This document contains a collection of the answers to the most common questions people ask about Sovrin. If you have any comments, or if you have an outstanding question about Sovrin that was not answered here, feel free to contact us at info@sovrin.org.

FAQ

Foundation Basics

What is Sovrin?

‘Sovrin’ most commonly refers to the Sovrin Network, a public service utility enabling self-sovereign identity on the Internet. The Sovrin Network is decentralized, meaning individuals can collect, hold, and choose which identity credentials —such as a driver’s license or employment credential—without relying on individual siloed databases that manage the access to those credentials.

Sovrin is an open source project that offers the tools and libraries to create private and secure data management solutions that then run on Sovrin’s identity network.

Read more about the basic elements of the Sovrin Network here

What is the Sovrin Foundation?

Established in 2016, the Sovrin Foundation is a 501(c)(4) nonprofit based in Provo, Utah. The mission of the Sovrin Foundation is to create the Internet’s long-missing identity layer and provide a global public utility for digital identity to people, organizations, and things. The Sovrin Network enables you to personally curate and control your own collection of identity credentials by letting you selectively disclose your identity in a verifiable way.

Composed of a small staff of developers and support staff, the Sovrin Foundation works to administer the Trust Framework, which governs how the Sovrin Network operates. The Sovrin Foundation also provides support for the Sovrin Board of Trustees, the Sovrin Stewards, the Technical Governance Board, and various working groups needed to maintain and run the network.

See the Governance of Sovrin Foundation here

 

Why is digital identity a problem?

In the real world, most identity interactions are self-sovereign. People collect various credentials that they keep in their possession and present them at their discretion to prove things about themselves. They hold things like a driver’s license, passport, or insurance card and present them to any verifying entity they want, without the permission of the issuer. These credentials are kept under the control of the holder and only revealed with their consent.

This is not what happens on the internet. Like the famous cartoon says– “On the internet, nobody knows you’re a dog”, illustrating the very real issue with the lack of an easy, secure, standardized system for a person to collect, hold, and ultimately present trustworthy, verifiable credentials online.

One solution that has arisen to solve the problem of digital identity is through the advent of federated logins provided by services like Facebook or Google. What seems from the onset as a handy tool that helps expedite logging into the various websites that accept them, when actually, these federated logins are actually problematic. Relying on vast amounts of data collected from individuals– much of it unverified– one of the primary concerns with these systems is access. There will always be companies and individuals that will choose to not access these social networks and perhaps do not want to rely on these companies to control their or their customer’s data.

Overall, the internet lacks a universally available digital identity system that lets individuals collect, hold and present any credentials they want, to whomever they want, whenever they want– without the reliance on a third-party managing access.

See more about the problems with identity here.

What is self-sovereign Identity?

Self-sovereign identity (SSI) is a term used to describe the digital movement that recognizes an individual should own and control their identity without the intervening administrative authorities. SSI allows people to interact in the digital world with the same freedom and capacity for trust as they do in the offline world.

Everyone (including businesses and IoT) has different relationships or unique sets of identifying information. This information could be things like birth date, citizenship, university degrees, or business licenses. In the physical world, these are represented as cards and certificates that are held by the identity holder in their wallet or safe place like a safety deposit box, and are presented when the person needs to prove their identity or something about their identity.

Self-sovereign identity (SSI) brings the same freedoms and personal autonomy to the internet in a safe and trustworthy system of identity management. SSI means the individual (or organization) manages the elements that make up their identity and controls access to those credentials– digitally. With SSI, the power to control personal data resides with the individual, and not an administrative third party granting or tracking access to these credentials.

The SSI identity system gives you the ability to use your digital wallet and authenticate your own identity using the credentials you have been issued. You no longer have to give up control of personal information to dozens of databases each time you want to access new goods and services, with the risk of your identity being stolen by hackers.

This is called “self-sovereign” identity because each person is now in control of their own identity—they are their own sovereign nation. People can control their own information and relationships. A person’s digital existence is now independent of any organization: no-one can take their identity away.

Read more about SSI here.

 

Governance

What is the Governance (Trust) Framework?

The Sovrin Governance Framework–formerly the Trust Framework–  is the legal foundation for the Sovrin Network to function as a global public utility for self-sovereign identity. This governance document serves to define the business, legal, and technical terms that all members of the Sovrin Community agree to follow.

The Governance Framework was developed through a community-driven process led by the Sovrin Governance Framework Working Group, agreed to by the Stewards, and was approved by the Sovrin Foundation Board of Trustees.

Read more about the Governance Framework.

What is a Steward?

Sovrin Stewards are organizations that operate the network by running validator nodes which write to and read the Sovrin ledger. These trusted volunteers donate time, resources, and computing power to operate and maintain the network while agreeing to abide by the requirements of the Sovrin Governance Framework.

At present, there are over 50 Stewards from 13 countries over six continents.

See more about becoming a Sovrin Steward here.

How do I get involved with Sovrin?

The mission of the Sovrin Foundation is to create the Internet’s long-missing identity layer and provide a global public utility to everyone and everything: people, organizations, and things. This will allow everyone to control their identities and personal information by choosing who they share this data with and to do so in a verifiable way. Those interested in developing on Sovrin, applying to become a Steward, or supporting the Foundation may connect with us at the links below.

Interested in becoming a Sovrin Steward contact us here

Keep up with news and events from Sovrin here

Incubator

Q: What is an ‘incubator’?

An incubator is an organization that helps start other companies. Incubators generally seek out and assist entrepreneurs in developing their businesses (sometimes from as early as the idea stage) to become a successful venture through providing resources such as mentorship for business model, product, customer traction, technology, milestones, and company infrastructure. Many incubators invest a small amount of money in exchange for a small amount of equity. Many incubator programs also culminate in a Demo Day in which the participants present their businesses to investors, accelerators, and the entrepreneurial community who have resources to take the company into its later stages.

Q: What exactly is SSI Incubator?

Self-Sovereign Identity Incubator (SSI Incubator) nurtures the development of the entrepreneurial community building business solutions based in some way on SSI technology by selecting the most promising group of startups and providing them with capital, mentorship, networking opportunities, technical expertise, and more. This will enable the next generation of internet identity to grow more rapidly than it otherwise could while promoting and supporting interoperability of solutions and increased community collaboration.

Q: Do I have to own a company to apply?

Yes, you must be a founder of a company to apply. For our purposes, owning at least 10 percent equity makes you a founder. Please reach out if you feel an exception should be made.

Q: Do I have to implement SSI technology to apply?

The purpose of the incubator is to strengthen the SSI community by building a robust, technology-agnostic, and interoperable ecosystem. SSI Incubator was created to support the adoption and growth of SSI.

That being said, if you feel your company may not fit the mold exactly but you can articulate a connection to our mission of creating an interoperable identity ecosystem, feel free to apply and make your case.

Q: Does the program offer investment?

Yes! SSI Accelerator LLC will invest $180,000 into your startup contingent upon:

  • Your being selected by the Application Review Committee to participate in the incubator
  • Your accepting the Application Review Committee’s invitation to participate
  • Your agreement to participate in the incubator’s program for the duration of the 12 weeks

The program’s cost is $30,000, which covers overhead, content, and staff – everything that participants will need to get the most out of their time in the incubator. Many successful incubators are structured this way. So the gross investment of $180,000 less $30,000 equals a net investment of $150,000 for startups to use to develop prototypes, hire employees, travel, or otherwise grow their businesses.

Q: What are the dates for SSI Incubator?

SSI Incubator is currently accepting applications for the Fall cohort. It will take place in San Francisco, CA on September 4, 2019. SSI Incubator is 12 weeks long. Final pitch presentations will occur on November 21, 2019.

Although the regularly scheduled program will finish after the pitch presentations, the mentorship and network will not. We hope to remain in close contact with our startup cohorts into the future.

Q: Where is SSI Incubator located?

This inaugural cohort of the SSI Incubator will take place at 717 Market St, San Francisco, CA 94103 at the premier co-working space where incubator partner Hard+Yaka is based, in the heart of San Francisco, California. We chose this location specifically to offer participants the opportunity to work from a global hub of innovation, harboring a wide variety of international talents and businesses.

Q: Do I need to live in San Francisco for the duration of the incubator?

Of course participants will come and go in order to meet with potential customers, attend events, and establish their global presence. We expect this; however, participating startups should plan on spending 12 weeks in San Francisco. While it is possible to commute each week (i.e., live at home on the weekends), we highly recommend residing in or close to San Francisco to take full advantage of the opportunity.

Q: Are only SF-based companies eligible to apply to SSI Incubator?

No, companies from anywhere are eligible.

Q: Does the program offer housing?

No, but we can help identify housing options.

Q: Is there a fee for the incubator?

Each company will receive a $180,000 USD investment of which $30,000 will be paid back to SSI Incubator to cover the overhead, content, and staff responsible for operating the incubator.

Q: How can SSI Incubator help startups get funding?

First of all, upon acceptance into the program, $180,000 will be invested into your startup. After paying for overhead and other fees, $150,000 will be left at your disposal to develop your company.

Secondly, the incubator culminates in a SSI Demo Day where your startup will have an exclusive opportunity to pitch to the entrepreneurial community, including investors. Prior to SSI Demo Day, we will help you tailor your presentation and refine your pitch.

Finally, we can introduce you to investors in our network who we know are interested in the space as well as help you apply for grant funding for small business and research.

Q: What is my schedule going to be if I am accepted to the incubator?

Your schedule will be a busy one. It is no secret that starting a company is not terribly easy, nor is it known for its work-life balance. When you’re a part of the incubator, you will participate in workshops, events, and community meetings which are designed to increase your ability to execute on your business and prepare you to take investment and scale your venture. Outside of these workshops, we still expect you to accomplish the things you need to do for your business such as development work, sales and marketing, and more. Self-motivated, competitive types will do best in this environment.

Q: What does the SSI Incubator programming look like?

The program is customized to make available leading experts who will instruct and train you on topics that matter the most to succeed in the emerging SSI landscape. Sessions will include customer discovery, market validation, understanding the SSI stack, open source code bases, game theory, decentralization, governance, marketing, financial management, SSI interoperability, and much more. We’ve also left a few sessions open so participating startups can select topics that are of special interest to the Fall cohort, and the SSI Incubator staff will utilize their network to find instructors.

Q: When do I apply?

If you want to apply, please submit your application by 8 pm PT on July 19.

We will evaluate applications as they are submitted giving a small advantage to early submissions.

If you miss the submission deadline, you should still submit an application. Since we review applications on a rolling basis, we still may interview and/or accept companies who apply late. Just keep in mind that the nature of a rolling application means the earlier you submit, the better your odds.

We will send invitations to selected startups participating in the Fall ‘19 cohort by early August.

Q: What is the application process?

Upon receipt of an application, SSI Incubator uses a three-step process to select* up to four startups to participate in the SSI Incubator program.

Step 1: The SSI Incubator selection committee reviews the application.

Step 2: The SSI Incubator selection committee determines which startups will advance in the application process and begins to conduct interviews with selected startups.

Step 3: The SSI Incubator selection committee makes its recommendations to the Application Review Committee on which startups to conduct a final interview with. The Application Review Committee meets you in person or via a virtual meeting. This committee will make its decision, and SSI Incubator will notify the applicants of the results via email.

*Selection decisions will not be made by Sovrin Foundation staff during any point of the application review process.

Q: How can I make my application stand out?

Startups that show the following will stand out:

  • Strong team: While we will consider solo founders, it is extremely difficult to do everything it takes to start a business by yourself. A strong CEO is also an important element.
  • Technical talent: In the early days of a startup, having the necessary capabilities to build prototypes yourself without hiring or contracting out significant portions of the development is crucial to rapidly iterating and staying within budget.
  • Diversity: Diversity of thought, backgrounds, and experience are a plus.
Q: How are decisions made?

After considering your team, your idea (including the problem you are solving, the market you will play in, etc.), and the landscape of other startups who’ve applied, the Application Review Committee will meet and discuss. The committee will decide who becomes a participant of the incubator.

Q: How can I take a closer look at SSI Incubator?

If you have further questions, please contact us at incubator@sovrin.org.

Technical

How does Sovrin work?

The Sovrin Network consists of server nodes located around the world hosted and administered by a diverse group of trusted entities called Stewards. Each node contains a copy of the ledger, a record of publicly accessed information needed to verify the validity of credentials issued within the network.

In Sovrin, Stewards cross reference each transaction to assure consistency about what information is written on the ledger and in what order. This is done with a combination of cryptography and a Redundant Byzantine Fault Tolerant algorithm.

Identity holders, credential issuers, and verifying entities access these services on the Sovrin Network using Agents. Agents can be as simple as a mobile app and have the important job to hold and process claims on the Sovrin Network. Agents can perform identity transactions on the identity owner’s behalf and exchange information directly with other agents  with secure encrypted connections to each other. This way, only public identifiers of an issuer are anchored on the ledger, but an identity holder’s actual proof of their credential is privately transmitted to a validator. Sovrin has specific instructions and developed code for the creation of these agents, so different agents from a variety of developers may all work together within the Network. This allows every person, organization, and thing to interoperate.

Sovrin allows the sharing of trustable digital credentials. The Sovrin Network is designed to be private by design on a global scale by using pairwise pseudonymous identifiers, peer-to-peer interactions, and allow selective disclosure of personal data using zero-knowledge proofs.

Simply put, when an identity holder decides to share a verifiable credential with a relying entity using the Sovrin Network, they create a proof containing only the specific information that was requested using a combination of elements from any of their verifiable credentials in their digital wallet. The verifier only learns the information that was shared and nothing else. The verifier cannot take the learned information and prove who it came from.

Using the Sovrin Network, each person, organization, or IOT device that validates the identity holder’s proof can be completely confident that the proof or information being relayed is accurate and timely. Businesses can also avoid the regulatory burdens associated from storing mass amounts of customer data which could be stolen or misused.

Learn more about Use Cases.

Learn more about what can and can’t be written to the public ledger.

What does ‘decentralized’ mean?

Sovrin is described as “decentralized” because there is no central authority to register with to actually use the Network. The only information on the ledger is public information like decentralized identifiers (DIDs) and all other information remains off. This allows a verifier to determine who issued the credential presented to them, what combination of information it should contain (the schema), and if it has been tampered with or revoked.The public ledger allows identity holders privacy, security, and control of their data while the verifier can trust the credentials they are presented.

Learn more about Sovrin terminology.

Who can own an identity?

Sovrin Identity Owners can be individuals, organizations (legal persons of any form, such as corporations, partnerships, LLCs, NGOs, and governments) or internet enabled devices. The Sovrin Network does not directly issue credentials.

Learn more about the roles within the Sovrin ecosystem.

Is Sovrin ‘Permissioned’?

The Sovrin Network is a public–permissioned blockchain. Public means anyone can use the Sovrin ledger to make transactions. Permissioned only relates to who can actually operate the network and run the validator nodes. Unlike bitcoin that allows anyone to run a node and become a ‘miner,’ Sovrin only allows trusted entities called Stewards, to run the network of validator nodes that achieve consensus of the transactions on the ledger.

Companies and entities who apply to be Stewards must be voted on, and agree to abide by the Sovrin Trust Framework

Sovrin is open source and free for any developer to use and build on. The Sovrin Foundation and Trust Framework governance structure ensures that no single individual, organization, jurisdiction, industry sector, or other special interest has influence or power over the Network.

Read more about Sovrin’s Permissioned ledger 

What Is Hyperledger Indy?

The Sovrin Foundation open sourced the codebase used to create the Sovrin Network and contributed the initial code to Hyperledger Indy, a project dedicated to blockchain under the Linux Foundation umbrella. Hyperledger Indy is a distributed ledger, purpose-built for decentralized identity. Developers can use the tools and libraries from Hyperledger Indy to create identity solutions that are interoperable across jurisdictions and agencies. This interoperability allows developers to create cross-industry solutions such as Fintech and Healthcare that can all work together and obey each other’s regulatory standards.

Hyperledger Indy has complete open source specifications, terminology, and design patterns that allow for the development of decentralized identity solutions.

See here if you are interested in developing on Sovrin and using Hyperleger Indy.

Read more about the technical stack of Sovrin.

How does Sovrin use Blockchain?

The Sovrin Network is the first public-permissioned blockchain designed as a global public utility exclusively to support self-sovereign identity and verifiable claims. Recent advancements in blockchain technology now allow every public key to have its own address, which is called a decentralized identifier (DID). A DID is stored on the public ledger along with a DID document containing the public key for the DID, any other public credentials the identity owner wishes to disclose publicly, and the network addresses for interaction.

Using the Sovrin Network, the identity owner controls the DID document by controlling the associated private key. The primary objects stored and updated on the Sovrin Network ledger are public DIDs, issuer credential definitions/schemas, and revocation updates.

Read more about Keys here.

What is a Verifiable Claim?

A verifiable claim is a piece of information that is cryptographically trustworthy. In Sovrin, a verifiable claim is shared as a proof and is anchored to the public ledger by a credential definition and public DID written by the credential issuer. Typically, this proof is in the form of a digital signature. A Sovrin Verifiable Claim may be verified by a public key associated with the Issuer’s DID. An example of a verifiable claim could be a digitally issued driver’s license.

Read more about types of claims here.

What is a Zero Knowledge Proof?

Promiscuous sharing of identity attributes has long been a primary weakness in identity management. Sovrin is built to support the use of sharing as little information as possible to give each identity holder the ability to control and secure their personal information. This is called minimal disclosure.

The Sovrin Network’s minimal disclosure is enabled through a cryptographic technique called zero-knowledge proofs (ZKP). Zero Knowledge Proofs (ZKPs) are cryptographic techniques that allow users to share information without relinquishing their security and privacy. ZKPs use cryptography to prove a statement from party A (known as a prover) to party B (known as a verifier) without revealing anything else.

Using zero knowledge proofs, the Sovrin Network allows a person to prove things about themselves, based on verifiable claims, without having to reveal the claim itself. An example would be someone proving that they are over 21 at a bar purely with the zero knowledge proof, without needing to disclose their actual age, name, or other personal information.

Read more about how Sovrin implements ZKP here

What is a DID?

One of the major concerns with standard digital identity solutions is correlation. This means the ability to track an identity holder’s data—like social security number, phone number, or username—across multiple websites and log-ins. This is a major security threat and leaves the identity holder vulnerable.

By default, Sovrin uses Decentralized Identifiers (DIDs)—identifiers intended for self-sovereign, verifiable digital identities. Sovrin is built from the ground up using something called ‘pairwise pseudonymous identifiers’ to reduce correlation. This means Sovrin separates the data from direct identifiers so that linkage to an identity is not possible without additional information that is held separately.

As outlined in the W3C Draft Report on “Decentralized Identifiers (DIDs) v0.11, “Decentralized Identifiers (DIDs) are a new type of identifier for verifiable, ‘self- sovereign’ digital identity. DIDs are fully under the control of the DID subject, independent from any centralised registry, identity provider, or certificate authority.” eIDAS takes a more conventional approach, stipulating that “a qualified electronic signature shall have the equivalent legal effect of a handwritten signature”.14 eIDAS defines an “electronic signature” as “data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.”

DIDs are globally unique identifiers that do not require a centralized registration authority because they are registered with distributed ledger technology or other decentralized networks.

Read more about Sovrin and DIDs here.

How do I develop on Sovrin?

Behind the Sovrin Foundation is a codebase precisely designed to enable true digital self-sovereign identity (SSI). In accordance with the decentralized nature of blockchain technology, this codebase is open source and receives contribution from people all around the world. The first step to working with the global community and code is the Indy Getting Started guide, which will walk you through basic Indy transactions.

You can also join Indy’s Mailing List, Chat Room, and Working Group calls (every Thursday at 3:00 pm UTC via Zoom) to communicate and collaborate with others who are working on and with the code.