In the real world we can identify ourselves easily and securely, but in the virtual world we still cannot. For digital identification, there are now several variants, but not always satisfactory. Now, self-sovereign identity seems to be gaining acceptance. Our author, BFH researcher Gerhard Hassenstein, explains what it has over the other concepts. Decentralised identities have many advantages over isolated and centralised identities in terms of flexibility and privacy protection, as explained in the previously published article. With a self-sovereign ID (self-controlled identity), the user regains sole control over his or her data, as central storage of identity data is no longer necessary. On the other hand, this also reduces data security problems of central identity providers, which are increasingly exposed to attacks. This article introduces the basic building blocks of Self-Sovereign Identities and explains their concept and functionality. The approach of a self-sovereign and decentrally organised identity is not new. This concept has already been used in various forms (e.g. Idemix[1] and uProve[2]). What is new about Self-Sovereign Identity (SSI) is that it works with a decentralised public register. This is a paradigm shift.
The main components of SSI
The technology behind Self-Sovereign Identity enables people, organisations or even things to control their digital identity themselves by also being able to determine at any time which personal attributes are transmitted during an authentication process. Users are thus given more rights but also accountability regarding their personal information.
Actors
– Theholder can create one or more identities themselves, each of which can be referenced with a DID[3] (a type of identifier). A holder first claims something about himself, e.g. where he lives (place of residence). Only when an issuer (e.g. the post office) has certified this, does this assertion become a verifiable proof. The holder can then present this proof, together with their identity, to a service provider (verifier) who can validate information and identity. – Theissuer authenticates properties (attributes) of a holder in the form of verifiable credentials, which have a standardised format[4]. The issuer ideally files the credential in a public register so that anyone can check it. The credential, on the other hand, he hands over to the holder for further use. Issuers are authoritative bodies such as authorities, companies or educational institutions. – Averifier receives a certificate from a holder and can check it with the help of the public register. The verifier can then use the credential to make a specific decision (e.g. access control).
Fig. 1: SSI components
Electronic wallet (ID wallet)
The holder stores DIDs, keys and proofs in a kind of electronic wallet, just as he stores his ID, driving licence, credit cards, etc. in his physical wallet in the real world. Such an ID wallet can be installed on any device and allows SSI data to be transferred from one device to another.
Agents and Hubs
To assist the holder in the processes of creating a DID, requesting proof, establishing secure communication with issuers and verifiers, etc., the SSI infrastructure provides digital agents that “wrap” and protect the ID wallet.
Fig. 2: Agents take the work off the owner’s hands
Decentralised public data registers
The fundamental change in SSI is the move away from a central authority that controls and stores identities. However, this requires a decentralised storage of identities. In order to still be able to offer a reliable data source, a tamper-proof, distributed database must be used in the form of a publicly verifiable data register that cannot be controlled by a single party. Among other approaches, blockchain technology, which is also used in a different form for cryptocurrencies, is a suitable solution.
How it works
Simple trust in an identity
The critical point in verifying a proof is the trust that can be placed in it. In other words, does a verifier trust the information in the proof, the issuer and the identity of the bearer? The trust relationship between the issuer, the holder and the verifier is immensely important. In a simple trust relationship, an examiner trusts the statement made by an issuer in the form of a proof about the identity of a holder.
Fig. 3: Simple trust relationship
In conventional systems, a service provider is only checked for identity (e.g. by a web server certificate). However, the verification of an “identity” is often not sufficient. In many cases, it would be desirable if a service provider could also provide proof of authorisation. This is difficult to implement in conventional models. SSI, however, supports this form of mutual trust with the help of verifiable evidence. An auditor becomes the “auditee”. For example, an owner could require that an auditor provide evidence that identifies him or her as an “insurer”. However, it should not only be possible to verify such trust relationships on a technical level (e.g. by validating digital signatures). Guidelines should also be created at the legal and business level that extend the trustworthiness into technical evidence.
Authentication (DID-Auth)
A holder of an SSI must be able to prove to an issuer or verifier that he controls or is in possession of it. The data formats and procedures for this are summarised under the term DID-Auth[5]. DID-Auth allows unilateral or mutual authentication and the transmission of “Verifiable Credentials” in a secure channel.
Loss of DID or Verifiable Credentials
In a decentralised identity architecture – such as SSI, what happens if a holder loses the DID or associated credentials on their device or it is destroyed? In a centrally administered and controlled identity, this is usually not a problem; you ask the administrator of the identity if they can restore it or issue a new one. After an appropriate verification procedure, the central administration of an identity should be able to do this without any problems. This is not the case with decentralised identities, where no central authority is involved in the creation. This shifts the responsibility to the identity holder. Procedures such as “distributed key management” help the owner to distribute his identity information (key material and other information) to trustworthy trustees and, in an emergency, to restore his identity with their help. Since the trustees only ever own parts of the identity, they cannot use or misuse it themselves.
Conclusion
Even though the technologies for self-sovereign identities are not yet fully developed and some parts are still under development[6], a trend towards self-sovereign identities is emerging. Today’s society has become more sensitive to the “protection of privacy” of each individual, and makes new demands in this regard. The legal situation (at least in Europe) has also changed with the Data Protection Regulation (DSGVO). A technically secure solution that takes into account the protection of the privacy of each participant and is still user-friendly has a future.
References
1] IBM Research: http://www.zurich.ibm.com/idemix [2] Microsoft (formerly Credentica): http://research.microsoft.com/en-us/projects/u-prove/ 3] Decentralised IDentity [4] The Verifiable Credentials Data Model was published in 2019: https://www.w3.org/TR/vc-data-model [5] https://github.com/WebOfTrustInfo/rwot6-santabarbara/blob/master/final-documents/did-auth.md [6] https://w3c-ccg.github.io/roadmap/diagram.html