Identity is one of the cornerstone challenges for everyone as we rely further on the internet and our access through mobile and other means in our everyday lives. Most of you are aware of the concept of the Internet of Things and the Internet of Value. This is the evolution of the web becoming more than an information provider, but away of linking billions of devices to the internet and allowing all sorts of new paradigms of services and solutions as we move into the era of micro-services, micro-payments and automation.
These services can be anything from accessing Wifi on time usage, to selling your excess solar electricity onto a micro-grid, to charging your car at a third party convenient site, pay as you go automated taxi's in the near future and anything your imagination can think of!
The Internet of Value of course will be the ease one can send value across the net, this effectively to be able send FIAT currency, crypto-currency, to legal contracts and practically anything of digital value. The current existing example is Ripple with International Payments, available to retail customers through for example the Santander One Pay FX app or through MoneyGram. The adoption of this and potentially other similar technologies based on the blockchain may see a rapid adoption over the next 5 years.
The above could be seen as 2nd leg a move from beyond information, to transferring value. The third leg in this global adoption is the concept of having an ID that is ultra low risk, global, not managed by a larger corporation with its risk on systemically important organisations that ultimately can be hacked and as explained in the attached article below.
I am not going to go through the advantages of self sovereign identity as the article explains it pretty well. I want to share information that was researched by the GRAF University (1) and the different types of ID types. This so we understand why self sovereign identity and other more sophisticated methodologies is where the potential future lies.
Isolated Identity Model
The evolution of identity models started with the isolated identity model, which is still the most common model. Its main concept expresses the combination of the service provider (SP) and the identity provider (IdP), which means that the SP manages the user’s identity data as well as their credentials. In this case, the user authenticates herself directly at the SP.
Central Identity Model
In contrast to the isolated model, the central identity model separates the IdP from the SP. This separation is the main difference and advancement because the identity data are stored at the IdP. When a user wants to access an online service, she has to first authenticate herself at the IdP and afterwards the identity data are transferred to the SP. In this model, the user does not have any control over her own identity data. An example for this scenario is using Facebook because the user does not have control over her own data stored at Facebook (although this has recently changed).
User-Centric Identity Model
The user-centric model differs from the central model in storing the user’s identity data in the user’s domain. This domain could be a secure token such as a smart card. Sharing identity data of a user requires explicit user consent. An example for a use case scenario where this model is used is the Austrian Citizen Card.
Federated Identity Model Whitepaper:
Self-Sovereign Identity 7 The federated identity model differs from the previous defined models by distributing identity data across multiple IdPs instead of storing it in one central place. In this model, multiple IdPs provide the required identity data to access a service. These IdPs are working together in a federation, which requires a trust relationship between the IdPs. Federated IdPs share a user’s common identifier. This model can be used to realize Single-Sign on (SSO). SSO would be the authentication subset of federated Identity Management. Self-sovereign identity as next identity model The next further stage of identity models is the:
Self-Sovereign identity (SSI) model.
In this model, the user fully owns and controls her own data. A SSI system creates new requirements – on the technology that is used to create such a system. The blockchain technology fulfills most of these requirements. SSI Concept Sovereignty is, per definition, a supreme power or authority, which governs itself without any outside influences. Sovereignty for identity management means that the user’s identity data are fully owned and controlled by herself. The concept of Self-Sovereign identity can be seen as the next stage of evolution in identity management. The blockchain technology provides a good basis to create a SSI system.
The requirements of such as system are detailed as follows.
- Each individual has to have the full control over her data. This includes not only what identity data are being stored but also who has access to these data.
- The user should be able to add or import identity attributes as well as delete or revoke them at her leisure. Also, all access of identity data of a user should be logged for later verification. Ensure security and privacy of user’s identity data
- All identity data have to be stored and processed in a highly secure manner. Additionally, the user’s privacy has to be preserved. For instance, unlinkability between the user wallet and her identity data increases the user’s privacy.
- Full portability of the data. This requirement describes that the user should be able to use her identity data wherever they want. For instance, a SSI system can be used as identity provider when the user tries to access an online service.
- No trust in a central authority is required. The underlying blockchain technology solves the required trust related to a central authority. Ensure data integrity The integrity of identity data can be ensured by utilizing the blockchain. This is one of the main advantages using the blockchain technology.
- Transparency of the identity data is maintained. The blockchain technology provides data transparency of all in the blockchain stored data. All changes to the data in the blockchain are fully transparent so that no one can alter of delete data without someone else noticing it.
If you read the EGIZ White Paper (1) it highlights why it chose the Sovrin blockchain over the others it reviewed which were: Blackstack; Multichain; Etherium and uPort.
Referring to a more recent paper by Sovrin (2)
In fact, with blockchains, every public key can now have its own address
Decentralized Identifiers (DID) as part of Self Sovereign Identity solutions
DIDs provide a standard way for individuals and organizations to create permanent, globally unique, cryptographically verifiable identifiers entirely under the identity owner’s control. Unlike a domain name, IP address, or phone number, a DID is not rented from any service provider, and no one can take it away from whomever owns or controls the associated private key.
DIDs are the first globally unique verifiable identifiers that require no registration authority. A DID is stored on a blockchain along with a DID document containing the public key for the DID, any other public credentials the identity owner wishes to disclose, and the network addresses for interaction. The identity owner controls the DID document by controlling the associated private key.
Because DIDs are an open standard, any blockchain can create a DID method defining how DIDs can be registered (written) and resolved (read) on that blockchain. And because control over a DID is asserted entirely using cryptography—by digitally signing the transaction with the blockchain where the DID is registered—no central authority is needed to register the DID.
Nor is any central authority needed to track or manage DIDs. DIDs enable true self-sovereign identity—lifetime portable digital identity for any person, organization, or thing that can never be taken away. DIDs are a sea change in digital identity. For the first time in history, an identity owner is no longer dependent on an external provider to gain the power of a permanent unique identifier that can be looked up on the Internet.
Furthermore, given the right blockchain economics, DIDs can be cheap, so people can generate as many as they need to protect their privacy. Lastly, and most importantly, every person and organization with access to the Internet can have the means to prove their ownership of a public key, thereby enabling their claims to be verified.
The Sovrin explains how it supports GDPR and one time usage of peer to peer links.
It also highlights that:
The hidden costs of our dysfunctional Internet identity infrastructure are staggering.
• The 2017 Hiscox Cyber Readiness Report estimates that cybercrime and data breaches currently cost the global economy US $450 billion per year.
• The 2016 Cybersecurity Market Report predicts cybercrime damages will cost the global economy a total of US $6 trillion by 2021.
• The U.S. Public Interest Research Group estimates consumers will have to directly shell out a collective US $4.1 billion to freeze their credit reports and prevent fraudsters from using personal information possibly exposed in the massive data breach at Equifax.11
• IDG estimates that theft of trade secrets costs every nation from 1 to 3 percent of their gross domestic product (GDP), for a total ranging from US $749 billion to $2.2 trillion annually
The Sovrin protocol is based entirely on open standards and open source—the Hyperledger Indy Project (3). On September 29, 2016, the Sovrin Foundation was announced in London. It is now an international non-profit foundation with a board of twelve trustees plus a Technical Governance Board. In early 2017 the Sovrin Foundation transferred the open source code base—originally contributed by Evernym—to the Linux Foundation to become the Hyperledger Indy project.
After a year of sandbox and alpha testing, the Sovrin Network was formally launched on July 31, 2017, with a genesis transaction between the first 10 participating organizations known as “stewards”. Every facet of Sovrin architecture is designed to address the four major requirements of SSI:
As the design of Sovrin progressed, Evernym and the other founders of the Sovrin Foundation realized that there were four overarching requirements to building a successful SSI system:
1. Governance: how the network can be trusted by all stakeholders.
2. Performance: how the network can provide self-sovereign identity at Internet scale.
3. Accessibility: how the network can ensure that identity is available to all.
4. Privacy: how the network can meet the strongest privacy standards in the world.
Note: As part of everis we offer: everisID which provides Self-Sovereign Digital Customer Identity and Authentication Management service over Blockchain technologies (Ethereum, Hyperledger Fabric or R3 Corda).
everisID has been delivered live in an American Bank and closely related group companies.
everis and parent NTT Data are contributing the both the Interledger (ILP) protocol and the parallel Hyperledger QuILt projects for global ledger interoperability (eventually for all blockchains, DLT and non-DLT ledgers, used by say banks).
(1) EGIZ Self-Sovereign Identity Whitepaper about the Concept of Self-Sovereign Identity including its Potential Version 1.0, 13.10.2017 Andreas Abraham https://www.egiz.gv.at/files/download/Self-Sovereign-Identity-Whitepaper.pdf
(2) Sovrin™: A Protocol and Token for Self Sovereign Identity and Decentralized Trust A White Paper from the Sovrin Foundation Version 1.0 January 2018 https://sovrin.org/wp-content/uploads/2018/03/Sovrin-Protocol-and-Token-White-Paper.pdf
(3) Hyperledger Indy Project. https://www.hyperledger.org/projects/hyperledger-indy
Self-sovereign identiy explainedThis concept is called self-sovereign identity. Self-sovereign identity starts with the notion that we all are the makers of our own identity, online and off. Because they do not rely on any centralized authority, self-sovereign identity systems are decentralized, mirroring the way identity works in real life. Offline, our interactions flexibly support the use of attributes and credentials from numerous third parties, all presented by the very person they’re about, typically by taking those credentials out of a wallet or purse and presenting them to someone else to verify. For example, take a driver’s license. States issue it as a credential that you’re authorized to drive. But, it’s useful for a lot more.