Self-Sovereign Identity Principle #2: Control
One of the guiding principles of self-sovereign identity (SSI) according to Christopher Allen’s Ten Principles is control. In essence, users must be in control of their identities; or in other words, be sovereign in defining who they are.
Focus on control over one’s identity does not necessarily mean achieving complete identity-ownership. Passports, for example, are not owned by the individual but rather the state. The same is true for driver’s licenses. Sovereignty allows the user control of how their identity is used without negatively disrupting the way society is organized.
Typically, in order to enforce this principle, exerting control over your identity requires backing from the state or other third party. Blockchain solves the control issue by using secure algorithms that help users ensure continued validity of identity as well as any associated claims. This method eliminates the need for compromised control from entities such as the state or third parties.
In such a system, the user becomes the ultimate authority of their identity. They retain the rights to refer, update, hide, or do anything else with it.
Ownership or control of identity data?
After a number of recent incidents regarding identity breaches, such as the Cambridge Analytics scandal, numerous high-profile Equifax-style data breaches, and materialization of GDPR legislation, many have asked, “who actually owns your data?”
Since identity data is extended from intrinsic (or human) rights, (which, according to the Universal Declaration of Human Rights), cannot be surrendered, transferred or sold like property rights. Identity is best framed in a different way. As ownership often implies a property law model for data, it’s more fitting and more just to consider constitutional rights laws when framing identity data.
This forces further clarification when implementing self-sovereign identity in a blockchain-based identity solution. Users are given control over their identity data, winning the ability to decide for themselves when and where the pieces of their identity are shared.
Providing identity information about oneself does not result in loss of privacy. Quite the opposite, a decentralized identity solution gives full control to the user over their private data, thus ensuring that the user dictate what is shared.
Control as a guiding principle of self-sovereign identity ensures that the individual is the sovereign decision maker of all identity-related information. The recent incidents involving data-breaches serve as a solemn reminder that the guidelines and qualities centered around control must be continually refined.
Decentralizing identity management empowers the user by returning control of their identity back to them. Blockchain offers this to users in a secure and effective way.
This article is second in a Self-Sovereign Identity Principles series the Metadium team is putting together for you. If you want to learn more please follow us on Facebook, Twitter, Instagram and LinkedIn!