SSI: Let's own our digital Identity!
Every day we see a lot of identity breaches. Starting from the Facebook data leak.. to the Aadhaar information leak in India, the identity of people comes under scanners more frequently. We all deserve to, own our identity and control the usage without involving third parties. In a physical world, we all have a unique set of information to prove we are a citizen of a particular country, our driving authorization, and voting eligibility via passports, driving licenses, Voter IDs, etc. We own identity proofs and can keep them safe, but when it comes to the digital world, we are dealing with a different scenario.
Current Digital Identity has two major problems. First, we don’t own our identity. We identify ourselves with the username/passwords or by logging into different systems using SSO Authentication from third-party organizations like Google, Facebook, etc. Thus, our identity is not owned by us.
We don’t control the fact, how our identity is used. The next big problem is oversharing of information. If you are going to vote, you are supposed to prove that you are 18+. But the voter ID reveals other unnecessary information like date of birth, address, etc. This problem is witnessed in both physical and digital identities.
Self-Sovereign Identity [SSI] came as a one-stop solution to solve these problems.
SSI combines attributes from different credentials and presents them as a single proof. It relies on Zero Knowledge Proof. Thus, the proof is just going to reveal Yes/No answers. If the question is, are you eligible to vote, the proof will give only Yes/No as the answer. The identity proof is presented in a way that, the verifier can verify the authenticity of the credentials like the credential issuer, its uniqueness, integrity and can ensure that it is not tampered with , or revoked without contacting the issuer.
Consider a voting scenario: If you want to vote, the issuer (government) will put the public key in the ledger store and issue the unique token to you. When you reach the voting booth, the verifier can verify if that’s you, just by checking the data in the ledger store. This ledger store is not a centralized authority. It is not run by any single organization. We call this ledger store Sovereign Ledger, which is tamper-resistant and ordered chronologically. The relationship between the voter booth and you, are made only once. This is unique.
Consider another scenario, if you go to the bank, you will make another unique relationship by showing them the possession of the credentials. The connection setup and credential exchange happens off-ledger, privately, without involving third parties. Finally, you will be provided with a digital token by the bank after authorization. After getting the credential and the relationship, no requirement to use a username/password. No hassle. Just by proving the possession of the credentials and the connection you set up, you are going to say, it's me, and here is the digital proof.
By establishing a peer-to-peer connection, we are safe from any kind of Man in the Middle attacks. To make it work, we need some open protocols and standards. Several Organizations around the world came forward to maintain the standard ledger abiding by certain principles and rules to ensure that, the identity control will be with people themselves. This factor separates the sovereign from bitcoins and Ethereum. Here, Hyperledger Community comes into the picture. What is hyperledger and how it is changing the world of SSI ? That should be a separate post.
You may be a student or an employee, But if you are interested in contributing to the Hyperledger community with a paid stipend, you must check the hyper ledger mentorship program.
Do you want to know, How I cracked the hyperledger internship at Linux Foundation? That's for another day.
PS: The original article was first published in my personal blog .
