August 31, 2020
A View From Phil Windley, Co-founder of Sovrin Foundation
(Syndicated article: https://www.windley.com/archives/2020/06/what_is_ssi.shtml)
It is no coincidence the Sovrin Foundation takes its name from the concept of self-sovereign identity. Our three-word mission statement—”Identity for All”—is based on the premise that self-sovereign identity (SSI) should be a human right. And although our early work was focused on establishing the Sovrin ledger as a core enabling component of SSI infrastructure, it is only one component. As interest in SSI has swelled around the world, the Sovrin Foundation is now raising its sights to “the rest of the stack”, i.e., what is required to deliver SSI as a universal service—much like telephone service is treated in most countries today. To that end, the Sovrin Governance Framework Working Group (which is open to anyone to join at no cost) is now working on the Sovrin Ecosystem Governance Framework (SEGF)—a document designed to define the core principles of SSI as a global model for digital identity and digital trust relationships.
In that context, this recent blog post from Phil Windley goes right to the heart of the subject by answering the question,
“What is SSI?”
Summary: If your identity system doesn’t use DIDs and verifiable credentials in a way that give participants autonomy and freedom from intervening administrative authorities, then it’s not SSI.
A few days ago I was in a conversation with a couple of my ”identerati” friends. When one used the term “SSI”, the other asked him to define it since there were so many systems that were claiming to be SSI and yet were seemingly different. That’s a fair question. So I thought I’d write down my definition in hopes of stimulating some conversation around the topic.
I think we’ve arrived at a place where it’s possible to define SSI and get broad consensus about it. SSI stands for self-sovereign identity, but that’s not really helpful since people have different ideas about what “sovereign” means and what “identity” means. So, rather than try to go down those rabbit holes, let’s just stick with “SSI.”¹
SSI has the following properties:
Beyond these there are lots of choices system architects are making. Debates rage about how specifically credential exchange should work, whether distributed ledgers are necessary, and, if so, how should they be employed. But if you don’t use DIDs and verifiable credentials in a way that gives participants autonomy and freedom from intervening administrative authorities, then you’re not doing SSI.
As a consequence of these properties, participants in SSI systems use some kind of software agent (typically called a wallet for individuals) to create relationships and exchange credentials. They don’t typically see or manage keys or passwords. And there’s no artifact called an “identity.” The primary artifacts are relationships and credentials. The user experience involves managing these artifacts to share attributes within relationships via credential exchange. This user experience should be common to all SSI systems, although the user interface and what happens under the covers might be different between SSI systems or vendors on those systems.
I’m hopeful that, as we work more on interoperability, the implementation differences will fade away so that we have a single identity metasystem where participants have a choice about tools and vendors. An identity metasystem is flexible enough to support the various ad hoc scenarios that the world presents us and will support digital interactions that are life-like.