Here are seven myths of SSI that I repeatedly hear and will address across two posts. Myths 1–3 will be discussed here, myths 4–7 here.
- Self-sovereign means self-attested.
- SSI attempts to reduce government’s power over an identity owner.
- SSI creates a national or “universal ID” credential.
- SSI gives absolute control over identity.
- There’s a “main” issuer of credentials.
- There’s a built-in method of authenticating.
- User-centric identity is the same as SSI.
Note: readers should have a basic understanding of how SSI works before reading this. For a primer, review the third and final section of The Three Models of Digital Identity Relationships.
The self-sovereign identity model.
I recently attended the ID2020 event in New York, where some of the biggest players in identity were on hand, working toward fulfilling the United Nations’ Sustainable Development Goal 16.9: Identity for all by 2030. It was an excellent event, lots of energy, very professional, and serious about moving the needle on this BHAG (big, hairy, audacious goal).
We heard first-hand examples of the pains caused by broken identity systems around the world, some of which were truly heartbreaking. Most of us take for granted that we can prove things about ourselves, unaware that over a billion people cannot, leaving them unable to obtain desirable work or advanced education, open a bank account, hold title to property, or even travel. As noted by the World Bank’s ID4D, identity is a prerequisite to financial inclusion, and financial inclusion is a big part of solving poverty.
That means improving identity will reduce poverty, not to mention what it could do for human trafficking. Refugees bring another troubling identity dilemma where the need is critical, and where we are commencing efforts through our partnership with iRespond.
Several times throughout the event, SSI was discussed as a new and potentially big part of the solution. While there was clearly hope, there was also skepticism that, in my opinion, stems from misperceptions about what SSI really is and is not.
If SSI really was what these skeptics thought, I wouldn’t favor it either. And if they knew what SSI really is, I think they’d embrace it wholeheartedly.
The perception problem begins with the very term, “self-sovereign.”
“The term ‘self-sovereign’ identity makes me think of hillbillies on a survivalist kick.”
Kim went on to clarify that he is strongly in favor of SSI, he just dislikes the term and the negative perceptions it conjures up.
Self-sovereign identity is not a great term — for lots of reasons — but until we have a better one, (“decentralized identity” is a serious candidate) let’s clarify the one we’ve got.
Myth 1: Self-sovereign means self-attested.
In meatspace (real life, compared with cyberspace), to prove something about yourself you must present what others say about you in the form of credentials or other evidence; without this, what you claim about yourself isn’t strongly reliable.
I can claim I went to Harvard, but when a prospective employer needs to know for sure, my claim is no longer sufficient. Saying my credit is great won’t get me a loan, and claiming I’m a pilot won’t get me into the cockpit. I need proof, and it must come from a source that the relying party will trust.
SSI is no different. You can make all the claims you want about yourself, but when a relying party needs to know for sure, you need to show them credentials provably issued by a source the relying party trusts.
Self-attested verifiable credentials — what you say about yourself — still have their place: they are how you provide your opinion, preference, and most important, consent¹. Opinion, preference, and consent can only reliably come from the identity owner and not from third parties, whereas proof of identity or other attributes are exactly the opposite: they must come from third parties and not the identity owner.
So, to prove Timothy Ruff has given his consent — which only Timothy can give — you must be confident that you’re dealing with the real Timothy Ruff, which is only provable with third-party attestations.
This means that self-attested credentials, including consent, still rely indirectly on third-party credentials. (Unless it’s something like pizza preferences, where who you are doesn’t matter much.)
Bottom line: the foundation of SSI, as with any strong identity system, is third-party issued credentials, not self-attested credentials. SSI supports both, and each type can add value to the other.
Myth 2: SSI attempts to reduce government’s power over an identity owner.
This myth hearkens back to Kim’s comment, where the term “self-sovereign” could literally be interpreted to mean an individual might somehow become less subject to government. In reality, nothing could be further from the truth. In fact, SSI can actually build a stronger and richer relationship between governments and citizens.
SSI makes possible a private, encrypted, peer-to-peer connection between government and each citizen that can, with mutual consent, be used for powerful mutual authentication (preventing phishing), communication, data sharing, and more. This connection wouldn’t be affected by changes in email address, postal address, phone numbers, and so on. And since both sides of the link would be self-sovereign, either side could terminate it, too.
From the perspective of government, the initial function of SSI is straightforward: take existing credentials, whether physical or digital, and begin issuing them cryptographically secure in the form of digital, verifiable credentials. These credentials can then be held independently by the individual, and verified instantly by anyone, anywhere, including government, when presented.
The secondary function of SSI is even more interesting: use the encrypted connection that was created during credential issuance for direct, private, ongoing interaction with the constituent.
From the perspective of the individual, we’ve actually had some central features of SSI for hundreds of years, using the global standard known as paper. Today, government gives you a passport which you carry and present anywhere you wish, with broad acceptance. SSI simply makes the same thing possible digitally, and with significant advantages (zero-knowledge proofs/selective disclosure, revocation, mutual authentication, etc.).
This digital transformation of credentials simply hasn’t been possible until now, at least interoperably and on a global scale.
Myth 3: SSI creates a national or “universal ID” credential.
There exists no intention (or delusion) that I am aware of that somehow SSI can, once it is broadly adopted, supplant a national ID system. On the contrary, as mentioned above, government should get excited about how SSI can complement and improve existing identity systems, whether national, regional, or otherwise.
SSI actually does not replace the trust of government or any other organization; it is simply a means for connecting and exchanging instantly authenticatable data. SSI is set of protocols, not an actor, and it has no inherent basis for trust other than the cryptographic properties that ensure the privacy and integrity of the data exchanged and the connection used to exchange it. What parties exchange over that connection, and whether to trust what was exchanged, is up to them.
Some governments already understand SSI and are leading out on its implementation. My prediction: all governments will eventually use SSI to issue credentials digitally, to better communicate with and interact with constituents, to streamline internal processes where slow verification bogs things down, to more strongly authenticate the people, organizations, and things they deal with, and to reduce the printing of paper and plastic.
SSI in the Developing World
Now that’s all fine and dandy for the developed world… but what about the billion-plus “invisibles” living without credentials, often in situations where a government is somehow struggling to issue them… can SSI help?
In some parts of the world, trust within a community is established by obtaining from a trusted individual a signed attestation that you’re worthy of obtaining a loan, for example. With SSI this could be done digitally rather than on paper, it could involve biometrics that strongly attach the attestation to the attestee and attestor, and it could include attestations and other potential credit scoring data from multiple sources.
I can imagine a baby born in a remote village and receiving her first “credentials” from her family and friends, who each give her attestations about her birth and their recollections of it. Pictures, videos, songs, and other precious memories could be added to her brand new digital wallet — which is now so much more than a wallet — and with guardianship of it tied to her parents. Who knows how such a set of credentials issued by loved ones might later be used, but my sense is that it could be vitally important some day.
I love the fact that SSI is powerful for both developed and developing worlds. I can’t wait to explore this topic more in the future.
Part 2, Myths 4–7, can be read here.
¹ Consent is a rich topic that will be covered in greater detail in the future. See here for an eye-opening perspective about how elusive, and practically impossible in many cases, consent can be.