Previous solutions for managing identities are characterized by data silos, which on the one hand are operated by each service provider at great expense – or on the other hand by global identity providers who can relieve the service providers of this expense. The problem with isolated identity management is that the average Internet user has over 20 different identities that need to be created and maintained separately – with corresponding effort and resulting inconsistencies between data silos. Global identity managers like Google help overcome these issues with single sign-on using a Google ID. For the user, this is convenient and simple. However, the sovereignty over personal data and its commercial exploitation is given out of hand.
With this in mind, Self-Sovereign Identities (SSI) strive to combine the user-friendliness of a Google ID with a high degree of user control and privacy.
What exactly is SSI?
SSIs represent the latest stage in the development of digital identities. An identity means all attributes of a person, organization, or object that define this subject. Attributes describe the characteristics of a subject. A digital identity here means the digital representation of these attributes. Depending on the context of use, different partial identities may be required that include only a portion of the attributes.
A credential is a tamper-proof and verifiable proof of attributes of a subject. Credentials are held in a personal digital wallet. The subject is the holder of the evidence, having obtained it from an issuer. An issuer issues credentials according to a scheme that allows cross-application and universal interpretation. A verifier requires, e.g. for access to a service, a proof of authorization (a credential) from the accessing subject. A Verifiable Data Registry is used to exchange identifiers that can refer to subjects, their credentials and their issuers. The Verifiable Data Registry does not contain subject-specific data.
What is the added value of SSI?
SSI overcomes the inconsistent and – for users as well as service providers – costly identity management in isolated data silos and at the same time the dependency on previous single sign-on identity managers such as Google and Twitter, which control, evaluate and exploit users’ login processes. With SSI, subjects such as people or machines have a single identity management (at least for a certain namespace). The credentials assigned to an identity need to be obtained only once and can then be used as needed to fit any number of logon and credentialing processes. Analogous to the plastic card identity, the proofs can be checked without involving the issuer.
Today’s siloed identity management vs. self-sovereign identity management (Adapted from: https://digitaleweltmagazin.de/2019/08/12/chancen-der-self-sovereign-identities-ssi-aus-sicht-von-unternehmen-fuer-das-identity-access-management-iam/)
For service providers, onboarding processes, know-your-customer, and compliance with the associated regulations are simplified. In addition, the identity information provided is current. By simplifying the onboarding processes, users are also more likely to complete them than before.
Users of services (any subjects, including machines) can plug-and-play their identity and easily port their identity between different services. Managing and keeping up to date dozens of user accounts and remembering the associated passwords is no longer necessary, as only one access to the personal wallet is required. Consequently, IT security problems caused by using the same password for different user accounts are also reduced.
What are the challenges?
As a caveat, it may be noted that the benefits and usability of a self-sovereign identity initially relate to those service providers that are present on a Verifiable Data Registry – similar to mobile applications on app stores. By analogy, the more services that can be used over an SSI network, the more valuable it is to its users. Finally, a process of growth and consolidation is to be expected here, which will determine whether certain offerings will prevail.
One critical thought is that the Verifiable Data Registry would create a similar dependency of identity subjects to the single sign-on providers from social media as has been the case to date. However, this idea is misleading because the Verifiable Data Registry can be operated on a blockchain-based network using distributed ledger technology. Multiple decentralized computing nodes that can be operated by different actors would form the network. Often, non-profit organizations such as Sovrin oder the Energy Web Foundation are also active here. A marked contrast to previous single sign-on providers.
A critical factor in the success of SSI will be the ability of credential issuers to establish the necessary trust. Furthermore, as is so often the case, the user experience and the resulting acceptance will be decisive. Solution providers like Spherity use a cloud to offer a user-friendly identity wallet that also stores private keys and protects against unwanted identity loss.
Who is driving SSI?
The federal government and the European Union are among the drivers of SSI. They promote the development of the concepts, technology, standards and regulations up to pilots in a wide range of industries and sectors.
The German Federal Ministry for Economic Affairs and Energy, for example, is promoting the “Secure Digital Identities Showcase”. One of the showcase projects is IDunion. IDunion is working to create an open ecosystem for decentralized, self-sovereign identities. To this end, blockchain technology is being used to build a distributed identity network. The project is driven by 47 well-known research and industry partners. 51nodes is a partner of IDunion.
For example, the European Union is funding the “European Self-Sovereign Identity Framework Lab.” 20 subprojects take care of the creation and extension of an open source software framework for SSI. Another 42 subprojects develop commercial components and services using the SSI framework.
Application example: How can SSI help the energy industry?
In the context of the energy transition, operators of transmission and distribution networks for electric power are facing major challenges and new legal obligations. More than one million (private) decentralized power generators must be integrated efficiently and effectively into existing energy industry processes (e.g., of control power and congestion management in Redispatch 2.0).
Currently, energy industry processes are characterized by product-specific and sometimes complex registration processes at various points. For example, the market master data register of the Federal Network Agency, the control reserve platform of the transmission system operators and the connect+ platform for cooperation and data exchange between network operators. In addition, there is a low motivation of the operators of small power generation plants and ensuring the timeliness of the data at the different registration sites.
The question of required evidence concerns, for example, the type of electricity generation (e.g. EEG plant) or for which energy-economic product the plant may and can be used. The identifiers (Energy Identification Code) for plants are assigned centrally by BDEW. Furthermore, there are requirements for market communication by the regulator, which is carried out with the help of a certificate infrastructure for signing and encryption. I.e. the certificates must be entered and kept up to date at all the above-mentioned offices. In an “Internet of Energy”, when millions of end customers with their decentralized flexibility systems (e.g. electromobility, home storage, heat pumps, etc.) enter the energy market, these systems for handling the mass processes for registration and change requests will reach their limits in the necessary speed.
In contrast, SSI’s approach promises a vision of integrating millions of distributed assets into network industry processes and IT systems in a non-intrusive, plug-and-play manner, without further requiring multiple logins and parallel consistency maintenance in redundant isolated identity management systems. This should reduce hurdles for plant operators and allow network management processes to be set up in a leaner and smoother way. After all, an important contribution would be made to the success of the energy transition.
Currently, 51nodes is working with the transmission system operator TransnetBW to discuss SSI in the context of the energy industry. So far, more than ten potential use cases for SSI have already been identified.
Interested in SSI?
51nodes is a provider of solutions for the Crypto Economy. 51nodes supports companies and other organizations in the implementation of their SSI and Blockchain projects. Do you have questions about digital identities and points of contact for the use of SSI? Please feel free to come to us!
Further information about SSI
(1) Self-Sovereign Identity: The Ultimate Beginners Guide (website)
(2) Self-Sovereign Identity: Basics, Applications and Potentials of Portable Digital Identities (Whitepaper of Fraunhofer FIT)
(3) Opportunities of Self-Sovereign Identities from the Perspective of Companies for Identity & Access Management (Website)
(4) An overview of the SSI ecosystem (scientific article).
(5) A technical implementation platform for SSI in the energy industry: Energy Web Decentralized Operating System (technical concept documentation).