Every day we are seeing a lot of
identity breaches. Starting from Facebook data leak to Aadhar information leak in
India, the identity of people come under scanners. We all deserver to own our identity,
control the usage without involving third parties. In a physical world, we
all have a unique set of information to prove we are the citizen of the
particular country, we know driving, we are eligible to vote via documents like passport,
driving license, Voter ID, etc. We own the identity proofs and we can keep them
safe but when it comes to the digital world, we are dealing with a different
scenario.
Current Digital Identity has two major
problems. First, we don’t own the identity. We identify ourselves with the
username/passwords or by logging into different systems using the SSO
Authentication from third party organizations like Google, Facebook, etc. Thus,
our identity is not owned by us. We don’t control the fact, how our identity is
used. The next big problem is oversharing of information. If you are going to vote,
we are supposed to prove that we are 18+. But the voter ID reveals other
unnecessary information like date of birth, address, etc. This problem is
witnessed in both physical and digital identities.
Self Sovereign Identity came as a one stop
solution to solve these problems. It combines attributes from different credentials
and presents them as a single proof. It relies on Zero Knowledge Proof. Thus,
the proof is just going to reveal Yes/No answers. If the question is, are you eligible to vote,
the proof will give only Yes/No
as the answer. The identity proof is presented in a way that, the
verifier can verify the authenticity of
the credentials like the credential issuer, its uniqueness, integrity and can
ensure that its jot tampered or revoked without contacting the issuer.
For Example, if you want to vote,
the issuer(government) will put the public key in the ledger store and issue
the unique token to you. When you reach the voting booth, the verifier can verify
if that’s you, just by checking the data in the ledger store. This ledger store is
not a centralized authority. It is not run by any single organization. We call
this ledger store as Sovereign Ledger which is tamper resistance and ordered chronologically.
The relationship between voter
booth and you are made only once. This is unique. Again, consider a case, if
you go to the bank, you will make another unique relationship by showing them the
possession of the credentials. The connection setup and credential exchange
happens off-ledger, privately, without involving the third parties. Finally,
you will be provided with a digital token by the bank after authorization.
After getting the credential and the relationship, no requirement to use a username/password. No login and nothing. Just by proving the possession of the
credentials and the connection you setup, you are going to say, its me, and here is the
digital proof.
By establishing a peer to peer
connection, we are safe from any kind of Man in the Middle attacks. To Make it work,
we need some open
protocols and standards. Several Organizations around the world came forward to
maintain the standard ledger abiding by certain principles and rules to ensure
that, the identity control will be with people themselves. This factor separates
the sovereign from bitcoins and Ethereum. Here, Hyperledger Community comes to
the picture. Stay tunes for next write ups!
