Over the past five years, I’ve come to understand the power of a new digital identity paradigm — a technology layer, based on standards, where individuals, and legal entities collect their digital identities and credentials (including ones they asserted themselves), and securely and privately share them with businesses, governments, websites and anyone else. We call this “Self-Sovereign Identity” or SSI for short.
Self-Sovereign, Decentralized Identity or Self Asserted Identity?
The term self-sovereign identity has a political spirit that not everyone appreciates. Governments in particular have concerns with the term “self-sovereign”, as governments are in fact, legitimate sovereign entities. There are many identities issued by a sovereign — any government issued identity like a passport, drivers license or business license is issued by a government agency — that’s why you trust the credential. Some businesses use the term “decentralized identity” or “self-asserted identity” because it addresses the peer to peer nature of sharing identity data.
The Beginning of SSI
In 2015, blockchain was trying to solve everything. It was at this point, at the Internet Identity Workshop (IIW), I first I heard blockchain uttered in the same sentence as digital identity. At that time, I was not a fan of using blockchain with digital identity. In early 2015 there were 2 or 3 sessions about blockchain and identity at IIW, however that fall, there were more than 20! I participated in many of those early sessions as the skeptic I was.
Many of the conveners of those early sessions have moved on, but a core group has pushed the technical vision of self-sovereign identity with the intention to develop standards. In fact, the W3C has recently codified the Decentralized Identifier Working Group (only open to paid W3C members). Early adopters have experimented with the technology ideas, developing proof of concepts for business credentials, refugee identity, educational credentials, and supply chain provenance to name a few. US and Canadian governments have invested over $2 Million in funds to develop this technology because they see the opportunity to build a new digital identity infrastructure that could become the future of identity, not just for humans, but for corporations, and IoT devices.
Over the course of 2019, we’ve watched the SSI space mature, with the results of early proof-of-concept projects, like the Verifiable Organizations Network, CU Ledger and Novartis Pharmaceuticals. New companies are entering the space to learn how this technology might re-invent their business, and this means there is an influx of new energy, and new ideas.
Making it real, and really making it
The existing prototypes showed that you can use this technology to give and receive verified credentials. Business models will get reinvented, and we see the possibility to close existing attack surfaces to provide more security and privacy for data sharing. But it’s not going to happen overnight. It’s a long road to go from the vision to successful market adoption. And we are at the beginning of the next step.
What can we expect?
- Vision Gap: Early releases may not match the long term visions or early prototypes that didn’t have to address scale and execution, so we must expect initial releases to disappoint us a little. Some ideas will fail, barely hit MVP and won’t easily scale. But they will further prove the technology. We need to learn from the successes and failures, and build for the future.
- Experiments: Now is when we get to see what SSI can do — who will discover the new business models and product offerings?
- New People: An influx of new people to decentralized identity, who do not necessarily know the history of digital identity. Fresh ideas and a beginner’s mind that is not bogged down by the failures and missteps of the past is a good thing. But so is learning from past successes as much as failures.
- New Metrics: New paradigms have new metrics. It’s often hard to compare the potential metrics of the future to the current metrics.
- Maturing Standards: The standards will take shape and get formalized. But not everyone will use them. We must be ruthless to stop regulatory capture and misplaced corporate intentions hidden in standards bodies.
What started out as an idea in a room at the Computer History Museum in 2015, is now a budding set of standards, a group of working prototypes, a number of government investments, an introductory book, and an official W3C working group. It’s the end of the beginning of self-sovereign identity — and it’s a great time to get involved.