Self-Sovereign Identity for Everyday DeFi
Mainstream adoption of decentralized financial tools and financial independence for every individual in the world — this is the original vision of Bitcoin and the objective of Everyday DeFi. It is a huge goal with even bigger implications for society, but how will it actually be achieved?
The notion of self-sovereign identity (SSI) has been making noise in the wake of the FTX scandal and the influx of data hacking and identity theft incidents around the world, and it could hold the key to removing the barriers to entry to decentralized financial applications. By allowing users to take control of their identities and manage their own data, SSI solutions sit as the key that could unlock the door to Everyday DeFi.
What is Self-Sovereign Identity?
Self-sovereign identity is a form of portable digital identity not reliant on any centralized authority that remains under the full control of the individual. Unlike the current centralized identity management system most societies utilize, with SSI, you are the guardian of your identity. You decide who can and cannot see your data and can remove access permissions to your data at any time.
Basically, instead of needing to physically supply your ID card, past bank statement, diploma, etc., to be stored locally on a company’s (potentially unsecured) servers just in order to interact with their services, you can use your “SSI app” to authorize the company to view and automatically verify your identity credentials digitally.
For such a system to work, however, a certain level of trust is needed. The issuer of the data, the holder of the data, and the verifier of the data must be able to trust that the data provided is accurate and truthful — this is referred to as the self-sovereign identity “trust triangle.”
For example, Bob has a job interview with Company X. Company X requires that Bob has a degree in Physics. So Bob (the holder) authorizes Company X (the verifier) to access his credentials through the SSI app, and Company X then verifies his degree with the university (the issuer) automatically using the same application. Bob never has to give up control of his data to Company X, and Company X can be assured Bob’s Physics degree is genuine.
The Pathway to Self-Sovereign Identity
The concept of SSI itself is straightforward enough. However, the practical path to creating a trustworthy, widespread self-sovereign identity system is far more complex. There is still no agreed consensus on what SSI actually is among industry leaders, and even further disagreement on how to build it.
At the center of the conversations surrounding the “how” of SSI is Blockchain technology. It provides a transparent, immutable, reliable, and auditable way to ensure the seamless and trustworthy exchange of data between parties. Most organizations currently building out SSI systems are utilizing blockchain in some way. But the debate on whether to build upon an already established blockchain network, build out a new dedicated SSI blockchain network, use non-blockchain alternatives like Decentralized Identifiers and IFPS, or utilize some combination of all options continues.
To get a clearer idea of the challenges self-sovereign identity must overcome and the pathway to how it is achieved, Christopher Allen’s The Path to Self-Sovereign Identity has become the closest thing to an industry-wide accepted overview. His report outlines the ten fundamental principles that summarize the essentials for any self-sovereign identity system:
Existence: Users must be able to exist in the digital world independently with no third-party influence. “Self-Sovereign existence is the kernel of self that is upheld and supported.”
Control: Users must have authority over their identity and personal data, including who, how, where, and why their data is disclosed.
Access: Users must be able to access and efficiently retrieve all claims and data associated with their identity when needed. There should be no barriers enforced other than those the user has chosen for their own personal privacy.
Transparency: The designs and algorithms for self-sovereign identity systems must be open-source, recognizable, and independent of any particular architecture — their functionality should be easy to examine by anyone.
Persistence: Identities should last forever, or at least for as long as the user chooses. Even if data needs to be changed, the identity should remain. However, the users’ right to dispose of their identity at any time must remain.
Portability: Users must be able to transport their identities easily for use on various platforms. Portable identities help ensure no third party can take control over user identities in the name of convenience.
Interoperability: Self-sovereign identities should be global identities. They should have widespread use and be commonly recognized all over the world, without compromising user control.
Consent: Users must give permission for their Identity to be used and their data to be shared. This procedure for consent must be easily-understandable and purposeful by the user.
Minimization: When a user’s data is shared, it should involve only the minimum necessary data to accomplish the task. For example, if the user is sharing their data to prove that they are over 18 years of age, only the fact that they are over 18 should be shared, not their exact date of birth.
Protection: Identity authentication must occur using censorship-resistant, hacker-resistant, decentralized algorithms. There should be no risk of user rights being compromised. Safeguards should exist to prevent hidden requests from the network that compromise users’ data.
Benefits of Self-Sovereign Identity
Removes the friction and redundancies from the current system
SSI eliminates the necessity of presenting documentation. The current system operates within digital identity silos. Every time you register an account or make a purchase with a new company, you need to provide your identity data, which is stored in isolation on the company’s local servers. Replacing this system with a simple automated verification system using an SSI protocol will speed up transactional times and simplify the fulfillment process, benefiting individuals and companies.
Prevents mass data breaches
The year 2022 saw multiple mass-data breaches affecting millions of users. In the US, a student loan data breach leaked 2.5 million citizens’ social security numbers. And in Australia, the Optus cell network provider data breach revealed the information (including home addresses and passport numbers) of almost half the country’s population. Decentralizing ownership of data and giving users control over their own identity through SSI eliminates the potential for mass breaches. Companies will no longer own or store user data locally, giving attackers no incentive to target them.
Empowers people with control over their own identity
The current system is excessively dependent on a few centralized entities, both governmental and private, that have full control over the right to issue, read, modify, or delete people’s information. This over-reliance on third parties is outdated and dangerous in today’s digital world. Self-sovereign identity gives full control back to the individual over all their data and gives them sovereignty over who has access to it.
How Self-Sovereign Identity Enables Everyday DeFi
The benefits of SSI spread far beyond the rudimentary functions of SSI itself. There is a larger social impact the widespread implementation of SSI also enables, specifically in regards to Everyday DeFi.
Originally proposed by IOVlabs COO Daniel Fogg, Everyday DeFi is about lowering the entry barrier to Decentralized Finacial products. It is the next stage in the evolution of DeFi that will give everyone easy access to the decentralized financial tools that can be used for every financial need.
Self-Sovereign identity creates an infrastructure where no intermediaries are necessary to verify data and empowers the individual as the social grantor. It is the first step to achieving Everyday DeFi.
“SSI creates an open, reliable, secure and transparent ecosystem built over a decentralized architecture, where the reliability is backed up by the network and not by centralized organizations.”
New conventions for doing business, sharing information, and granting access to financial services and resources will be established through the widespread use of SSI. It will give users intuitive, portable access to decentralized financial tools and introduce safeguards that prevent data breaches and thwart identity fraud.
Self-Sovereign Identity Today
Several SSI implementations have already begun to pop up around the world. The City of Buenos Aires and Extrimian are working to incorporate the QuarkID self-sovereign identity system to allow the citizens of Buenos Aires to control their identities. The protocol utilizes existing decentralized blockchain networks Rootstock and Starknet, thanks to the advanced scalability and security of the networks.
Similar solutions have been proposed in Finland and Canada using alternative networks and SSI solutions, as well as a system for Birth Certificates in Illinois, US. In the commercial and banking sectors, SSI solutions are being implemented in order to satisfy Know Your Customer (KYC) requirements.
Such implementations of SSI solutions are still isolated. For an SSI system to perform effectively, it requires the cooperation of many organizations and government bodies globally. Though, as more and more institutions incorporate SSI, the network effect will take hold, and SSI use cases will begin to grow and intertwine, dawning a new era of personal financial empowerment.