log into with my Facebook account.
Using a self-sovereign identity such as lifeID along with verified claims in the digital world allows us to interact in a way that resembles what we already do in the real world. With lifeID, these unique digital identifiers along with the verified claims are encrypted and stored on the smartphone using the lifeID app. This gives users autonomy in the digital world where it doesn’t currently exist today.
lifeID will change the nature of digital identity, putting users back in control of their information, while maximizing convenience across the board.
Website: lifeid.io
Follow us on twitter: @lifeid_io
