Self Sovereign Identity

Every day we are seeing a lot of identity breaches. Starting from Facebook data leak to Aadhar information leak in India, the identity of people come under scanners. We all deserver to own our identity, control the usage without involving third parties. In a physical world, we all have a unique set of information to prove we are the citizen of the particular country, we know driving, we are eligible to vote via documents like passport, driving license, Voter ID, etc. We own the identity proofs and we can keep them safe but when it comes to the digital world, we are dealing with a different scenario.

 Current Digital Identity has two major problems. First, we don’t own the identity. We identify ourselves with the username/passwords or by logging into different systems using the SSO Authentication from third party organizations like Google, Facebook, etc. Thus, our identity is not owned by us. We don’t control the fact, how our identity is used. The next big problem is oversharing of information. If you are going to vote, we are supposed to prove that we are 18+. But the voter ID reveals other unnecessary information like date of birth, address, etc. This problem is witnessed in both physical and digital identities.

 Self Sovereign Identity came as a one stop solution to solve these problems. It combines attributes from different credentials and presents them as a single proof. It relies on Zero Knowledge Proof. Thus, the proof is just going to reveal Yes/No answers.  If the question is, are you eligible to vote, the proof will give only Yes/No as the answer. The identity proof is presented in a way that, the verifier can verify the authenticity of the credentials like the credential issuer, its uniqueness, integrity and can ensure that its jot tampered or revoked without contacting the issuer.

For Example, if you want to vote, the issuer(government) will put the public key in the ledger store and issue the unique token to you. When you reach the voting booth, the verifier can verify if that’s you, just by checking the data in the ledger store. This ledger store is not a centralized authority. It is not run by any single organization. We call this ledger store as Sovereign Ledger which is tamper resistance and ordered chronologically.

The relationship between voter booth and you are made only once. This is unique. Again, consider a case, if you go to the bank, you will make another unique relationship by showing them the possession of the credentials. The connection setup and credential exchange happens off-ledger, privately, without involving the third parties. Finally, you will be provided with a digital token by the bank after authorization. After getting the credential and the relationship, no requirement to use a username/password. No login and nothing. Just by proving the possession of the credentials and the connection you setup, you are going to say, its me, and here is the digital proof.

By establishing a peer to peer connection, we are safe from any kind of Man in the Middle attacks. To Make it work, we need some open protocols and standards. Several Organizations around the world came forward to maintain the standard ledger abiding by certain principles and rules to ensure that, the identity control will be with people themselves. This factor separates the sovereign from bitcoins and Ethereum. Here, Hyperledger Community comes to the picture. Stay tunes for next write ups!