Let’s start with some SSI basics 📝
SSI means Self-Sovereign Identity, an identity model where the user is in total control of his digital identity. The user will hold the digital documents of his identity, will control to which actors he will share those documents, and also have the ability to revoke the use of those documents, all of this along with activity history.
The very center of the digital identity is your documents: from your National ID or Passport to your degrees, mobile phone number, bank account number, or your medical records. Anything that is intrinsically bound to you is your data and therefore your identity. While talking about SSI these are called Verifiable Credentials (VC).
The idea behind SSI is that the user is the center of his identity and he controls it, no more distributed information you give and cannot control.
“Anything that is intrinsically bound to you is your data and therefore your identity. While talking about SSI these are called Verifiable Credentials (VC).”
The Wallet 💳
These VCs have to be stored somewhere. That place is your wallet, your digital wallet. Nowadays we are quite used to having a digital wallet on our smartphone: credit cards, fidelity and discount cards, etc. Your VCs may have lived there but the built-in wallets in the smartphones nowadays lack some crucial capabilities, mostly related to security and auditing.
So a new generation of wallets is needed for handling your digital identity; the market has a few examples of them. Take note that the smartphone is not the only kind of wallet, a cloud one is also feasible.
The basic operations with a wallet are receiving credentials from an Issuer, storing them in your wallet, and presenting those credentials to a Relying Party for accessing some kind of service.
Security and Privacy ⚔️
Underlying to this there are some infrastructure requirements. Obviously, there’s a need of checking that the Issuer of a Verifiable Credential is valid and the credential has not been forged. That can be done with a database, Blockchain smart contracts, or other systems as long as it covers the needs and it warrants security and fidelity. Using blockchain solutions is one of the most demanded nowadays.
The other big pillar is privacy, that’s why the VCs always go peer to peer, the issuer sends them directly to the user and he will share it directly with the relaying party never using a centralized system.
Late Binding vs Early Binding
While we know that the VCs are now part of our identity there’s a question behind it. How does our wallet asset that we are what the documents say? It’s a tricky question because the hard-core SSI solutions do not solve it. You are given the VCs on the basis you use other identification systems to prove your identity.
👀 Let’s see an example: I create an empty wallet, then connect to my bank using a legacy system, like National ID + password. I can use that because I’ve been previously in a branch and the clerk has properly identified me with my National ID and I’ve been given access using a password.
Later I can use that National ID + password access to request to my bank an account ownership certification, for example. So my wallet has some kind of internal identification + a VC of account ownership certification. I can iterate that with some different providers.
The missing key question is: Will I ever have a VC binding my wallet to my National ID, therefore the VC becoming a legal ID? This can only happen if an official agency checks my ID and gives me the appropriate VC. This is known as late binding because your identity is built up with information collected after the wallet creation.
The alternative is called Early Binding. Just after your wallet creation and prior to its use there’s an official check on your identity and the wallet is associated with you. This is the model proposed by the European Digital Identity Wallet.
Both options have their benefits and drawbacks, it is the user who has the final word on what he wants based on what is required from him and the benefits associated.
So, gathering all these features together we got the seeds of the SSI / digital identity. Then it will be up to the market, the service providers, and of course the users to take advantage of its features and work towards SSI and the very closely related Web3.0.
Bonus: As a side reading you can have a look at this post that has some details of the wannabe digital identity of miDGT app and an example of using Digital Identity.