In May, Dr. Milly Perry, blockchain expert and former research director at the Open University of Israel, had invited Martin Schäffner, the initiator of the SSI Working Group at the European Blockchain Association, to speak at a webinar of the Israeli Chamber of Information Technology (You can find the recording here). His introduction to Self-Sovereign Identity (SSI) was met with great interest and sparked many questions from the audience. But why only take questions from the audience? We asked both experts, which questions they would like to know their peers’ thoughts about. Here is their exchange about Verifiable Credentials, biometrics, pitfalls and barriers, NFTs, the role of governments and the thing that could make SSI obsolete.
MP: Why is blockchain important for pushing the SSI concept? We have DID, SDK signatures, and more.
MS: An underlying blockchain technology brings many benefits to the SSI system. First, it allows users to create as many DIDs as they want without anyone being able to censor the user. Locking or deleting a user’s account will therefore not be possible. The second benefit is that it acts as a global trust anchor. This allows for storing public DIDs on the ledger so that third party verifiers can verify the signature of a DID without contacting its issuer. It can also be used for revocation registries where issuers publish the ID of revoked verifiable credentials. Lastly, blockchain will play a major role in the future internet and serves very well as an underlying decentralized public key infrastructure that allows for using DIDs on blockchain-based applications.
MS: Which barriers do you see in the adoption of SSI? How could those be overcome?
MP: The main barrier I can see is the government’s lack of motivation to adopt a decentralized SSI, in which they would lose their dominance and power in issuing citizens’ identity. Somehow, I see parallels to issuing fiat money. The government will not easily let go of the power and control in their hands. A fight is almost inevitable. Governments will need major benefits in this process to cope and collaborate. I hope the fact that SSI will reduce the liability for cyber security and decrease the government’s burden of protecting mountains of data – which decreases national budgets for more pressing issues – could be a sufficient incentive.
MP: Is it possible to have SSI with NFT instead of Verifiable Credentials?
MS: Both, NFTs and Verifiable Credentials can represent identity characteristics. However, Verifiable Credentials bring some advantages. In contrast to NFTs, Verifiable Credentials are not stored on the underlying blockchain and are being communicated over off-chain communication protocols like classic HTTP, but also Bluetooth is possible. Therefore, no transaction fees occur with Verifiable Credentials. It also makes Verifiable Credential highly interoperable as they are not dependent on a specific blockchain. The strongest argument is that you should never put personal information, especially no identity characteristics on the blockchain. It is not possible to delete the information stored on the blockchain and even if it is encrypted there is no guarantee that the encryption method stays secure forever. Nonetheless, I believe NFTs and Verifiable Credentials can peacefully coexist and find their spot in blockchain ecosystems. A ticket to a concert could very well be an NFT assigned to a DID and, if necessary, sold to another DID while benefiting from all advantages of NFTs.
MS: Will the Israeli government offer its citizens the possibility to get a government-issued Verifiable Credential of their ID?
MP: As Mark Twain said:” It is difficult to make predictions, particularly about the future.” Israel, as far as I know, does not have a national strategic program for blockchain policy yet. Some regulators are more advanced than others. Last week , the Bank of Israel declared its intention to look into CBDC (central bank digital currency). The initiative, “A Bank of Israel Digital Shekel – Potential Benefits, Draft Model, and Issues to Examine”, is accompanied by a public call for responses to the contents of the document and consultation of relevant aspects of the potential future issuance of a digital currency by the Bank of Israel. The Israel Securities Authority (ISA) published some reports and regulation regarding crypto currencies. A few months ago, ISA approved some initiatives for digital securities exchange (blockchain based), some vesting funds operators turned to crypto in the last years, and a vibrant startup ecosystem is active in the country, using profound academic knowledge, communication and experiences from the successful cyber security industries. Still, to me it seems a long way towards SSI. I hope I will be proven wrong.
MS: And how will third party verifiers be able to verify that the Verifiable Credential was issued from a government service and not by someone who claims to be one?
MP: I believe the CBDC will be a catalyst to SSI, although governments could turn to the banks as identity providers. Unfortunately, decentralization as a concept and value is not embedded yet in Israel, but a few industry use cases are crystalizing these days, some of which are initiated by academia researchers. A document validation system could be a good use case. Today, many legal processes require and depend on a cumbersome process where physical paper documents need to be presented, signed and notarized. An efficient option would be to present and process the required documentation in verifiable digital form on blockchain technology. This will require an identity as a prerequisite.
MP: Can SSI decrease data protection cyber expenses?
MS: Yes. Today online websites need to make sure that their user’s data is protected from unauthorized third-party access and misuse. This results from their need to actually store user data like profiles to improve the usability of their website. With SSI and the use of Verifiable Credentials, consuming services can request this information on-demand when it is required and can forget about it as soon as the process ends. This doesn’t cut all costs occurring from data protection, but it cuts the costs significantly.
MS: Are there any issues or topics that you want to work on with other SSI enthusiasts?
MP: I am interested in collaborating around the use of DAO in SSI. I believe this is not researched properly, yet. I am interested in self-governed communities, in which identity and reputation play a major role. It fascinates me. Furthermore, any national change management process top-down and bottom-up are of interest to me. To realize how these processes begin, who the initiators are and how we can bring politicians, stakeholders and decision makers on board.
MP: What is the role of biometrics in SSI?
MS: So far biometrics only play a little role in SSI. There are a few projects that are working on giving biometrics a stronger meaning in SSI. However, it is not easy as it is nearly impossible to derive the exact digital value from them repeatedly. A biometric value inside a DID Document would also be highly personal information that should not be publicly available. Biometrics are mostly used to protect the wallet by requiring facial or fingerprint authentication instead of entering a PIN. Biometrics could also be used as a form of entropy to create a key pair in an elliptic curve algorithm in a one-time function. However, repeatable use of the same biometric value does not add more value to the existing standards.
MS: What are, in your opinion, the biggest pitfalls of SSI? And can you think of a scenario where SSI would not make sense or could even be harmful?
Dr. Milly Perry: Well, there are some challenges ahead of us. Interoperability is one of them. To have so many systems that cannot communicate with each other is a huge problem. Security is another challenge that in combination with immature regulations could harm the SSI initiatives. Also, while some middlemen will be removed, new middlemen can rise. It’s very likely, for instance, that platforms arise which aim at helping users monetize their data, or marketplaces that act as search engines and aggregators will pop up to fill these needs. The burden that users will need to bear, in order to gain back control over their data, will be painful. Shifting security responsibility from companies to individuals, while people are ill-equipped to deal with this on their own, will pose a challenge. I can imagine subcutaneous implants could make SSI somehow unnecessary, presenting an alternative way to connect our physical self to our digital trails with no need of digital wallet, keys, or any other digital registry. Does it seem too visionary or science fiction? I am pretty confident we are already there.
If you are interested in SSI and decentralized identity, you are welcome to join the EUSSI Working Group!
Also, our experts are happy to share and exchange thoughts and knowledge. Feel free to connect!
Connect with Dr. Milly Perry: linkedin.com/in/milly-perry-1b4682/
Connect with Martin Schäffner: https://www.linkedin.com/in/martinschaeffner/