Has SSI’s Identity Problem been Solved?
SSI, Web5, IDtech, Reusable Identity, Authentic Data — Which Should You Use?
Two years ago, I authored a piece called SSI has an Identity Problem where I outlined a somewhat ironic problem. “SSI” stands for “self-sovereign identity” — a new kind of standardized, user-controlled digital identity. But a host of other terms are used to describe the same thing — like “decentralized identity” and “self-managed identity,” and none have emerged victorious. This isn’t ideal because usage of a variety of terms confuses the market — not to mention the irony of an identity technology with such an identity crisis!
It’s been two years since writing my original post, and it’s time for a follow-up. Terminology matters because it’s related to adoption; the easier to understand, the more the concept will spread, and the faster digital identity will improve.
By this post’s conclusion, you’ll understand why I use the terminology I do. If I’m successful, you’ll have insight on how you can adjust the way you communicate about SSI to help your business, product, or analysis be more successful.
Quick framing note:
Throughout this post, I’ll use “SSI” as a broad umbrella term to refer to the full set of technologies, philosophies, and products that are improving how digital identity is done for both consumers and organizations.
‘Self-sovereign identity’ was the first category-defining term to catch on, and therefore the most widely used today. But the first terms to catch on are not always the best nor the longest-lasting.
My use of “SSI” is not an endorsement. In fact, the purpose of this post is to propose more fit-for-purpose terminology than SSI. Let’s dive in!
The terms gaining popularity over the last 2 years
IDtech refers to products that empower users to take control of their identity, share their data safely, and more securely access the things they need. In contrast to other terms that describe a concept, movement, philosophy, or technology, the term IDtech describes the real-world applications built using those building blocks. If a fintech product helps you manage your money, an IDtech product helps you manage your identity and data. And, like the move to open banking before it, the popularization of interoperable identity primitives such as verifiable credentials and decentralized identifiers are catalyzing IDtech as the new fintech.
Terminology is important — people couldn’t see the color blue until there was a name for it. Phil Windley, original leader at Sovrin + IIW cofounder, shared with me how his 1994 startup iMall struggled until the term “e-commerce” came about. It enabled him to instantly communicate its value in a single, concise statement.
When I say blue, people see the color of the sky. So, what do people “see” when they hear “self-sovereign identity” or “decentralized identity”? Based on the number of times I’ve seen a “deer in the headlights” look, I’d guess… headlights? On the other hand, when someone mentions they’re building an EdTech, BioTech, AgTech, PropTech, RegTech, FinTech, FoodTech, MedTech, etc. product, people know something about it instantly. An investor can specialize in MedTech. Customers can attend an EdTech conference. And so on.
The term IDtech is the first term to refer exclusively to SSI’s applications/products. It will lead to faster adoption of user-centric identity solutions to the extent it helps developers, investors, analysts, and end-users quickly understand how the SSI rubber meets the road.
For more on IDtech, feel free to review both the massive business opportunity it represents and how it will drive SSI adoption.
Web5 is a new term — but much has been said about it already. On the homepage of TBD, they describe it as “an extra decentralized web that puts you in control of your data and identity.” Timothy Ruff, SSI entrepreneur, added to that definition by asserting web5 is “The autonomous control of authentic data and relationships.” Definitions materialize from how words are used, not what’s said about them — and I see “web5” mostly used to describe a technology paradigm.
For example, if someone says they’re building a web3 product, what do you think of? Likely blockchains, tokens, NFTs, DAOs, and private keys (crypto wallets). They’re using web3 as shorthand to describe the architecture of their solution — the paradigm or technical philosophy they ascribe to.
Web5 is a terrific candidate to describe the general technology architecture/approach that enables SSI to exist. In this way, web5 acts as shorthand for verifiable credentials, decentralized identifiers & PKI, identity wallets & personal data stores.
In my original post, I predicted:
The name that will emerge [to describe the category] will likely not be the first one, but the one with the least negative baggage that balances being specific to the technology but broad enough to encompass all its variations.
Web5 is the quintessential answer to this conundrum. Web5 leaves behind the baggage of web3, while still promising a bright future. It avoids the problems with terms like self-sovereign identity, decentralized identity, and trust over IP (which I outlined in my post a few years ago). Web5 is also broad enough to encompass the various approaches to solve the problem — from blockchain-based DIDs to self-asserting KERI identifiers. I’m looking forward to seeing how this term is used more in the wild.
Today, financial institutions, e-commerce sites, gig economy services, and most other digital services operate with dozens of data aggregators and middleware services verifying people in the background. Everywhere you go, you’re re-verified. Reusable identity refers to people holding “interoperable identity credentials” (source) that are broadly accepted and authenticate-able in real time, reducing the need to re-verify people and resulting in easier-to-access and lower-cost services.
This is a great conceptual term, especially for identity professionals who are familiar with how the world works today. Because the term is unopinionated about the application of the concept and the technical approach with which it is executed, it can be applied to solutions that diverge from the ideals of SSI (like interoperability and privacy). It can also be confusing for people who are new to the identity space, who may misinterpret “reusable” for “replayable.”
What this term gives up in completeness (e.g. doesn’t consider privacy) it makes up for in accessibility. It is especially helpful in a business context because it emphasizes the value of SSI in plain English. While the term is relatively new, it has already proven to be a promising contender for conceptualizing SSI.
Authentic data or verifiable data
Digital trust is a major problem, and terms like authentic/verifiable data strike at the heart of the issue. SSI produces data that is authentic (meaning “of undisputed origin; genuine”) which is slightly more accurate than verifiable (meaning “able to be checked or demonstrated to be true, accurate, or justified”). To most, they’re equivalent.
These terms are useful when one wishes to distinguish between regular, raw data and cryptographically signed data. They’re especially useful to describe the end result of a verifiable credential. However, I don’t think the term is suited well to describe the whole SSI category. Authentic and verifiable are very vague terms, especially to the layperson. (Most people use authentic as in “authentic Chinese food” or “being authentic to your inner moral compass” — and how many times have you heard “verified credential” instead of “verifiable credential?”)
How do the terms relate?
Sometimes it’s helpful to use analogies to understand how new concepts relate. The best comparison I can conjure is with cinema.
- “Reusable” and “self-sovereign” are ideologies, ideals, or ambitions identity developers can ascribe to, just like directors can aspire to produce artistic vs entertaining films.
- Web2, web3, and web5, as paradigms or architectures, are akin to the style used to shoot, which is determined in part by the types of cameras, lenses, and other technologies used.
- Categorical terms such as IDtech, fintech, medtech, etc. are like genres of movies (e.g. superhero, horror, romance+comedy, etc).
- A movie is but the organizing of plot points, dialogue, and other sequences that tell a story — much like how bits of authentic data — multiple sources of credentials and presentations — make up an IDtech product.
- A given IDtech product is like a specific movie. It is the sum of all the aforementioned bits, packaged up into something someone can actually consume.
The words I use today
Our goal at Trinsic is to make the world more accessible by empowering teams to build amazing identity products. IDtech is the term to describe the product/application layer that is emerging on top of the concepts, technologies, and paradigms we’ve spoken about herein.
When talking about the technology or architecture of a product, I’ll continue to use web5, web3, or web2 as shorthand, despite not loving the “webX” framing. And I’ll use reusable identity, decentralized identity, and self-sovereign identity as high-level terms to describe the ideology driving the change in the identity market, depending on the audience I’m speaking to. And when I’m talking about the end result, or the component parts of an IDtech solution, particularly for relying parties, I’ll speak to authentic/verifiable data.
As I’ve stated before, IDtech is the new Fintech. And the winning IDtech products over the next decade will be ones built using the principles of self sovereignty and reusability. I’d love to hear your feedback on this article. And if you’re building an IDtech product, I’d love to learn about what you’re building and explore whether Trinsic can help. Feel free to find me on LinkedIn or Twitter and let me know the terms you prefer to use to describe better digital ID.
Thanks to Gabe Cohen, Kim Hamilton-Duffy, Zack Jones, Anna Johnson, and Timothy Ruff for giving feedback on this article.