Self Sovereign Identity (SSI) is a key development to fix a major shortfall of the current internet. It implements the identity layer that is missing in the internet as we know it. At Zigurat Innovation Week, Rebecca Johnson and Nacho Alamillo looked at SSI from a technical and a legal perspective. They explain and discuss the fundamentals of SSI, the role of blockchain in SSI (Spoiler: NEVER used to store personal data!) and how the new EU regulatory framework eIDAS.2 fosters the goal of giving citizens the right to control their personal data.
You can watch the full recording here.
TLDR:
The problem with bolt-on-top identity solutions
How we compose identity on the internet has become a problem. Since the traditional internet (web2) has no identity layer built-in, identity solutions were bolted on above the communication protocol level in an uncoordinated way. This has led to a mostly non-interoperable mess, leaving us with the daily struggle of handling a plethora of inconsistent identities loaned out and thus controlled by centralized institutions (mostly private companies). Whether it is our bank account credentials or our social media logins, these identities are in fact only a loan and can be taken away at any time – or sold to the highest bidder without you knowing. Legal protections like GDPR and banking regulations offer some protection but the system was essentially broken from the start.
SSI: A philosophy and a set of technologies
Self Sovereign Identity (SSI) is a philosophy and a set of technologies that fixes these issues. The key to the concept are Digital Identifiers (DIDs). They are flexible identity attributes that can be issued selectively. They are revocable, and most importantly: they are controlled solely by the user. Individual users can connect with organization which have public identifiers anchored to publicly available blockchain-based DID registries and without making their own private did available publicly.
In the recent talk at Zigurat Innovation week, Blockchain Architect Rebbeca Johnson takes the viewer on a learning journey about the differences between centralized and decentralized identity systems, the fundamentals of SSI, the role of blockchain in SSI and current use cases of SSI.
Will eIDAS2 create state-issued digital identities based on SSI?
Also during the talk, Nacho Alamillo Domingo, who is arguably the preeminent EU expert on electronic signature, identity and security takes a close look at the benefits and the potential of the European Identity Wallet. He covers prerequisites such as mandated acceptance as well as possible market effects like the creation of a market structure for identity attributes.
With over 100 registered DID methods the technology is complex, and the legal and regulatory implications even more so. On top of this while state-issued digital identities may not be SSI in its purest sense, Nacho is convinced: the decentralized approach of the planned European Identity Wallet offers a major improvement, increasing personal autonomy and enhancing data protection principles.
eIDAS2 is an update to the original eIDAS (electronic IDentification, Authentication and trust Services) framework. Established 12 years ago, it needed to be adapted to current technological standards. With eIDAS2 many aspects of SSI will be implemented in the European Identity Wallet. Most importantly: the user shall be in full control.
If you want to know more about SSI take the time to listen to the talk in full here.