Digital Identity and Access Management (IAM) Towards Self-Sovereign Identity

Identification and credentials are easier for everyone to work with when they’re digital: vaccination cards, academic qualifications, occupational licenses, employee ID and more. But this highly personal information must remain private and secure.?

Governments, businesses and educational institutions are turning to blockchain as a proven way to enable a secure and trusted infrastructure and improve services.

Digital credentials, which can be securely stored and shared on a mobile device, offer a more efficient, fraud-resistant, and reliable alternative to traditional identity verification that also delivers a better user experience.

At least 80% of government services that require citizen authentication will support access through multiple digital identity providers by 2023.

Putting people in control of their data:?Digital credentials reduce dependency on issuing institutions for validation

Transparency and integrity are needed to build a foundation of trust for digital identification to be accepted universally—which is why distributed ledger and similar technologies are at the core of the digital credential platforms of the future.

Self-Sovereign Identity

As per Christopher Allen

Self-sovereign identity is the next step beyond user-centric identity and that means it begins at the same place: the user must be central to the administration of identity.

Self-sovereign identity requires not just the interoperability of a user’s identity across multiple locations, with the user’s consent, but also true user control of that digital identity, creating user autonomy.

To accomplish this, a self-sovereign identity must be transportable; it can’t be locked down to one site or locale.

A self-sovereign identity must also allow ordinary users to make claims, which could include personally identifying information or facts about personal capability or group membership.

It can even contain information about the user that was asserted by other persons or groups

Organizations can be assured that the credential only exists either in the Issuer's system of record or in the individual's digital wallet.

Issue tamper-proof, verifiable credentials and simplifies the management of credentials for individuals and organizations

Verify instantly whether a credential is authentic and valid

Exchange credentials through secure verifiable presentations

Revoke credentials without revealing credential information

Privacy preserving protocols -

Digital Credentials enforces privacy preserving protocols, guided by the principles of decentralized identity.

Minimize the disclosure of identity information

Selectively disclose the minimal information required to verify the credential

Control the credential information and ensure it remains with the individual or in the original system of record

Interoperability through open standards

The full value of digital credentials is realized with scale. Digital Credentials is built on open-source technologies and complies with credentialing standards so it is interoperable with other solutions.

Export a credential to another system through open standards

Share credential schemas across industries

Connect with other credential networks and system

Many people have written about the principles of identity, including Kim Cameron’s “Laws of Identity” and?W3C Verifiable Claims Task Force FAQ. While there is no clear consensus on what Self-Sovereign Identity is among different thought leaders and organizations,

There are 10 key principles that summarize the essential aspects of SSI.

1) Existence:?A user must be able to exist in the digital world without the need of a third party.

2) Control:?People must have ultimate authority over their digital identities and personal data.

3) Access:?Users must have easy and direct access to their own data.

4) Transparency:?The way?an identity system and algorithms are managed and updated must be publicly available and reasonably understandable. The solution design should be based on open protocol standards and open software.

5) Persistence:?Identities must be long-lasting. Solution developers should implement sufficient foundational infrastructure and design sustainable commercial and operational models.

6) Portability:?People must be able to bring their identities and credentials anywhere, transport their data from one platform to another, and not be restricted to a single platform.

7) Interoperability:?Identities should be as widely usable as possible by various stakeholders. Organizations, databases, and registries must be able to quickly and efficiently communicate with each other globally through a digital identity system.

8) Consent:?Users must give explicit permission for an entity to use or access their data. The process of expressing consent should be interactive and well-understood by people.

9) Minimization:?A digital identity solution should enable people to share the least possible amount of data that another party needs to minimize sharing of excessive and unnecessary personally identifiable information.

10) Protection:?People’s right to privacy must be protected and safeguards should exist against tampering and monitoring information. Data traffic should be encrypted end-to-end.

References