Disclaimer: This article is intended to convey more market information and does not constitute any investment advice. The article only represents the author's views and does not represent the official position of MarsBit.
Editor: Remember to follow
Source: MarsBit
This is a review article about understanding self-sovereign identity (SSI). This article explains the importance, advantages and challenges faced by adopting SSI.
The internet is built without an identity layer. — Kim Cameron, chief identity architect of Microsoft
Self-sovereign identity – usually abbreviated as SSI – is a digital method of identity identification on the internet. Let's consider an example of a modern internet. We use the TCP/IP protocol to connect to the device's address, but we have little information about who is responsible for the device. In some cases, hackers have been manipulating device addresses (IPs). This situation makes people unable to trust or rely on the Internet. We humans have built the Internet, right? So how difficult is it to design a new standard to identify the individual or organization we are dealing with? It turns out that this is very, very difficult.
When the internet runs, it connects several computers, but this is mainly used by academic scientists. Because there are not many people using computers, everyone knows each other. As the times evolve, billions of people with trillions of devices are connected via the Internet, almost all of whom are strangers. So how do we verify the source of the interaction we are with?
In October 2008, when Satoshi Nakamoto first published Bitcoin: A peer-to-peer electronic cash system, no one expected a fundamental change in our perception of money, identity and online trust. Instead, this paper sparks a deep understanding of blockchain and cryptography to build verifiable identities and verifiable proofs.
So how do we perform digital recognition? We can verify it in three main ways:
1) Centralized identity model : as simple as you have an entity account. Usually, you have a username and password to access the application service. We can also refer to this model as an account-based identity. The organization will have these credentials and if you delete your account, your access to the application will be revoked.
Account-based identity model
2) Joint identity model : To solve the pain of centralized identity, we added an intermediate layer called identity provider (IDP). You can log in to various applications using a single ID. You may have encountered multiple websites where you can choose to log in to the application using Facebook, Google, Github or Twitter account ID. This reduces the number of times new accounts are created in the new program. Since we have so many IDPs, it's hard to remember the IDP method used to log in to the application. If we exit the centralized identity model, we will immediately give up other accounts using IDP.
uses various IDP login protocols
3) Decentralized identity model : Through blockchain technology , we can use public key and private key management for point-to-point connection. In this case, the model no longer relies on centralized or federated identity providers. This model accelerates new decentralized standards for verifiable credentials (VC) and decentralized identity (DID). By default, point-to-point is distributed, because any user can connect to any user, just like the internet. This can be achieved by using public/private key encryption (we will discuss further in the following article). We have to understand that we have a private key through which we can sign transactions. We also share the public key through which anyone can verify the information without knowing the key. The risk of losing a private key is very high.
The decentralized identity model can implement point-to-point connections
A person's identity is neither dependent nor subject to any other power or state, called self-sovereign identity.
Through the definition of self-sovereign identity (SSI), we can understand the power of SSI, but this can also lead to conceptual confusion. You are the only one who can produce identity.SSI can only be used for individuals. let me clarify that SSI is almost the credential you currently have in your wallet, which you can use to verify your identity, i.e., a digital wallet. With this digital wallet, you can prove your identity. This helps provide security, privacy and personal data control.
In the current information age, we need to control the information we can share about ourselves. Let's think about a real life example: If you want to enter a bar/club, you need to show your identification. In most cases, we provide a driver’s license to prove that we are over 21 years of age. During this process, you actually provide information that is not related to it, such as name, date of birth and home address, etc.
In fact, the club only needs to know whether you are only qualified to enter. ——You saw the problem, right? If the club sells that information, your identity data will be at risk. Imagine having an SSI digital wallet. A simple QR code can help you deal with this kind of situation without sharing information. The club can verify your age but still don't know any of your personal information. In a future post, I will discuss how to achieve this using various advanced cipher techniques .
Let's see what scenarios SSI can also be applied to:
Banking and Finance : It is one of the most important scenarios and it needs to be kept safe. Having an SSI helps us quickly browse and access information. With the help of SSI Digital Wallet, we can provide the required digital credentials for inspection through KYC (Know Your Customers) and AML (Anti-Money Laundering) which is required for every financial institution. We can share information digitally with the right to obtain a loan or mortgage. Authorize digital audits and remittances by one or more parties.
Health Care: health report needs to be kept confidential and only the relevant doctor can see the report. With the development of current technology and software, various EHR (electronic health records) exist. With an SSI digital wallet, we can share relevant health records instantly and securely and conduct a second consultation for a second doctor in private. It can easily satisfy any medical or surgical procedure. You can easily access your lifetime vaccination history, allergies or immunity.
Travel: Anyone who travels abroad will suffer from carrying a large number of documents that can prove their identity. Due to the extended waiting time, the immigration line can exhaust you as it can take a long time to verify all the required documents in an individual. Imagine having an SSI digital wallet. We can present our proof of visit and prove that we carry all necessary documents and our travel history can help review travel trajectories.
is obvious, using SSI has many advantages, but there are some significant challenges when adopting this technology. For example:
New SSI ecosystem: In the future, companies will provide this solution to create their own ecosystem. One of the main limitations of building an SSI is its ability to achieve interoperability (the ability to interact with various SSI solutions).
Decentralized key management: The core component of the SSI model is private key . It is usually generated during the initial stage of creating the digital wallet . Any damage to the key can make your digital identity worthless. Therefore, a decentralized key management system must be established to protect your key or private key from being lost. Recently Vitalik Buterin talked about private key recovery in his latest SoulBound Token paper. (I will explain in a future post)
offline access: SSI digital wallet for shared via digital network. We will have to build an architecture that can verify identity without an internet connection, which remains to be resolved.
SSI is just starting with relevant breakthroughs, and research and adoption can greatly help us change the way we identify ourselves on the Internet. I want to live in an era where I don’t have multiple credentials, are easy to trust (which essentially means verification), and are 100% controlled by personal data.
