Identity is everything. It permeates everything we do, every activity (both on and offline), and has a huge bearing on our relationships. We go through life sharing parts of our identity, with people, institutions, service providers, even with our pets. Whatever animal we choose to love knows us for who we are, and how we treat them.
In the offline world, we can control who we are, to a certain degree. And though emotions sometimes get in the way, humans own who they are as a parent, husband, partner, business associate, or pet owner. We behave the way we want to behave, as much as our personality traits allow us to anyway. In this world, we can trust those whom we know well, or those with whom we have formed solid bonds. To a certain extent, of course. The human mind is fickle and ever-changing. But the point is, we can control and own our identity, while offline.
But in the online world, the picture is quite different. In the online universe, identity is a far more ethereal thing. Thinner, if you will. It is fair to say that the virtual world can resemble a wild and global carnivale where everyone can hide behind a mask of anonymity. In this landscape, trust is far harder to establish.
Centralized third-party authorities supposedly exist to prop up society’s pillars. The passport office; social security; tax agencies; driver’s license bureau; your broadband provider; civil registers: electricity suppliers; waste collectors. And so on. Each and every one of these administrative authorities holds a record of people’s identities, and each of every one of them gets to control and manage those identities in every way they see fit. The person who actually owns that identity has no say whatsoever.
Centralization does have inherent risks. When too much information is concentrated in a single point, that point becomes a target for hacking. The Equifax incident is perfect proof of this. Also, there are privacy concerns, and what do corporations and other agencies actually do with people’s data. The Cambridge Analytica event revealed the extent to which some organizations will go to monetize and exploit personal information.
The overriding issue in all this is that we, the individuals, have been artificially excluded from owning our identities for decades. We are forced to implicitly trust these organizations that they will always do the right thing, and if they don’t, well, remember those ‘I agree’ buttons at the end of pages and pages of text that we skipped over? Within those pages one can usually find clauses exonerating the company of any wrongdoing, if they get caught doing the wrong thing.
The move towards a more connected society, and the rise of blockchain technology in particular, are bringing about a paradigm shift in the identity field thanks to Self-Sovereign Identities (SSI).
The core notion of SSI
Identity is central to human life. Without it, we’re literally nobody. Yet, in the world of today. there are about 1 billion people who cannot prove who they are, because they have no access to verifiable or trusted sources of credentials. Their birth certificates might be lost, or never existed in the first place. In sub-Saharan Africa, around 20 million children do not have a birth certificate. Because of this shortcoming, these children might never be able to access proper education and other vital services.
With the advent of the internet, the identity problem multiplied tenfold. As websites began to pop up in their millions, identity became diluted among a thousand different ways to identify ourselves and a major issue became apparent. There was no identification standard. Each site issued its own requirements, and hence the rapid proliferation of individualized username/password combinations for every site. Strangely, this stopgap solution became a standard in itself.
But lack of standardization could not hold for long. This siloed approach would not be sustainable in the long run, because of the sheer scale of the problem. How many username/password combinations can the human mind retain, at the end of the day? And while internet browsers and apps do offer a certain degree of automation, and many websites have adopted a federated Single-Sign on doctrine built around two or three major providers, this approach to user authentication is fraught with problems, including vulnerability to hackers, spoofing, and plain and simple trust and privacy concerns.
The natural evolutionary step towards correcting this global (and very significant) flaw of the current system is harmonization. In other words, the creation of a standard, a common identity layer that enables everyone (individuals, organizations, etc.) to have a unique set of identifiers that can be utilized and reutilized across different providers that are part of a network of trust.
This is SSI’s central tenet. The ability for individuals and organizations to own and control their identities, without intervention or interference from any third parties. In this context, ‘self-sovereignty’ refers to the ability of the individual or the organization in control of the identity to share it and present it to other agencies with no intermediaries.
SSI as the fabric that binds the internet’s identity layer
Somebody once said that the internet was just a bunch of pages held together by blue links, and at a certain point in time, this might have been partially true. (According to apocryphal tales, hyperlinks are blue because almost everyone can distinguish the color blue from other colors, whereas color-blind people cannot, or have great difficulty with, identifying red and green, which were allegedly the other two color options for hyperlinks when the internet began to grow. Blue was also chosen as Facebook’s main palette because Mark Zuckerberg is red-green colorblind.) The internet has now grown far beyond its humble beginnings. It now permeates pretty much everything, from our TVs to our smartphones, to certain home appliances, and even the cars we drive. Everything is connected, and everything needs to know who we are, and trust us.
This perma-connection, and the need for trust do require a solid, constant -and more importantly, standard- means of authentication, something that binds everything together with a mantle of authenticity, and this can only be achieved through digital means. More precisely, through SSI.
Digital identity management solutions are quickly emerging built around the SSI concept. My.D, for instance, follows the SSI principles and identity regulations such as General Data Protection Regulation (GDPR) to build part of the internet’s binding fabric, a layer of digital identification that’s part of the new identity and authentication paradigm in the ever-growing internet space.