Dawn Of Self-Sovereign Identity

What is the scale of the internet? It’s almost impossible to precisely quantify the size of this dynamic, ever-growing behemoth. But data stored on the internet should give us a fair idea. This again is no easy task. There are millions of websites out there, each storing their own data on the cloud and tracking that is impossible. One can make an informed guess, though, by calculating the capacity of the data centers across the globe. This number currently stands at 770 Exabytes. That is 770 X 10¹⁸ or 770000000000000000000 bytes! That is HUGE! And the fact that this was all done in the last 50 years (the earliest networks came out in early 1970s) makes it all the more incredible.

This rapid growth has come at a cost. Internet is was built without standards, especially as far as processes related to user data management are concerned. There is no universally accepted user identity management protocol. The approach is Silo-based. Every entity retains and maintains its own database and the same user across different entities is mapped differently. This not only makes the process of knowledge transfer highly inefficient and costly but also makes the data itself vulnerable.

Identity in general has the following traits:

Claim, proof and attestation. Claim is an assertion to an identity made by someone, for eg. My name is John Doe. Proof is a piece of evidence supporting that claim, like a document, for eg. a passport or license, in this case. Finally, attestation is validation of that claim from a recognized authority, for eg. a Notary who would confirm that the document belongs to a certain person.

Digital identity is a sum of all these traits but stored digitally on the cloud in silos managed by the various organizations.

In order to make the system more organized and reliable, user identity management has evolved gradually over time. From being centralized and silo based, it has switched to a decentralized structure. The companies running the cloud storage have started offering solutions to manage user identity that ensure data is not stored in one location and is more secure. But this does not solve the silo issue. User identity is still held privately by each entity and data transfer is still cumbersome.

The obvious evolution, and one that has already started, is towards user-centric/self-sovereign data. Here the data will be stored on the blockchain or other distributed systems but an individual will have sole access to their identity/data. Once validated they can shared an approved token with new services they sign-up, rather than revealing complete details to everyone.

Today, for eg., signing up with a service which legally needs to ensure you are of a minimum age requires you to share your date of birth and also it’s proof. They don’t really need that data, though, and in any case it’s vulnerable once shared, they just need to make sure you are of a certain age and your claim is validated by a recognized authority. This is where validated, self-sovereign identity comes in. You share an approved token with the service and they sign you up. The only information the token carries is that you are above a certain age and that it has been validated. Complete security and desired level of anonymity.