CTO Insights: What is Self-Sovereign Identity?
How do you feel when a website requires you to surrender your birthdate as a requirement to complete a transaction?
If you are like me, you feel equal parts irritated and concerned. Irritated because of the unnecessarily invasive nature of the question and concerned because this will be one more instance of a sensitive piece of personal information for a hacker to steal.
We’ve picked up some bad habits over the past couple decades as they relate to how freely we give away the attributes of our identities as we traverse the digital domain. Part of the problem is well-intentioned but imprecise and burdensome regulation and the other is that we have become conditioned to turn over our identity credentials as the price of passage into websites and networks.
The situation is no better for enterprise IT leaders responsible for safeguarding the personal information users divulge. The consequences for failing (intentionally or unintentionally) to protect that data from the daily onslaught of hacking vectors are, at best, career ending. An IT executive whose resume is stained with the loss of employee or user information is about as useless as a Palm Pilot with a depleted battery.
Enter self-sovereign identity, or SSI.
Just as the internet has done in other areas, SSI puts the user at the center of the universe. In the SSI economy, it is the user, not the enterprise, that:
- Securely adds and manages the elements of their identity
- Controls when and where those elements are shared, and
- Transports those elements across sites and networks.
Think of SSI as a comprehensive digital passport. Sites or networks who require the user to verify they are who they claim to be no longer require the name of a favorite pet but rather a binary response that is verified by data securely stored in the distributed ledger that supports the SSI system.
For example, if the network requires country of citizenship as an authentication factor, SSI confirms yes or no without the need to disclose the user’s physical address. As a result, the user’s identity is secured and the organization is relieved of the responsibility associated with storing the user’s personal information.
SSI is a broad concept that we will unpack and explore in upcoming posts but, suffice to say, BlockID by One Kosmos, built on its distributed ledger (aka blockchain) platform, that offers SSI-based digital identification capabilities …. today.
Join me in the next post as we look at the philosophical underpinnings of the SSI concept so that you can be the smartest person in the room as it relates to the evolution of digital identity.