Self-sovereign identity (SSI) is a model for managing digital identities in which an individual or business has sole ownership over the ability to control their accounts and personal data. Individuals with self-sovereign identity can store their data to their devices and provide it for verification and transactions without the need to rely upon a central repository of data. With self-sovereign identity, users have complete control over how their personal information is kept and used.
In all models of identity management, a digital identity requires identifiers, which ensure the user is who they say they are. However, with self-sovereign identity, identifiers do not need an intermediary. This means that a user’s self-sovereign identity can be registered to a claim, such as a block on a blockchain. The person can then share that identifying data when making a transaction with a bank, for example.
With self-sovereign identity, a person can enter an app on their phone where their identity data is stored, then use an identification number and identity information to verify who they are. Self-sovereign identity adds security and flexibility to the user and allows them the ability to share data only when they choose.
Self-sovereign identity concepts
Self-sovereign identity is made up of claims, proofs and attestations:
- A claim is an assertion of identity made by the user.
- Proofs are the forms or documents that act as evidence for a claim. So, for example, a proof could be a passport or birth certificate.
- An attestation, or validation, is when the other party validates the claim is true. Attestations can be stored in the user’s device and are typically machine readable.
Pros and cons of self-sovereign identity
Some pros to using self-sovereign identity include:
- It is more secure and prevent common attacks to personal data, such as breaches.
- Data is more private.
- Users have a higher control over their own data.
- The process is more efficient.
- Users do not have to rely on other identity providers who may sell and monetize your data.
Cons of self-sovereign identity include:
- Users are responsible for their own security.
- There could be multiple identity platforms, meaning users may have to use multiple apps.
- Keeping track of personal data and permissions can become complex.
- Certain data intermediaries may not be able to be removed.
- Proof data is normally unstructured and could be easily faked.