Looking to determine if Criipto is the right match for your team? Contact sales →
Live status
Log in
Test for free Contact us
Test for free Contact us
Live status

Table of contents

Author
Natalia Moskaleva 14 December 2024

What is Self-Sovereign Identity?

Self-sovereign identity (SSI), also known as decentralized identity, is a model for managing digital identity that emphasizes individual ownership, privacy, and peer-to-peer interactions. 

Drawing on principles of decentralization, SSI offers a secure, user-controlled alternative to traditional identity systems. SSI started gaining traction around 2015 when discussions at the Internet Identity Workshop highlighted how blockchain technology could transform online identity and trust, which sparked a broader recognition and adoption of this new approach.

Almost a decade later, the ideas behind SSI are tightly integrated into the identity industry, driving changes in how organizations and individuals think about trust, security, and privacy in the digital world.

Understanding SSI

To better understand SSI, it helps to reflect on how we manage identity offline. 

At the heart of SSI is the concept of a digital wallet: a tool you control, filled with credentials like your driver’s license, ID card, university diploma, and loyalty cards. These are credentials you own and can present whenever needed, much like the physical documents in your wallet. In short, SSI brings us closer to replicating real-world identity in the digital space.

But today’s digital identity is still quite different. We have online accounts that are controlled by third parties, not by us. This stems from how digital identity was initially introduced to the internet.

Originally, the internet was built without an identity layer. Its early purpose was to facilitate interactions between machines, not people. The TCP/IP protocol, which governs internet communication, only connects machines by their IP addresses. It doesn't provide any information about the person or organization behind a particular device.

As the internet evolved to support more human interactions, it became clear that we needed a way to verify and manage people's identities online. Logins and passwords emerged as the first mechanisms for users to prove who they are. 

Since then, digital identity has come a long way.

Three models of digital identity

Since the early days of the internet, digital identity has evolved through three main models: centralized, federated, and decentralized. Each offers a different way to handle online trust, privacy, and control. Let’s take a closer look at each.

1. Centralized identity model

The centralized model is the oldest and most familiar. It refers to a form of digital identity where users register accounts with individual organizations, and those organizations have full control over the users’ accounts.

This model has significant drawbacks:

  • Users must manage numerous accounts and passwords.  
  • Identity data is non-transferable and fully controlled by the issuing organization. For example, if Google were to block access to your email account, you would have no way to access it or transfer it to another provider.
  • Centralized databases are attractive targets for hackers, which creates a constant risk of data breaches.

2. Federated identity model

The federated identity model was developed to address some of the limitations of centralized identity. Since 2005, three generations of federated identity protocols have been introduced: SAML, OAuth, and OpenID Connect. These protocols are still in use today.

Federated identity lets people use the same identity across multiple sites. It works by introducing identity providers (IDPs) as intermediaries between the user and the website they want to access. With an IDP, users can log in to several websites with one account, for instance via "Log in with Google" or "Log in with Facebook." This eliminates the need to create separate accounts for each site.

Despite its convenience, federated identity has limitations:

  • No single IDP works for all sites, services, and apps. So users still need accounts with several providers. 
  • Many users are uncomfortable with having an intermediary that can surveil their login activity across multiple sites.
  • IDP accounts are just as non-transportable as centralized identity accounts. If you leave an IDP like Google or Facebook, you lose access to all the accounts linked to it.
  • Major IDPs are prime targets for cybercrime.

3. Decentralized identity model

The key feature of a decentralized identity model is that it is no longer account-based. 

Instead, it is built upon direct, peer-to-peer relationships between individuals and organizations. This approach means that an individual’s digital identity is portable and directly controlled by the user, who isn’t locked to a single provider. 

Since its inception, the decentralized identity model has advanced rapidly, incorporating developments in cryptography, distributed databases, and decentralized networks. 

It relies on: 

  • Verifiable Credentials (VCs): Digital versions of traditional credentials stored in digital wallets.
  • Decentralized Identifiers (DIDs): Unique IDs that enable identification in a manner that is verifiable, persistent (as long as the DID controller desires), and does not require the use of a centralized registry. 
  • Verifiable data registries: Distributed ledgers, such as blockchains, for recording and verifying DIDs. 
  • Public/Private Key Cryptography: Mathematical algorithms that create private and secure connections between the parties.

In essence, the decentralized identity model mirrors real-world identity processes, where individuals share credentials with trusted parties when needed. It involves three key participants:

  • Holder: The individual who stores and manages their verifiable credentials in a digital wallet.
  • Issuer: The entity that issues verifiable credentials.
  • Verifier: The party that checks the validity of the credentials.

What is Self-Sovereign Identity-1

When a verifier requests information, the holder can choose to grant or deny access to their data.

By emphasizing user control, transparency, and portability, decentralized identity offers a radically different approach that empowers individuals and reduces reliance on centralized identity management systems.

How SSI changed the identity space: a very brief overview

In its early days, many identity field professionals viewed SSI with skepticism, thinking it was too ambitious or idealistic. But things have changed since then. In 2020, the Verifiable Credentials (VC) data model was recognized as a W3C standard. Decentralized Identifiers (DIDs) followed suit, becoming a standard in 2022. Decentralized identity is now a recognized concept. Its principles are actively explored and applied to identity systems in various industries.

Both private companies and governments are developing real-world implementations of SSI. For instance, the government of the Canadian province of British Columbia has been at the forefront of early SSI adoption, creating several digital credential solutions and a dedicated smartphone app for storing and using digital credentials. And in  2023, the Kingdom of Bhutan became the first country in the world to implement a self-sovereign national identity system for its citizens. 

Another example of SSI's growing influence is the European Digital Identity (EUDI) Wallet, which integrates verifiable credentials to provide individuals with greater control over their data. This initiative aims to offer a secure, user-friendly digital identity solution that can be used across EU member states to facilitate access to a large number of public and private services.

On a less optimistic note, some argue that SSI has not fully lived up to its original vision. Challenges around adoption, scalability, and standardization have never really been solved. 

In practice, many systems today are blending elements of SSI with more centralized frameworks to overcome some of the early limitations. (For instance, the EUDI Wallet will leverage OpenID for Verifiable Credentials—combining OpenID Connect with the Verifiable Credentials data model.)

One thing is certain: the digital identity space is transforming. We’re moving toward a more inclusive, private, and user-centric model – even though the future is still being shaped right at this moment. While challenges remain, SSI has undoubtedly played a key role in transforming how we manage our online identities.

For a comprehensive overview of SSI, we recommend Self-Sovereign Identity by Alex Preukschat and Drummond Reed.
Author
Natalia Moskaleva 14 December 2024

Latest blog posts

View all posts
A Brief History of Privacy

Over the past two decades, the rapid growth of personal data collection has dramatically changed how individuals, organizations, and governments view...

Why Is Everybody Talking About Age Verification for Social Media?

Should social media platforms restrict minors from certain content? Can they do it?

Multi-Factor Authentication: Definition, Use Cases, and Benefits

Traditional single-factor authentication methods, such as usernames and passwords, are increasingly vulnerable to cyberattacks. Multi-Factor...

View all posts

Sign up for our blog

Stay up to date on industry news and insights