Self-Sovereign Identity: fasten your seatbelts

Identity has been an unresolvable issue that wandered since the beginnings of the Internet. With the explosion of Social Media, the user's digital activity has been exponential, building a new digital identity composed of many digital profiles and leaving a digital trail that has generated a huge opportunity for new customer value services, but also the accountability of information management, that in most cases are sensitive data and belongs to the user. This precious data had become a trojan horse for many companies: with the exploitation of consumer data, comes also the responsibility of it. And hence, many personal data had been compromised. Companies are desperately seeking out for a solution that let them focus on their main business purpose not on managing user’s data.

During the same period, blockchain technologies emerged as a new paradigm of decentralized information systems, where data is uniquely registered, immutable and distributed across all the network using a consensus mechanism to validate it without any centralized or federated authority.

In the identity context, these two apparently unrelated situations had become an opportunity, where this concept of self-sovereign identity (SSI) could be developed. Meaning that a single user can regain ownership of her own data, that serves as her identity, can control who has access to any specific information and what part of her information is shared to, and, most important, cancelling its access whenever she desires.

What we have seen so far are some initiatives to prove that SSI can become a reality. Which in a simplistic way consists of a user’s mobile app with a new identity communication protocol on top of a blockchain, or similar distributed ledger technology (DLT). The user mobile app is an identity wallet that resembles as the actual physical wallet where one keeps the ID cards (National ID card, driver license, etc.), making the user responsible of what IDs you put in it, to whom you show them and obviously, to keep it safe. The new identity protocol is a new layer of service that connects between entities’ wallets, exchange their IDs and trust them, so they can initiate a secure and reliable transaction. And finally, blockchain technology acts as the decentralized mainframe where transactions can be recorded where the information validity is set by the network itself rather than a single authority.

Current SSI solutions come with different “flavors”: A public permission distributed ledger only to register the public entities ID, with a personal data hub to store user’s information and the possibility to establish peer-to-peer connections directly without even accessing the ledger, as the case of the Sovrin solution, where all development is open-sourced.

There are also examples of a multi-ledger solution, and you can use either Ethereum or Bitcoin, for instance, and use a web-browser plugin as a wallet connected to a Data Hub, like the solution developed by Microsoft.

Or you can have an end-to-end solution built on a single ledger, like Ethereum, only to store the identity contracts, with an app as an ID wallet and personal data stored on distributed datastores off-chain, such as IPFS, like the solutions proposed by uPort or Jolocom. And finally, solutions like VIDchain, which is building an SSI agnostic-technology proposal.

At the same time, public institutions are investing in Proofs of Concepts (PoCs) to showcase the real value of an SSI solution to ease the ever burdensome digital processes between citizens and public institutions. Some public open calls for innovation, such as the European H2020 (such as Blockchains for Social Good) are already allocating funds for that, and it seems that is more to come. And we’ve seen public initiatives consolidating such as the Spanish Alastria Consortium, the European International Association of Trusted Blockchain Applications (INATBA) recently launched, or other initiatives to set the identity standards, such as the Decentralized Identity Foundation (DIF).

However, something is unique of the current identity momentum. It is not only relevant for the identity geek sector but also for the business, and private funding is also showing interest in that area, with many moves of a large corporation to focus on SSI: such as the investment of Paypal on Cambridge Analytica, or the alliances between Mastercard and Microsoft, or also new funding rounds of 45M$ achieved by the identity start-up Rippling. The latest KNOW Identity conference held in Las Vegas last March had also a Startup Pitch Competition, where SSI was one of the main focus.

SSI has potential business value for both the companies and the users, and finally, the industry seems to be prepared to pay for it. There is still a long way to walk through, in order to set the adopted solution, where are just on the beginning of a new era, likewise, the 60’s on the creation of the Internet, with ARPANET. But the speed is vertiginous now, where one month feels like a whole year and speeding it up.

2019 will be the year where we’ll see new public and private SSI pilots coming up to prove its value on specific use-case scenarios and first works of interoperable ledger-agnostic solutions that will accelerate the adoption for the corporate world.

This is an exciting time for everyone, and still, big players on data like Google and Facebook have to make their move. Please, fasten your seatbelts.

Albert Solana