How self-sovereign identity principles suit the modern world

There are several core self-sovereign identity principles to consider before the concept can benefit the enterprise. Learn about the implications of SSI advancements in this Q&A.

By definition, self-sovereign identity simply means that the identity of a person, organization or device is neither dependent on nor subjected to any other sovereign power or state. Though simple in concept, this notion has the potential to radically transform the way users exist on the internet.

Self-sovereign identity (SSI) is the latest in a string of advancements to come out of various industry groups focused on online identity, such as the Internet Identity Workshop (IIW). Drummond Reed, chief trust officer at Evernym and one of the original members of the IIW community, had previously worked to establish the federated identity model in response to shortcomings in the centralized model.

Today, Reed is one of the leading proponents of the self-sovereign identity model, which alters the process of proving one's digital identity to mirror the ways that individuals prove their identity in daily life. Users are no longer beholden to identity providers that may sell or monetize their data, Reed said, thus creating a highly user-centric identification process that is more private, efficient and secure.

Reed, together with Alex Preukschat, global head of strategic blockchain projects at Evernym, authored Self-Sovereign Identity from Manning Publications to clarify what self-sovereign identity is, how it works and why it matters to individuals and organizations alike.

Here, Reed and Preukschat discuss their intentions for the book and why self-sovereign identity principles may alter both the enterprise and how we define online identity.

Self-Sovereign IdentityClick to learn more about
Self-Sovereign Identity
by Drummond Reed and
Alex Preukschat.

Editor's note: This transcript has been edited for length and clarity.

Who is the intended audience for Self-Sovereign Identity, and what do you hope they take away from the book?

Alex Preukschat: The main audience is technical people who want to understand the applications that self-sovereign identity has on top of blockchain. … It's for anyone who wants to know how technology and philosophy and decentralization combine to create self-sovereign identity that will push mankind forward.

Can you explain the primary principles of self-sovereign identity?

With self-sovereign identity, we're reproducing this offline method of proving identity, online. To do this, we need our own digital wallets.
Drummond Reed

Drummond Reed: The explanation that we give in the book compares it to how we identify ourselves in the real world. We prove our identity every day -- when we rent a car or when we board a plane. We do so by taking out a wallet and showing the combination of credentials needed by the party that needs proof of our identity. The credentials we retrieve in our wallets are based on our relationships with different issuers of credit. But we control the wallet, and we decide to show credentials to the folks that need to verify them. With self-sovereign identity, we're reproducing this offline method of proving identity, online. To do this, we need our own digital wallets.

Here is where user privacy is built in: Self-sovereign identity should not depend on any other service provider or registry. There should be no one surveilling what I do with my digital wallet just as no one does with my physical wallet.

Why should organizations adopt self-sovereign identity?

Reed: Self-sovereign identity is not just for people -- it's also for organizations and anything that needs identity. Organizations can use the self-sovereign identity architecture to have a digital wallet with credentials it needs to be cryptographically verifiable by anyone. This is very simple in concept.

Where the complexity comes in is deciding how to implement it at the different layers so that your credentials are interoperable. They must be cryptographically verifiable on all the different systems all over the world. Additionally, this should be decided with the user experience top of mind so that it is as simple to understand as using a browser or using email. The complexity is why it's been a challenge to deliver self-sovereign identity.

Is there a difference between decentralized identity vs. self-sovereign identity?

Preukschat: If you get five people together to talk about this, they will have 10 different opinions. To answer that, we also need to answer the underlying question: What does decentralization mean? Decentralized identity and self-sovereign identity may or may not be the same thing because there is no common standard for any solution that has imposed itself on the market.

From my point of view, most offerings that label themselves as self-sovereign identity are not actually self-sovereign identity. I measure this against Christopher Allen's landmark article "The Path to Self-Sovereign Identity," which identifies 10 primary self-sovereign identity principles that solutions must provide. Once you start looking closely into each of the principles, you will conclude that they do not apply to the solutions available today.

Are centralized and federated models of digital identity unsustainable?

Reed: Both models have failed to deliver digital identity that is functional and effective. I say that with a high degree of confidence because I have been part of seven or eight different standards and industry groups that sought to solve the problem of usernames and passwords to make it easier for people and organizations. The result was federated identity, which cut down on friction.

But then federated identity efforts hit a wall. It puts an intermediary in the middle of all your relationships. Those intermediaries cause both privacy and business model problems. In the end, even the largest of them still don't scale, whether that's Facebook or Google or LinkedIn.

Thanks to the blockchain innovations in cryptography and distributed computing, we finally found a way to go back to a more sustainable model built for the real world and for the future.

How important is interoperability to future self-sovereign identity adoption and offerings?

Reed: One of the core self-sovereign identity principles is that it must be fully portable. You must be able to use any digital wallet you want from the different vendors or open source projects. That requires interoperability. As competing solutions on the market gain more adoption, they will converge. The market forces are going to drive us toward interoperability because you need to be able to accept any credential and present them to any verifier.

How is this book important to the self-sovereign identity movement?

Reed: We have many members of that community that are contributing authors to the book. For that reason, I think it will be the most comprehensive book out there on this topic. It's doesn't just cover the technology aspect of self-sovereign identity principles, but also the implications they have on business, politics and peace. We're hoping that this is a book that the identity community can get behind and can use to educate the rest of the world about self-sovereign identity.

About the authors

Drummond ReedDrummond Reed

Drummond Reed
has spent over two decades in internet identity, security, privacy and trust frameworks. He is the chief trust officer at Evernym and co-author of the Respect Trust Framework, which was honored with the Privacy Award at the 2011 European Identity Conference. Reed is a trustee and secretary of the Sovrin Foundation, where he serves as chair of the Sovrin Governance Framework Working Group and has served as co-chair of the OASIS XDI Technical Committee since 2004.

Alex PreukschatAlex Preukschat

Alex Preukschat
is global head of strategic blockchain projects with Evernym. Preukschat has been active in the Bitcoin space since 2013 and leads SSI Meetup, a global SSI community to share knowledge in the identity space. He is a co-founder of Blockchain España and Alianza Blockchain Iberoamérica and author of multiple reports and books about blockchain and identity.

Dig Deeper on Identity and access management

Enterprise Desktop
  • Understanding how GPOs and Intune interact

    Group Policy and Microsoft Intune are both mature device management technologies with enterprise use cases. IT should know how to...

  • Comparing MSI vs. MSIX

    While MSI was the preferred method for distributing enterprise applications for decades, the MSIX format promises to improve upon...

  • How to install MSIX and msixbundle

    IT admins should know that one of the simplest ways to deploy Windows applications across a fleet of managed desktops is with an ...

Cloud Computing