Identity is a fundamental aspect of our lives that defines who we are, what we can do, and how we interact with others. However, in the digital world, identity is mostly fragmented, insecure, and often dependent on third-party intermediaries. This poses fundamental challenges for privacy, security, and user experience. Here, we explore two identity models with similar goals but different approaches that are often conflated in the market. Let’s look at decentralized identity and self-sovereign identity –what they are, how they differ, and why they matter for the future of digital identity and commerce.
What is decentralized identity?
Decentralized identities are a new way of managing digital identities that gives people more control and privacy over their personal data. Unlike centralized or federated identities, which rely on third-party providers or intermediaries, decentralized identities are based on open standards and use cryptographic techniques to ensure security and trust.
Decentralized identities have many benefits for individuals and organizations. They enable people to own and control their digital identity and credentials, and to share them selectively and securely with others. They also reduce the risk of identity theft, data breaches, and privacy violations. For organizations, decentralized identities can simplify identity verification, compliance, and auditing processes, and enable faster and more convenient transactions.
There are two main components of a decentralized identity system: decentralized identifiers (DIDs) and verifiable credentials (VCs). DIDs are unique, self-generated identifiers that can be resolved to a public key and a set of endpoints. VCs are digital documents that contain claims about a DID subject, such as name, age, or skills. VCs can be issued and verified by any entity without relying on a central authority.
The benefits of decentralized identity systems include:
-Enhanced privacy: Identity owners can choose what information to share and with whom, without revealing unnecessary or sensitive data.
-Increased security: Identity owners can protect their data from breaches, hacks, or misuse by third parties.
-Improved UX: Identity owners can access multiple services and platforms with a single DID, without having to create and remember multiple usernames and passwords.
-Greater interoperability: Identity owners can use their DIDs across different domains and networks, without being locked into silos or walled gardens
What is Self-Sovereign Identity?
Self-sovereign identity (SSI) is an identity concept that goes beyond the technical aspects of decentralized identity. It is based on the principle that individuals should have full control and ownership over their digital identities and data. SSI implies that:
- Identity owners are the ultimate source of authority for their identities and data. They can create, update, delete, or revoke their DIDs and VCs at any time, without asking for permission or relying on intermediaries.
- Identity owners have the right to decide how their identities and data are used and by whom. They can set their own terms and conditions for sharing their information, and they can revoke consent at any time.
- Identity owners carry the responsibility to protect their identities and data from unauthorized access or misuse and can employ BYO security practices including but not limited to encryption, step-up authentication, privileged access, and other security measures to safeguard their information.
The benefits of self-sovereign identity include:
- Empowerment: Identity owners can exercise their digital rights and freedoms, without being subject to the policies or practices of third parties.
- Trustworthiness: Identity owners can establish trust with other parties based on verifiable proofs of identity and reputation, without having to rely on intermediaries or third-party validators.
- Inclusivity: Identity owners can contribute to a more inclusive, equitable, and democratic society, by enabling access to essential services and opportunities for everyone.
There are many organizations working on advancing the concept and practice of both decentralized and self-sovereign identity. These organizations have been building trust frameworks using interoperable standards to achieve congruency within the adoption phase. There is an open call for innovation among technology providers to build technologies around these advanced frameworks and specifications. Here's a list of some of the leading organizations and initiatives who are advancing the next critical phase of digital identity.
Decentralized Identity Initiatives:
- ADIA: Accountable Digital Identity Association: Non-profit organization that aims to promote and protect the rights and interests of digital identity holders through interoperable identity specifications
- Decentralized Identity Foundation (DIF): A consortium of industry leaders, startups, NGOs, and academic institutions that collaborate on interoperable protocols and tools for decentralized identity.
- Hyperledger: A global open-source community that hosts several projects related to decentralized identity, such as Hyperledger Indy and Hyperledger Aries.
- World Wide Web Consortium (W3C): An international community that develops open standards for the web, including the DID Core Specification and the Verifiable Credentials Data Model.
- Trust over IP Foundation: A Linux Foundation project that aims to create a global standard for trustworthy exchange of verifiable digital credentials.
Self-Sovereign Identity Initiatives:
- ID2020 Alliance: A public-private partnership that supports innovative solutions for providing digital identity to people who lack access to official forms of identification.
- Internet Identity Workshop (IIW): A biannual event that brings together experts and practitioners
- MyData Global: A nonprofit organization that advocates for human-centric approaches to personal data management and governance.
- Sovrin Foundation: A global public utility network that provides a secure and interoperable blockchain framework for self-sovereign identity.
-Microsoft, which offers Azure Active Directory Verifiable Credentials, a platform for issuing and verifying credentials based on decentralized identity.
- Okta, which provides a decentralized identity toolkit that integrates with its identity and access management platform.
-Ping Identity, Ping One Neo enables decentralized IDs, documents and identity claim verifications for issuing digital credentials
- Badge, privacy-preserving authentication and key self-custody solution used to bootstrap and revoke verifiable credentials and digital signatures on demand
- Civic: A platform that enables users to verify their identity and share it with third-party applications without intermediaries.
- Ethereum, which supports decentralized identity through its blockchain network and smart contracts.
- Jolocom: A software development kit that allows developers to integrate self-sovereign identity features into their applications.
- Sovrin: A global public utility for self-sovereign identity, where users can issue and verify credentials using a distributed ledger technology (DLT) called Hyperledger Indy.
- uPort: A protocol that allows users to create and manage their own identities on the Ethereum blockchain and access decentralized applications.
- Veres One: A decentralized ledger that enables users to create and control their own identifiers and verifiable credentials.