SSI has an Identity Problem
Before the word ‘elephant’ was broadly used, how would one describe the big, leathery animal?
Each of these people call the elephant something different because they each have a different perspective. When you think about it, an elephant really is like a big wall with a snake and spears coming out of its face, trees for legs, and a rope-like tail. Without a concise name for the sum of its parts, its meaning can be communicated, although imperfectly, by a description of each part individually¹.
Similarly, there is a new category of technology and business solutions that seeks to solve the proverbial “dog on the internet” identity problem for individuals, organizations, and connected devices. Most often called ‘SSI’ (for ‘self-sovereign identity’) or ‘decentralized identity’, these terms are often used in the same way ‘elephant’ is used — with a wealth of meaning and nuance not apparent to beginners. A review of the different terms used to reference SSI provides a helpful introduction.
Naming the Category
‘SSI’ is the noun I’m using throughout this post to reference this new category of solutions, although there are three primary candidates used in the market today, each with a different emphasis.
Self-sovereign identity (SSI) is a movement that claims digital identity should be just as legitimate and nuanced as a person’s human identity, while being accessible to all, privacy-preserving, and not reliant on a single government or corporation. SSI is the combination of decentralized identity and trust over IP (both defined below) but also encompasses other technologies and business solutions to enable its purpose. ‘Self-sovereign identity’ was the first category-defining term to catch on, and therefore the most widely used today. But the first terms to catch on are not always the best nor the longest-lasting; groups at industry conferences² have even convened to try to come up with an alternative to ‘SSI’, to no avail. Sovrin Foundation is a nonprofit that champions this name with its mission “identity for all”.
Many governments, actual sovereigns (noun), strongly dislike the term ‘sovereign’ (adjective). Businesses seeking to sell SSI solutions to governments often steer clear as well. While the name ‘SSI’ does a good job at describing the human application and aspiration of decentralized identity technologies, it isn’t clear to most people how B2B and IoT use cases fit in this framework. Finally, I’ve spoken before about how the term is too tightly associated with the blockchain world.
Some of the problems associated with the word ‘sovereign’ could go away if ‘SSI’ becomes the de facto term as I’m using it throughout this post. As identity expert Drummond Reed frequently points out, we use acronyms every day whose full names we don’t know — ATM, SMS, HTTP, ROTC, AIDS, OTC, FAQ or even GEICO or AT&T, for example (if you knew the full names for all of those, kudos 😊).
‘Decentralized identity’ is the second most-used term to describe the category. Decentralized identity’s emphasis is much more technical in nature and seems to focus on traditional IAM use cases. Decentralized Identity Foundation (DIF) is the primary industry association & standards body championing this term.
The word ‘decentralized’ can feel a bit vague because it describes what SSI is not (ie, not centralized) but doesn’t explain what it is. For that reason, one needs to explain the benefits of decentralization separately:
- Locus of control: Accessing data from centralized databases, as occurs with other identity tech, requires access and permission from the database administrator — not necessarily consent from the subject of the data. Thus, data breaches and misuse of data have led to people demanding ownership of their data. With SSI, the data subject is the one with control to consent to sharing of their data.
- Autonomy: As companies die and policies change, it’s helpful to avoid single points of failure. SSI wallets are transportable between different vendors, avoiding vendor lock-in. More on autonomy here and wallet portability here.
- Public key infrastructure (PKI): Much of SSI hinges on public/private key cryptography. Trust in traditional PKI systems is rooted in certificate authorities. Identifiers are rented out by ICANN via the DNS system — a costly and centralized approach to PKI. Blockchains and other technologies enable decentralized PKI upon which SSI can be built.
On one hand, ‘decentralized identity’ doesn’t capture the ideals of autonomy and existence that this blog post and much of the industry appreciates about the term ‘self-sovereign’. On the other hand, organizations and connected devices don’t have their own autonomy — they must be controlled by people — so ‘decentralized identity’ may be a better fit for those use cases. In addition, while SSI decentralizes power associated with identity, it centralizes the storage and access to it (in a digital wallet instead of various databases across the web), which may make ‘decentralized’ a confusing word from a user experience perspective.
Trust over IP
Trust over IP (ToIP) is the newest term used to describe the category. It’s less focused on the traditional authentication/access management/directory services definition of digital identity and more focused on trustable data/credentials. This is a more attractive term than ‘sovereign’ for governments; John Jordan, ED of Trust Services for the government of British Columbia, coined the term and is the current leader of the ToIP Foundation, which focuses on building governance frameworks for trust ecosystems.
Just like ‘Voice over IP’ (VoIP) standardized a way to securely relay audio over the internet, so too does ‘Trust over IP’ seek to standardize a way to share trustable data over the internet. But the word ‘trust’ is fraught with baggage in today’s society and has caused pushback from the identity community and beyond. It’s too early to tell whether the term ‘ToIP’ will catch on more broadly and how the market will react.
Other terms for SSI
In addition to the category-defining names above, you may hear this technology referred to in a number of other, more niche ways. Like the elephant example I opened this post with, each of the following names refers to a specific characteristic of SSI which, taken together, give us a more complete picture.
SSI enables data portability, which has led to it sometimes being called ‘portable identity’. Portable comes from the Latin portare meaning carry, which is also behind the word transport or port. It really means that you can take something from one place or context to another.
Our real-world identity is portable. I can take my driver’s license from the DMV and the context of public roadways to the financial sector and get access to banking services. I can take my university transcript from the education domain to an employer to show my qualifications for a job. SSI makes this possible online. Issuers of credentials, in my experience, feel this dynamic most strongly; after all, anything they issue can be taken and shared with other parties by the holder if they so choose.
My physical, leather wallet has several credentials inside from a number of different sources. The SSI wallet on my phone is the same way; any number of organizations can issue credentials to it. I can then share information from any combination of them to prove things about myself; thus the identity I’m presenting can be comprised of multiple sources.
Despite its strengths, multi-source identity falls short of describing some of the other important properties of SSI. For example, a Facebook Wallet or other proprietary, centralized system could be used as the basis for a multi-source identity system that provides virtually no autonomy or control to the end-user³. For more on how ‘multi-source’ relates to ‘self-sovereign’, check out a great blog post here.
While ‘multi-source’ describes how credentials get into a wallet, ‘self-managed’ alludes to how credentials are controlled, stored, and shared. This shouldn’t imply that each end-user must hold their own keys or worry about storing their credentials locally — they could theoretically contract that out to a vendor or configure some AI to assist — but it does mean that the end-user is the one in the driver’s seat.
You may see ‘self-owned identity’ used instead of ‘self-managed’, but you won’t see that from me or most of my peers. Although many of the implications of ‘self-owned’ (possession, control, accountability) are common with ‘self-managed’ or ‘self-controlled’, the legal construct of ‘ownership’ (property rights, right to sell, exclusivity, etc) is a dangerous one in relation to identity⁴. Because of these nuances, ‘self-managed’ and its variations aren’t widely used.
The term ‘user-controlled proofs’ is a yet unadopted term coined by Kim Cameron, author of “The Laws of Digital Identity”, seeking to be a bit more technically accurate than terms like ‘self-sovereign’. Indeed, in an SSI model, people not only collect credentials from multiple sources, but also share information from those credentials in the form of a ‘proof’. Those proofs can be verified independently, virtually, and instantly by anyone they’re shared with. While a verifier can specify their requirements in a request to a user, the user has control of whether and how they respond.
User-controlled proofs is a good term to describe the holder’s perspective of the interaction they have with the verifier. However it’s quite technical and would likely face adoption challenges when presented to the average identity holder⁵.
Recently coined by Tim Bouma, Legally-enabled Self-sovereign (LESS) Identity stands in contrast to the ‘crypto-anarchist’ notion of a trustless self-sovereign identity⁶. LESS implies that the identity presented to a verifier is backed by a legal framework. Perhaps it’s a credential issued by a government or regulated institution. Or maybe there’s an existing legal framework that’s represented with a credential.
LESS enables verifiers to build trust beyond just the cryptographic assurance of a credential’s validity. Much of the work of the ToIP Foundation on governance frameworks is seeking to reinforce this notion. All of the projects I’m aware of with real traction are LESS identity.
In Trinsic’s introductory SSI post, I explain how real-world human identity is the combination of intrinsic (Who am I? How do I identify myself?) and extrinsic (How does the state identify me? What does my university say that I have achieved?) factors. Because that’s how the real-world works, I love the name ‘life-like identity’ to describe SSI. To drive the point home, continue that logical train of thought to ‘login with Google’. Wouldn’t it be weird if instead of buying from a store directly, there was a Google representative at every register who authenticated you and mediated the transaction? Especially if they were also recording everything you say and do and sending it back to their boss to be reviewed and analyzed. That would never fly in the real world. And I don’t think it’ll be the norm online anymore in 10 years either.
Life-like identity is unfortunately not widely-used, but in many ways, it is a good umbrella term for everything else we’ve talked about in this post. This is really what we’re trying to create with this technology; solutions that respect human dignity in the interactions they have daily, just like exist in person. For more on this term, check out this post.
‘Self-sovereign identity’ is an imperfect name for an imperfect, but rapidly growing and promising new category of technology and business solutions. I think it’s the best term on the table; but ultimately, the way to refer to the category will be defined over time as the dust settles through real-world deployments. The name that will emerge will likely not be the first one, but the one with the least negative baggage that balances being specific to the technology but broad enough to encompass all its variations.
Taken collectively, each of the names listed in this post overlap with others in interesting ways, creating a more full picture of SSI. For example, could you have SSI without multi-source identity? Or without user-controlled proofs? Could this system ever work unless it was legally-enabled? And if we succeed at adopting SSI ubiquitously but it doesn’t bring more autonomy and dignity to our interactions online as we do in real life, did we really succeed?
If you enjoyed this post, reach out to me on LinkedIn and check out Trinsic, the easiest way to get started with SSI.
Thanks to Lynn Nichols, Anna Johnson, Phil Windley, Kaliya Young, Juan Caballero, Timothy Ruff, and Josh Welty for giving input on this post.
- The elephant example is fun, but this phenomenon isn’t just found in cartoons; examples are also found throughout the world. Look at religions for example. The central figure of Christianity is called a variety of names in the Bible, including Savior, Son of God, Shepherd, Messiah, and more. These names each communicate different aspects of the meaning assigned to the 5-letter word ‘Jesus’. In Islam, God is believed to have 99 names.
- IIW 30, book of proceedings, page 275 for notes on the discussion
- Of course, Facebook could also build a wallet that supported individual privacy and autonomy if they wanted to! They’re just the boogyman for this example.
- I own my car, so I can legally sell it (or parts of it) or rent it out in exchange for money. Can I sell my identity? Or rent out my driver’s license? No, I can’t. Nor should I be able to; identity and personal data are not property to be bargained with, but an intrinsic part of the self. Bodily autonomy is a closer metaphor for credentials than property ownership. Can you legally chop off and sell your arm? No, but you still generally have autonomy to act of your own volition with regard to your own body. So you don’t own your body; you use it, control it, etc. — likewise for your identity. For a better analysis on this, see here.
- One objection some people take to this term is the word ‘user’ which is seen in some circles as objectifying or dehumanizing. “Only two industries have users, drugs and tech,” so the saying goes. On the other hand, I’m using a keyboard to type this sentence. Any word has baggage if you look at it too closely.
- In a talk early this year, Christopher Allen urges the community to keep the trustless identity in mind to keep in mind for more vulnerable populations who are disenfranchised by the legal regimes of which they’re a part.