Page cover image

🆔What is SSI?

Explore SSI's core: user-driven identity via DIDs, VCs, and blockchain. Unpack the roles of issuers, holders, verifiers in ensuring privacy and security.

1. Introduction: SSI Approach

Self-Sovereign Identity (SSI) embodies a transformative philosophy that has gained momentum in recent years. It advocates for individuals to have complete control over their personal data, a stark departure from the limitations of traditional centralized and federated identity management models. These conventional systems, characterized by their centralized data silos, have been proven inadequate due to their vulnerability to data breaches and inefficiency in handling the modern internet's vast and often unverified data exchanges. This inadequacy has eroded digital trust and contributed to the internet becoming increasingly hostile.

SSI emerges as a revolutionary solution to these challenges by empowering individuals with control over their identities through a decentralized identity model. By harnessing distributed ledger technology, SSI aims to restore trust and security to the internet. This model not only enhances privacy and security but also facilitates the verification and exchange of data in a more reliable and efficient manner, paving the way for a more secure, trustworthy digital world.

2. Paradigm Shift: why the world is moving from centralized Identity to decentralized and reusable identity?

Several key factors have catalyzed the shift from centralized to decentralized, reusable identity systems.

The top three reasons include:

Vulnerability to Data Breaches in Centralized Models

Centralized identity systems are prime targets for hackers, leading to frequent and significant data breaches. These incidents compromise personal information and erode trust in these systems.

High Regulatory Compliance Costs

Centralized systems are subject to stringent regulatory requirements designed to protect user data. Complying with these regulations can be prohibitively expensive for organizations.

Simplification and Streamlining of Processes

Decentralized identity systems offer a more streamlined approach to identity management. By facilitating direct and secure exchanges of information, they reduce complexity and improve efficiency.

Decentralized, reusable identity represents a significant shift away from the burdens imposed by centralized systems. Unlike traditional models that depend on third-party platforms to establish trust, decentralized identities adopt a user-centric approach. This model empowers individuals to control their own data through decentralized digital wallets, eliminating reliance on external entities and enhancing both privacy and security. In doing so, decentralized identity systems not only address the vulnerabilities and inefficiencies of centralized models but also pave the way for a more secure, efficient, and user-empowered digital ecosystem.

3. Building blocks of Decentralized identity:

To understand the technology behind decentralized identity, a look into its different components is crucial, so how do things work?

3.1 Identity wallet and Verifiable Credentials

An Identity Wallet is a digital repository where VCs (Verifiable Credentials) are securely stored. Much like the physical credentials we carry in our wallets (e.g., driver's licenses, credit cards), VCs serve a similar purpose but in a digital format. However, VCs extend beyond human identification; they can authenticate a product's compliance with specific standards or a company's legitimacy.

To qualify as a credential, the claims must be verifiable in some way. This means a verifier must be able to determine the following:

  • Who issued the credential.

  • That it has not been tampered with since it was issued.

  • That it has not expired or been revoked.

VCs include a unique identifier (akin to a government ID number), metadata describing the credential (such as the expiration date) and other relevant information (e.g., name, date of birth). These credentials are cryptographically signed by the issuer, guaranteeing their authenticity.

3.2 Ecosystem: Issuer, holder, verifier

To grasp the fundamentals of decentralized identity, it's essential to explore its ecosystem and the interactions within it. The ecosystem is primarily comprised of three main actors: the Issuer, the Holder, and the Verifier, collectively forming what is known as the Trust Triangle.

  • The Issuer: This entity generates and issues Verifiable Credentials (VCs) related to an individual's identity or attributes. These credentials can represent various proofs of identity, such as government IDs, driving licenses, professional qualifications, or even loyalty cards.

  • The Holder: Individuals or entities that receive and store these credentials in a secure digital wallet. Holders can present these credentials as proof of their claims to any requesting party and have the authority to revoke access to their data whenever they choose.

  • The Verifier: Entities that request proofs of claims from the holder. After receiving these proof presentations, verifiers can instantly authenticate the information's validity. Verifiers span a wide range of entities, from financial institutions to employers, or any organization requiring proof of identity.

The interaction between these three actors—Issuer, Holder, and Verifier—creates a robust framework of trust, called Trust Triangle.

3.3 Decentralized identifiers

A Decentralized Identifier (DID) is a unique, persistent identifier that enables an individual or organization to prove ownership and control over it without relying on a centralized authority. DIDs are self-sovereign, verifiable, and designed to support privacy and security in digital interactions, leveraging distributed ledger technology to ensure interoperability and decentralization.

DIDs are linked to DID documents that contain essential cryptographic information for secure digital interactions. This structure ensures privacy, security, and interoperability across various platforms, allowing users full control over their identity and related credentials.

3.4 Trusted registries and blockchain infrastructure

Trusted registries, often implemented as distributed ledgers or blockchains, play a crucial role in the DID ecosystem. These registries store DID documents in a way that is tamper-evident and accessible to anyone needing to verify a DID's authenticity. The decentralized nature of these registries means that no single entity has control over the information, enhancing trust and security. When a DID is queried, the registry provides the DID document, allowing the inquirer to verify the public keys and other details necessary for secure interaction with the DID owner.

3 major plays, that blockchain offers

  1. Every transaction (the writing of a new record) to a blockchain is digitally signed.

  2. Transactions are grouped into blocks that are cryptographically hashed and linked to the previous block.

  3. Every new block is cryptographically replicated across all peer nodes on the blockchain network, each of which is run by a different peer.

Distributed ledger technologies facilitate the decentralization needed to eliminate a central authority from data transaction oversight. This infrastructure enhances trust in data integrity through several mechanisms.

PrécédentWho are we?SuivantGlossary of terms

Dernière mise à jour