Self-sovereign identity and identity management
by Lumai Mubanga
Today, there are three major problems with how we transact online today: users have low privacy, fraud prevention efforts cost businesses a lot of money, and password-based authentication leads to frequent data breaches. Will the blockchain-based self-sovereign Identity rectify these?
A self-sovereign identity platform gives developers a new architecture and new tools to solve these problems. So, what is self-sovereign identity?
Every user has some data that they control. These include the date of birth, your physical address and government identification numbers. Self-sovereign identity is an identity made up of this data that you have control over. Currently, though, most of this data is centralized.
Currently, to prove your identity, you probably present some kind of ID to those requesting it who then compare it to a central database. If the two records tally, you are then authenticated.
It is this centralization of Identity data that breeds fraud, individual privacy and impersonation. In addition, protecting that data becomes expensive especially for businesses.
However, how will blockchain technology, combined with self-sovereign identity platforms, help solve these problems?
Verifiable Claims
Self-sovereign identity technologies will not allow users to pass along their identity data as they do today. Instead of passing that data on, users will be able to pass along a claim that they are over a certain age that they reside at a certain physical address that they reside in a particular country.
In addition, Instead of passing along a government-issued identification number, a user will be able to pass along a claim that they have a valid ID. The role of such a claim will simply be a request to prove that a certain piece of information is true minus presenting your actual IDs.
Each claim will have a cryptographic signature from the issuing party as proof or evidence that the claim is authentic. It is for this reason that they are referred to as verifiable claims.
In addition, the user will then be able to choose to show that verifiable claim to a verifying party, who will then be able to check that the signature is valid, that the claim is still valid, and that the claim belongs to the user and to nobody else.
However, it will be up to developers to build identity applications utilizing self-sovereign identity platforms. Definitely, developers will have to design specific Apps for specific IDs. For instance, the Apps for verifying Birth records may be slightly different from Apps verifying Drivers licenses or National IDs because these are issued at different stages in a person’s life.
These verifiable claims will stay with the user on their mobile or another device as opposed to centralized databases. This will allow users to carry digital IDs wherever they are on their mobiles.
When every user has the powers to secure their IDs and only release it to trusted, encrypted cryptographic entries for claim verification, the technology will lead to fewer privacy violations, less identity theft, and fewer data breaches.
Leave a Reply
Want to join the discussion?Feel free to contribute!