The Time for Self-Sovereign Identity is Now
Blockcerts, Decentralized Identifiers, and Verifiable Claims
We are living through an historical moment in which momentum toward the unlimited collection and transferability of personal data by nation-states, industry leaders, and software providers is increasing irreversibly. Regulating this momentum from a policy standpoint will have at best limited effects so long as economic incentives and technological infrastructures collude to provide frictionless, one-way transparency into the lives of citizens, employees, customers, and learners. For this reason, any long-term solution to protect individual privacy and social agency must be technological and infrastructural, and that is precisely the opportunity now provided by the blockchain.
Chief among the possibilities afforded by the blockchain is what some have called “self-sovereign identity.” In general, self-sovereign identity means that the individual has ownership over their personal data and control over how, when, and to whom that personal data is revealed.
This paper first outlines what has already been achieved in the way of self-sovereign identity and then looks toward the path ahead. Taking the Blockcerts open standard as a case study of a self-sovereign technical architecture, we begin by describing the development of Blockcerts and its synchronization with the OBI standard. Next, we chart the initiatives that are still underway: the progress toward a truly distributed identity management structure via Decentralized Identifiers (DIDs) and Verifiable Claims.
We conclude by stressing the urgency of digital self-sovereignty. Inasmuch as the blockchain affords, for the first time in history, the possibility of true individual ownership of their own data, it is a double-edged sword: it also opens the door for powerful actors to monitor and control the actions of human beings with unprecedented precision, at an unprecedented scale. We must build alternative possibilities now. Conservatism and inaction, including relying on policy-based approaches to regulate technological development, are not options; the momentum is already in place, and innovation will follow the incentives that are already at work.
The time for architecting systems according to self-sovereign principles is now. This paper describes DIDs and Verifiable Claims and building blocks in these architectures.
Blockcerts: Recipient-Owned Credentials
In 2016, Learning Machine collaborated with the MIT Media Lab to develop Blockcerts, an open standard for issuing and verifying credentials on a blockchain. A blockchain is a decentralized data storage mechanism which creates, through distributed consensus, a single ledger of transactions that serves as a record of historical events. Blockchain transactions can be used to record events such as the issuing of digital credentials, where the transactions include a data field containing a message digest (used to prove the integrity of the data). This helps overcome the problems of centralized databases, which serve as honeypots for attackers and whose data can be edited or erased by unscrupulous actors.
The aim behind Blockcerts is to give recipients ownership of their official records so that they are freed from ongoing dependency on issuing institutions — or any centralized authority — to verify their own credentials and achievements. This not only affords recipients a maximally portable, private portfolio of their own records, but simultaneously helps issuing institutions prevent fraud and misrepresentation of official documents that they issue while allowing independent parties to instantly verify the authenticity and integrity of records and credentials presented to them.
The Blockcerts standard was published under the MIT open source license in 2016 so that any institution, vendor, or researcher can use it to build their own applications for issuing and verifying claims on the blockchain. The intent behind open sourcing Blockcerts was twofold: 1) avoiding a standards war and 2) ensuring maximum portability and interoperability of records (helping to avoid vendor or issuer lock-in). Since 2016, dozens of organizations and individuals around the world have begun building on the Blockcerts standard.
Credentials in a Self-Sovereign Ecosystem
In a self-sovereign ecosystem, the recipient should control every aspect of their credentials: where they are stored, with whom they are shared, and how the recipient is identified in the credential. The latter affects several areas of recipient control: the ability to prove that the claim is about themselves, to disclose only the information they want to reveal about themselves, and subtler privacy concerns, such as whether claims about them can be correlated to other data.
The path toward a self-sovereign digital credentialing ecosystem has its roots in the Open Badges movement, which has gained significant international currency. Blockcerts, a blockchain-based credentialing standard, is architected from many of the same values that drove the development of Open Badges: interoperability, portability, and verifiability. In 2017, version 2.0 of Blockcerts was expanded to be fully compliant with version 2.0 of Open Badges. What that means is that Blockcerts is now a proper Open Badges extension (and on track for acceptance as an official extension), which adds blockchain-based verification and recipient ownership to the traditional OBI format. Anyone with an OBI 2.0-compliant wallet can use it to store Blockcerts, and the Blockcerts Wallet can be used to store and share OBI 2.0-compliant Badges.
In addition to interoperability, portability, and verifiability, Blockcerts was also designed specifically with self-sovereign digital identity in mind. For this reason, it privileges individual ownership of credentials, rather than custodianship of credentials by a software provider or issuing institution. Blockcerts allows recipients to prove ownership of a credential directly through public/private key cryptography.
Furthering the goal of self-sovereignty, Blockcerts is also identity agnostic; that is, it takes a claims-based approach to identity, which allows organizations and recipients to employ their preferred methods for identity management. Blockcerts works with any kind of identity solution, whether that is a Facebook profile, a University account, or a Decentralized Identifier. This makes it well-suited to a model of digital engagement in which individuals may have multiple digital identities which they curate differently and employ in different contexts.
Blockcerts is currently evolving to accommodate even greater degrees of digital self-sovereignty. Most immediately, this involves both facilitating a persistent, recipient-controlled digital identity as well as data minimization. In the subsequent sections, we discuss how Decentralized Identifiers and Verifiable Claims contribute to a more self-sovereign ecosystem.
Decentralized Identifiers: A Portable, Self-Sovereign Identity
Digital identity functions through the deployment and correlation of identifiers. Under the current Blockcerts standard, recipients are identified when their pseudonymous public blockchain address is linked to a public identity (such as a social media profile or user account). However, these digital identity providers may go out of business, cease to support the recipient’s profile, or leak identity data. One way to address these shortcomings is through a universal, portable identifier that does not rely on a centralized identity provider and which is owned by the individual. One model under which such identifiers are being developed is the Decentralized Identifier (DID) specification. Decentralized Identifiers are designed to underlie a self-sovereign approach to the management of digital identity.
Currently, Open Badges issuers typically use a hash of the recipient’s email (the hash is recommended to avoid having an email embedded in the certificate in clear text) to identify recipients. Blockcerts allows recipients to make a stronger claim of record ownership through use of cryptographic ownership of a blockchain address. Both approaches have longevity and privacy concerns. The recipient’s email in a credential may not be permanently available to the recipient (for example, university email addresses are customarily deactivated upon graduation). Cryptographic key management, on the other hand, is not user friendly. As a partial solution, Blockcerts introduced a certificate wallet to help the user manage their keys, but there are still practical usability concerns making it difficult to assume the recipient will retain ownership of their keys in the long term.
DIDs are an important tool for advancing the viability of self-sovereign identity. In particular, DIDs address the high barriers to entry of managing cryptographic keys. They offer cryptographic strength while factoring in the full lifecycle of keys, including expiration and revocation. This includes usability improvements such as social recovery, in which a user may specify that 3 of 5 known contacts may vouch for their identity if their device is lost.
Thus, DIDs remove many of the usability shortcomings of cryptographic key management, making it much easier for the recipient to retain ownership of their identifiers over time, and therefore, also of their associated credentials.
DIDs also give owners (both recipients and issuers) more control over when and how a digital identity is deployed. On the recipient side, DIDs used as recipient identifiers promote long-lived, and as we’ll discuss in the next section, privacy-respecting credentials. Furthermore, a recipient can maintain any number of DIDs to increase their ability to curate their identity profiles and increase their privacy. This avoids a situation in which all of a person’s data is tied to a single individual identity profile; instead it can be replicated as frequently or as rarely as that individual chooses.
On the issuer side, DIDs remove the requirement for issuers to host profiles that maintain a list of current and expired keys. In general, issuers hosting any data introduces a potential single point of failure during verification — for example, if the issuer site is temporarily or permanently offline. With DIDs, this information is architected to be decentralized and available at any time. This facilitates the persistence of digital identity while placing it in the hands of the user, rather than a third-party custodian.
Verifiable Claims: Taking Blockcerts to the Next Level
Verifiable claims are a lightweight format for expressing a wide range of verifiable yet privacy-preserving claims made about an individual (for example, proof of citizenship or the license to drive a car). Technically, Verifiable Claims are claims made about a “subject” (identified by a digital identifier such as a DID) that are rendered tamper proof through digital signatures. The authenticity of digital signatures may, in turn, be established through issuer identifiers, which may also be expressed as DIDs.
Verifiable Claims have already been incorporated into the Open Badges data model through endorsements. Expanding claims functionality is useful for Open Badges in several ways. Since Verifiable Claims are designed from the ground up with self-sovereign principles in mind, the developer community has a sophisticated map of the privacy problem space, which is used as a guide to resolve concerns at all levels of granularity. Privacy is, after all, not an absolute state but involves differing trade-off decisions depending on the context in which information is solicited and the nature of that information. For example, if a claim contains personal information that a recipient would rather selectively disclose to only specific parties, the Verifiable Claims ecosystem offers techniques and standards regarding data minimization.
It is time to evolve data management paradigms from those based on a centralized web architecture to those functioning from the decentralized web. Only in this way can individual self-sovereignty be guaranteed in a world where centralized authorities exert irreversibly amplifying control over digital infrastructures, and security breaches will only become more common. Blockchains are becoming the most rapidly adopted decentralized architectures from which secure and self-sovereign data management practices may arise. Beginning with the Blockcerts standard, recipients now have private ownership of their digital assets in a way that was not possible before. With the move toward Decentralized Identifiers and Verifiable Claims, recipients also have persistent, independent digital identities and can choose exactly when, how, and to whom they disclose any private data. As public standards, all of these specifications solve for maximum interoperability and portability of documents and data, without sacrificing privacy or individual control.
We have the building blocks required for systems based on self-sovereign principles, and it is up to us to make sure they are used in the educational, economic, and governance architectures of the coming generation.