Hi, my name is Phillip and I've been hacked. The bad news is that you've probably been hacked at some point, too. The services we use regularly get compromised by hackers: You only need to take one look at HaveIBeenPwned to see how many times your data has been stolen. Hackers are always getting smarter. While we can't always stop these breaches from occurring, we can limit the damage.
Self-Sovereign Identity (SSI) promises to solve this. As a Blockchain and SSI developer at Trustlab, I've recently been getting into the nuts and bolts of the technology and the ecosystem. Here's how I've made sense of it for myself — and why I'm excited about it.
Getting the basics of online identity right
It was crucial for me to understand the basics of online identity before I could delve into SSI. Online identity can seem like a complicated domain from the outside, but I found that it became a lot more accessible to me once I understood a couple of key concepts. Let's take Mr Paws as an example to illustrate these concepts.
When Mr Paws goes online, other internet users can't see who he is in real life. Instead, he has an online identity: People know him by his online aliases. Keep in mind: this online identity can be faked!
Mr Paws uses a number of online services. These are publically accessible computer programs that allow users to query information, store information or execute an action via a restricted set of permitted actions. Mr Paws has a Gmail account to communicate with his colleagues, an Instagram account (@TheRealMrPaws) where he shares photos of the wild parties he likes to throw for his friends, and an online banking account with Capitec, where he regularly checks his balance to see whether he's saved up enough for more catnip.
Mr Paws has a relationship with each of these online services, as well as with all the people he's connected with on Gmail and Instagram.
When Mr Paws signs into Gmail, Instagram or Capitec, he needs credentials — in most cases, a username and password. Credentials are digital data that a person (or cat) can use to prove that they are, in fact, themselves. Credentials can either be self-attested or verifiable by a trusted entity. With self-attested credentials, the owner is the only one who can attest to the validity of the credential. For example, only Mr Paws can attest to the fact that lasagna is his favourite food. Credentials that are verifiable by a trusted entity need to be verified by the authority that issued them. For example, the username and password that Mr Paws uses to log into Gmail need to be checked against Gmail's user accounts database.
The personal information and emails stored on Mr Paws' Gmail account, photos stored on Instagram, and financial data stored on Capitec, are all Mr Paws' data. This data is stored on Gmail, Instagram and Capitec's centralised databases.
My mental model: How SSI works
Building on the basics of online identity, I started delving into the specifics of SSI. I learned that SSI leverages public and private key pairs: you keep the private key safe and secure, but share the public key. Entities in the SSI ecosystem would use the private keys to cryptographically sign attributes and messages. Other entities using these attributes and message would use the public keys to verify that it was indeed signed correctly by the other entity.
Once trusted parties issue verifiable credentials, they can be verified by anyone because the issuer's identifier and verification key (public key) are immutably stored on the Blockchain. This means that the public key can be queried to ensure that it was, in fact, the specific entity who signed the attributes and/or message. The verification process works as follows:
- Connection: Firstly there is connection agreement that establishes a unique set of keys for communication between the entity and the user. Not every SSI solution does this, some solutions use the same identifiers across relationships and connections.
- Proof: The entity will ask for certain information to be signed and sent — preferably using the unique keys created in the connection step. To start off with, a user might only have self-attested credentials.
- Credentials: If the entity accepts the proof, after running an internal checking process to prove that the credentials are correct, then it will send signed credentials to the user. These will be verifiable by other entities when used at a later stage.
The resultant credentials will be stored in the user's wallet. The wallet is a storage system used by the SSI application to store data, keys and credentials. It is usually encrypted with some kind of PIN or master password. If another entity requires previous credentials as a proof, in order to provide other credentials, then the user can send these credentials as proof of the previous entity's internal checking process. This proof can be verified by querying the ledger/Blockchain to ensure that the entity that supposedly issued the credential, is trusted and did indeed sign it.
Sovrin is an example of such a ledger. It's known as a public and permissioned ledger. That means anyone can interact with Sovrin for lookups but only a subset of approved entities are able to write to the ledger. The permissioned aspect is managed via a Governance model: there is a vetted decision-making body that ensures accountability and responsibility is achieved in a decentralized and open manner. Entities using the ledger have to comply to a set of rules called the Governance Framework. The benefit is that information written (ledgered) to the Sovrin ledger can be trusted. If there is wrongful behaviour in the issuing of credentials, for example when an entity issues fake identification credentials, then it is easier to detect and deal with.
Example: Mr Paws applies for a loan to buy catnip
Going back to the example of Mr Paws: Let's say Mr Paws receives a letter from "Sharkz Loans", a company offering loans, in his postbox. In the letter, Sharkz Loans advises Mr Paws that he qualifies for a loan. He is immediately excited, because he imagines all the catnip he could buy with a little extra cash.
Sharkz Loans' letter contains a QR code that Mr Paws can scan with his phone. This QR code contains all the relevant information to get Mr Paws started: a URL to which Mr Paws will be taken, as well as an identifier and a verification (public) key. Once Mr Paws scans the code, a connection will be created that is unique to the Mr Paws — Sharkz Loans relationship.
This is the first time that Mr Paws is connecting with Sharkz Loans, so they want some verifiable information from him. They need his identification, proof of address, proof of income, and proof of a good credit score. The request for these proofs can't be self-attested: who at Sharkz Loans will believe a cat, anyway?
Fortunately, SSI helps him out. He knows that he previously provided similar proofs to Capitec, who were part of SSI, when he opened his bank account. He also knows he had to give his paw prints and a photo of himself to the Department of Home Affairs, an SSI identity provider. Because these entities issued Verifiable Credentials and because these credentials stay valid until expired or revoked by the issuer, he can give these credentials to Sharkz Loans to prove that he'll be a good customer.
Mr Paws has gone to the different Credential Issuers, sent information to them when requested via proof requests and then received Verifiable Credentials in the form of proof of identity, residence, employment, and good standing with the credit bureau. With these Verifiable Credentials Mr Paws can apply for the loan from Sharkz Loans.
Key points to remember: What is SSI — and what is it not?
It's decentralized, not centralized
SSI is online identity where you are in control of what makes up your data. This means that:
- You only share what is needed, via consent; and
- You are the only one who can prove the credentials belong to you.
In contrast to legacy systems where online identity is only controlled by central systems, SSI leverages today's decentralized architectures to better secure access and data. Centralized systems will typically be servers on physical locations that store data and provide services to use or interact with that data. The data, be it your profile data or data that you have added, is gathered and stored in a database. The problem is that these centralized systems are a single point of failure, even though there are a bunch of policies and security measures to protect you. A hacker need only get into the central system to have access to the whole honeypot of data.
Decentralized systems are systems where there are many nodes or other computers contributing to the overall system. Blockchain systems are decentralized systems that provide extreme redundancy and immutability. It's impossible to destroy the data by taking a part of the system down. It's not feasible to modify the data, either, because it involves too much cost and effort.
It leverages Blockchain technology
Blockchain provides trust based on mathematics, on cryptology, in that you can be virtually 100% sure that the record added to the chain is verified and immutable. SSI leverages this ability of Blockchain to ensure that credentials are issued by trusted institutions and that those credentials have not been modified.
SSI does not mean that your identity and data is stored on the Blockchain — or that the data you share will not be abused. In fact, SSI still suffers the problems of the collusion of illegal and bad actors. In situations where an entity requires a person to verify credentials, it is quite possible that the person could pay a malicious entity to approve a set of fake credentials. Fortunately, it is easy to track and revoke with SSI, especially with the use of revocation procedures.
Taking the example of Mr Paws: Let's say he knows a guy who owes him one. This guy, Mr Shady, is willing to provide a verifiable credential that will prove that Mr Paws does not have bad debt. The Blockchain is not going to magically detect this malicious verifiable credential. If someone finds out, though, because Mr Paws is suddenly bankrupt, then the credential will point back to the issuer. This means all credentials issued by that entity can immediately be revoked.
Your relationships are private
SSI is not a social sharing platform where you advertise and discover relationships freely from publically-shared data, either. In fact, SSI allows you to have a collection of relationships without any correlation across that collection. That means no individual or organization can use your information in one relationships to connect you to others. In Mr Paws' case, that would mean that the programmers behind Instagram can't infer that he has an account with Gmail and Capitec.
Why I'm excited about SSI
In my view, SSI is the most exciting use case for Blockchain technology. It opens up so many interesting possibilities. Here are some of the things I'm most excited about:
1. Login without passwords
SSI is all about the relationships that you have. When you connect with an institution in the ecosystem, you will have an SSI relationship with that institution. What this means is that you now hold the private key to that relationship and the institution holds the verification (public) key. Since these keys are unique to the relationship you are able to login without a password. For example a SSI user can prove they can access the site by means of a challenge and response protocol that cannot be satisfied without the appropriate credentials.
Centralized systems, by contrast, require that you enter some kind of password associated with a username and an email. The painful truth is that many on us, me included, have been guilty of using the same username or email and even worse, the same password. Why wouldn't we? There are simply too many online platforms for us to manage accounts with different credentials. With SSI you not only own the credentials, you can be sure that there is no way that anyone can — not mathematically or by brute force — steal your identity by hacking into the system. By owning your credentials, you are the only one who can prove that they belong to you. No-one else can pretend they own them and you can revoke any consent given to use the credentials.
This control and ownership comes with a pitfall, though, in that you still need to keep control of you credentials with proper security.
2. Data Protection
We've seen the headlines:
- The most infamous data breaches
- Liberty hack the 'biggest breach yet'
- If you pay traffic fines online, your data may have been leaked publicly
- Facebook just had its worst hack ever — and it could get worse
SSI facilitates the protection of data by first removing the need for hackable access control and secondly, removing the need for organisations to store your sensitive data, like birthdate. The possession of a credential that proves that the data is valid is all you need, but realistically regulation and outdated policies will require the storage of data. However, if that data has been compromised or stolen then you as the owner of the data can revoke consent to use that data. Otherwise, through SSI, you could prove that whoever is misusing the data does not have rights to it.
For example, going back to Mr Paws: If he wanted to prove to Sharkz Loans that he has an account with Capitec, he could easily get proof from Capitec and provided that to Sharkz Loans without exposing his account number and other sensitive details.
Enrollment — more commonly known as "signup" — is another use case where the power of SSI is realized. The SSI ecosystem, a web of trust is a framework built up by all the participants of the system. This means that if you need to enroll in one system that requires verifiable data — let's say a proof of address for a bank account — then you won't need to prove it again to another institution in the ecosystem. You can simply supply the proof that you had obtained from the first system. Institutions that are part of the framework can always verify those credentials via a common ledger like Sovrin's. Remember Mr Paws' example with Sharkz Loans? That shows how SSI makes enrollment easier.
4. Identity Verification
In SSI you are the sum of your relationships. Your relationships are unique so that no one can glean any information from you on who you are connected to. You prove your identity by using the credentials from different relationships that can be verified. For example, if Mr Paws were to receive a catnip delivery by courier, the delivery guy could easily verify his identity via SSI. This means that he doesn't have to regurgitate the same information to different parties over and over again.
5. Zero Knowledge Proofs
SSI means you can prove something about yourself — your verified data — without exposing that data. For example you might want to prove that you are older than 18, or that you are employed, without giving away your exact birthdate or employer. This is great because there are so many situations where companies are asking for so much extra private information. Often, they're asking the same information over and over again. Think of all the times when you applied for short-term insurance, when you had to fill out a medical history form for a doctor, or even when you had to fill out an electronic visitor sheet to enter a building. With Zero Knowledge proofs you can could prove certain things about yourself without having to regurgitate the information that proved it.
6. The ecosystem is growing!
The SSI ecosystem is growing fast. Besides Sovrin, that I'm working on, there are a few other Blockchains/ledgers that also provide SSI:
|uPort||Ethereum via Smart Contracts|
|Civic||Rootstock via Smart Contracts|
|Connect.me||Sovrin(Hyperledger Indy) via the ledgering of DIDs and DID documents. Leveraging the Governance model to promote accountability and responsibility.|
|MyEarthID||Hedera Hashgraph via Smart Contracts|
|Blockpass||Ethereum with Pass Tokens|
|LifeId||Smart contract capable Blockchain|
There are no constraints on who to go with because there are ways to resolve identities between the different systems. So long as each system complies to the set of standards then, they are able to cooperate in the SSI ecosystem.
There are many Blockchains and ledgers but I am most excited about Sovrin, because they are a governed solution. This ensures that the main actors in the ecosystem can be held accountable and responsible. The main actors are the Trustees and the Stewards. The Stewards are the entities that will run validator nodes, much like bitcoin mining nodes; these will be limited to about 200. It doesn't stop there, though, because there will be an unlimited number of observer nodes that will have the ability to query (read) the ledger, but not write. This will serve to strengthen the network.
Another great aspect is the fact that there is no concept of forking. With Bitcoin and ethereum there is always a fork. With mining cryptocurrencies this is not an issue because you pretty much score by having 'free' coins if both fork continue on because the miners like it. With the governance model of Sovrin, all the node will be updated to the correct version almost immediately. With forking, there's a possibility of duplicating credentials - not a good idea with SSI.
It's inspiring to see where the SSI ecosystem is heading. I imagine there will come a time when SSI's use will be so widespread that people will receive their first credential at birth. Imagining a world like this makes it exciting to be working in the ecosystem.
Cheatsheet: A glossary of key terms
I find the Sovrin Glossary to be a super useful cheat sheet to keep track of all the technical terminology.
Phillip Gibb is a Senior Software Developer at Trustlab.tech, developing SSI solutions, maintaining the Global Consent Steward Validator Node and working closely with Sovrin and Evernym to build the SSI ecosystem in South Africa. He also has a cat, though his name isn't Mr Paws.