What Is Self-Sovereign Identity and Why Do We Need It?
Ever since the early days of mass internet usage, questions have swirled about the nature of our online selves. Each and every one of us has countless online personas that we use to log in to various online services, from social media platforms to online banking. Just for a moment, stop and think about how many different accounts you have created across the web — a trail of digital breadcrumbs that represent your digital identity, albeit fragmented and unrecognizable.
Each time we log on to use a new service, the process is the same: we provide some of our personal information and, in exchange, we are granted a digital identity by the service provider that permits us to use their platform. But, in considering the order of this exchange, it becomes clear that something is amiss and that we’ve been doing things backwards for years. Firstly, we don’t need a company to bestow us with an identity because we have one already — surely all we should be doing is verifying that fact. And secondly, we have provided social networks and service providers with our most valuable asset — our information — and we’ve done so free of charge and without asking for much in return, besides the use of their services, which, of course, they are only too happy to grant.
The Value of Our Data
It is only in recent years that we have come to the realization that we have merely scratched the surface when it comes to the true value of our data. Do you know what your data is worth? Do you know who has access to it and how it is used? The majority of us do not know the true answers to these questions.
The topic of data privacy has gained huge momentum in recent years — the challenges of which have been compounded over the past 12 months due to the ongoing Covid-19 pandemic. We have witnessed data challenging the likes of oil as our most valuable asset, which further bolsters the need for an education surrounding the use of our information and the way in which it’s bought and sold.
Every day, the world makes millions of digital transactions through online shopping, communicating via mobile apps and generally sharing information, but who decides what happens to our information and at what cost? Many of us are familiar with how organizations gather our information in order to provide a better, more bespoke customer experience. Organizations, large or small, track the activity of their customers, whether it be the number of times they visit a website, the type of items they like to buy or simply whether or not they clicked on a link in an email. This information provides them with an insight into the needs of the consumer, and can often be mutually beneficial for both parties. The information collected can then be leveraged by the organization to improve its products and services based on the customer’s unique feedback.
The concept of data collecting and sharing has the potential to take a more sinister turn when an individual is unaware of what information is being shared or sold to third parties. Contrary to popular belief, multinational companies often do not share the data they have collected from their customers, as it's too valuable and is often what holds the key to their success.
For example, in a bid to be more transparent, PayPal has released a comprehensive list of third parties with whom they share customer information, including the name of the company, why they share the information and exactly what information they share.
In order to take on this responsibility, consumers need to be equipped with the right information and the right tools. Emerging technologies such as blockchain can play a critical role.
Blockchain’s ability to store information on either a public or private network enables key parties to access critical information, and then only what the individual allows. This way, the power is placed back into the hands of the individual, where they can choose who they share their data with, and to what extent.
So, now that we know what’s wrong with the current scenario, where does the solution lie? The alternative is a concept called Self-Sovereign Identity (SSI), which places control of personal information with the user, enabling them to log in to all of their online services using just one ID. No more forgotten passwords or having to hand over all your personal information; this is a concept that could dramatically change how we use the internet.
How Does Self-Sovereign Identity Work?
To better understand how SSI works and the particular benefits it provides, let’s take a look at one specific example: Ontology's decentralized identity framework, ONT ID. Based on the specifications for Decentralized Identifiers (DIDs) laid out by the World Wide Web Consortium (W3C), ONT ID provides a self-sovereign system of data authorization and ownership confirmation, thereby granting true control to the respective users of a particular asset. It can be used to generate and assign digital, cryptography-based identities to different entities such as individuals, institutions, objects and content and supports collaborative services such as distributed and diverse ownership confirmation, identification and authentication of the aforementioned entities.
In a system that utilizes SSI, all users are granted unique identifiers that they can use to manage their identity to access online services. In the Ontology ecosystem, for instance, this solution is a mobile digital ID application and decentralized framework called ONT ID.
By combining ONT ID and a mechanism that uses verifiable claims, Ontology has successfully established a decentralized trust model and a distributed trust delivery system. The system uses zero-knowledge proofs to assure that services only access the specific data they require to verify identity, thereby ensuring the privacy protection of verifiable claims. Through solutions like ONT ID, it is also possible to incorporate various authentication service agencies and facilitate multi-source authentication to achieve a more complete picture of the respective entity's identity.
In addition to building a trust network that relies on certain central entities, different entities can also build strong trust relationships amongst themselves. Such a credibility based network is generated through mutual authentication between entities. The higher the number of successful authentications, the higher the credibility of a particular entity. High credibility ratings would make the entities more reliable and trustworthy, and authentication from a high credibility entity will equate to higher credibility for said entity.
What’s Next for Identity Solutions?
As with other SSI solutions, ONT ID allows users to securely manage their digital identity by storing their data locally on a phone or on trusted cloud storage with a private key that grants access only to the verified user. Once the user is set up with ONT ID, they can use this single online identity to access a range of useful products and services, such as managing digital assets, paying for concert tickets using cryptocurrency or even settling insurance payments. In time, it is envisioned that this SSI will not only be useful online, but in the physical world as well.
The evolution of the internet and the steady online migration of essential services such as banking and healthcare has led to a resurgence of old questions about who the true owners of our online identities are. SSI will finally put an end to this debate, putting data back in the hands of the consumer and empowering them to use it as they see fit.
Decentralized and backed by blockchain, self-sovereign identity solutions place an increased focus on verification, security and data management, and are a fundamental step towards achieving a new system where users are in control of their data and can seamlessly collaborate with enterprises while trusting that their data still belongs to them.