New Take on SSI Principles

The term Self-Sovereign Identity (SSI) is rapidly growing in popularity, bit what is it?

SSI is a concept was created as a result of a long quest to find the new way to help create an electronic identity for the Internet that would on one hand allow individuals (and things) to share details on their identity with various websites and applications and, on the the other hand, ensure that this identity doesn’t leak more information than required (e.g. I’m over 18 years old) and can’t be tracked across services (e.g. my employer doesn’t know that I’m talking to several banks to get a mortgage).

SSI as a term can be tracked to the works of Devon Loffretto (“individuals have an established right to an identity” – see here). Christopher Allen, a cryptographer known for his contribution to TLS , chose the term Self-Sovereign Identity  as the name for a new manifesto of 10 foundational principles for digital identity, which he published in a post titled  “The Path to the Self-Sovereign Identity” on April 25, 2016. In this Blog post, he has outlined the history of on-line identity and described how these principles should guide the creation of the new identity system.

In his own words

These principles attempt to ensure the user control that’s at the heart of self-sovereign identity. However, they also recognize that identity can be a double-edged sword — usable for both beneficial and maleficent purposes. Thus, an identity system must balance transparency, fairness, and support of the commons with protection for the individual.

As a result the following principles were formulated :

1. Existence
2. Control
3. Access
4. Transparency
5. Persistance
6. Portability
7. Interoperability
8. Consent
9. Minimalization
10. Protection

The ideas from the article and the principles served SSI community well and helped foster progress on implementing various technical approaches and define initial standards (e.g. W3C DID).

Fast forward to Dec 2020.

Sovrin Foundation, the leading global organizations that created the first functioning global utility network for SSI, publishes a revised set of principles that builds on the original vision created by Christoper Allen in 2016.

The updated set of principles include the following 12 items:

1. Representation
2. Interoperability
3. Decentralization
4. Control & Agency
5. Participation
6. Equity and Inclusion
7. Usability, Accessibility, and Consistency
8. Portability
9. Security
10. Verifiability and Authenticity
11. Privacy and Minimal Disclosure
12. Transparency

The main differences to the 10 SSI principles include decomposition of some of the original ones into separate categories, so that it’s easier to reason whether or not a service really adheres to the key ideas and goals of SSI. There is also emphasis on applicability of the SSI systems and Identities that can represent not only humans, but also legal entities and machines. The latter is very important for the future use-cases  that will include fully digital, automated business processes, services and products produced and consumed by  individuals, their AI driven agents, IoT devices and legal entities, which can can have completely new forms of ownership, such as Decentralised Autonomous Organisations.

This is a very welcome contribution to the emerging body of knowledge and best practices in the SSI space. From our viewpoint, these principles should be the foundation of the future eID Law and ecosystem in Switzerland, as they create a strong and sustainable foundation for the transformation of all key everyday processes for the digital future, without endangering the key values of federalism, democracy, freedom and pluralism that make Switzerland what it is today.