shutterstock_607816217 banner.png

Photo: Shutterstock.com / Branislav Nenin

Benefits of SSI and Blockchain in Digital Identity

  • Viewpoint
  • By Andre Boysen (SecureKey)
  • 9 February 2021

Andre Boysen, Chief Identity Officer at SecureKey, explains how self-sovereign identity can promote privacy and user control

The accelerated pace of digital change requires advancements in technology and a new way of thinking in order to reduce the increased prevalence of today’s cybersecurity incidents, while at the same time ensuring consumer privacy, business integrity, and security.

Self-sovereign identity (SSI) principles and blockchain are critical developments that can help mitigate this issue and pave the way for the future of digital identity. These efforts focus on balancing user self-advocacy and accurate digital identity verification.

SSI is a philosophical perspective focused on giving users as much control and ownership over their digital identity information as possible.

Digital identity programs that effectively implement SSI have privacy, security, and user control top-of-mind. This has different implementations based on the application, e.g. policies, technologies and practices, but always follows the ten principles defined by Christopher Allen [1] – known as a pioneer in internet cryptography:

  • Existence
  • Control
  • Access
  • Transparency
  • Persistence
  • Portability
  • Interoperability
  • Consent
  • Minimalization
  • Protection

These principles define how a user should be able to control and interact with their digital identities as well as protections that the user and their identity should have. For example, the “protection” principle details that whenever there is a conflict, digital identity networks should preserve the freedoms and rights of users over the needs of the network – understanding that networks should serve the best interests of the individuals using it.

Consent in particular is important for this control and interaction as the network should only share the necessary credentials - and no additional information - with organizations to which they consent. Clear, plain language should be used to explain the scope and limits of use for this information without blanket consents for future transactions.

shutterstock_643233400_16-9.jpg
Photo: Shutterstock / wavebreakmedia

Furthermore, they argue that a user’s identity credentials should be accepted at as many different online destinations as possible, and importantly, only trusted destinations.

This is an alternative to the more commonly used centralized digital identity, where sensitive personal data is stored on each individual platform with distinct usernames and passwords at every destination.

Requiring passwords everywhere is not in the best interest of users - in fact it decreases security because users with long lists of passwords are going to make some of them the same out of necessity.

One of the best ways to think about the need for SSI is to consider what needs to happen during an in-person or online identity verification process. In-person processes have a level of trust associated with them – users present their ID and a person verifies the credentials based on document data and physical appearance. I call this ‘street identity’.

Online interactions require methods to establish the same, or better levels of trust, compared to the street identity. As an example of how privacy impacts processes, drivers' licenses, bank statements, and utility bills can be used in-person across different businesses based on what they deem sufficient for their identity verification. Some require one of these, others require multiple.

The issuing authority, such as a bank or the appropriate level of government, is unaware of when the user provides their documents to a business for verification, which adds to the level of privacy.

The person providing their documents can choose what documents they are comfortable sharing and can choose to walk away if they are uncomfortable doing so

Today, there is no one-size-fits-all, simple, trusted method to present identity information online – something that is easy and accessible while also being difficult for a crook to penetrate.

Proper security measures, the ability to access different services with the same credentials and accurate verification are all important considerations for each of the stakeholders – regardless of whether the process is in-person, online or at a call-centre.

Simplicity in the user experience is another area where extensive design should be incorporated into digital identity verification solutions.

One of the current digital ID verification security issues is that the experience is too complex for individuals to understand. As a consequence, users and businesses can easily be tricked and are left vulnerable to cybercrimes and fraud.

Both users and businesses benefit from prioritizing ease-of-use. When individuals can easily accomplish what they want in a safe and secure way, users and business both win and it limits the attack surface for crooks.

When it comes to good ID, SSI principles with blockchain fit perfectly with the goals of prioritizing data privacy and security. The framework of best practices set by Good ID to help individuals experience equity, utility, and security - by designing ID programs that include, benefit, and protect everyone - evokes the ten principles set by Christopher Allen.

The needs and experiences of citizens are established with how digital identity networks should preserve the freedoms and rights of users over the needs of the network. Transparency is explicitly mentioned as part of SSI, and it places a high emphasis on the importance of the public’s trust.

As we look to the future of digital identity, SSI principles with blockchain have already proven to be successful by bringing together stakeholders to create a mutually beneficial network.

These use cases will continue to increase while the global identity landscape shifts to wider acceptance and a better understanding of the benefits, yielding the key to a more secure and convenient digital identity ecosystem for all.

Our community articles represent the opinions of the author, and not Good ID. We welcome alternative viewpoints - if you have a perspective you would like to share, please contact us here.