Image Courtesy: cryptocurrencyhub.io

Self-sovereign identity — 10 guiding principles

Identity is a central piece of society and requires the utmost care when dealing with it. How we define and use identity can tip the scale of democracy.

SSI enabled new identity paradigm is the result of a series of attempts to balance the power structures underlying digital identity and personal data by bringing the individual to the centre of his/her data ecosystem and giving his/her control over the uses of own personal data.

For that reason, we need a series of guiding principles to make sure SSI doesn’t go rogue. The SSI community often uses Christopher Allen’s Ten Principles of SSI as a starting point, a list built on significant community work over 10 years at the Internet Identity Workshop and echoing Kim Cameron’s Laws of Identity.

Below are 10 guiding principles when it comes to SSI. This list is by no means perfect and things have evolved significantly in the last decade, so adding some annotations and enhancements (in the form of “Notes”) in addition to the explanations below.

1. Existence: Users must have an independent existence. Note: This sometimes presumes that everything must be documented to exist.
2. Control: Users must control their identities. Note: The focus is specifically on control and not ownership (e.g. you don’t own your passport, the State does, but you want the right to control the use of it)
3. Access: Users must have access to their own data
4. Transparency: Systems and algorithms must be transparent. Note: To this end, the foundation of all technology solutions to enable SSI must be open source.
5. Persistence: Identities must be long-lived. Note: This principle can be quite controversial when understood to apply to identifiers. We believe that the persistence principle does not and should not be interpreted to mean that identifiers, including decentralised identifiers, should last forever or that they cannot be revoked or abandoned by an Identity Owner. The point is that the Identity Owner must be the one in control of the degree to which that DID is persistent or not.
6. Portability: Information and services about identity must be transportable.
7. Interoperability: Identities should be as widely usable as possible.
8. Consent: Users must agree to the use of their identity. Note: Consent must be real and meaningful, such as the high standard for consent set out in Article 4 of the GDPR requiring a freely given, specific, informed and unambiguous statement or clear affirmative action signifying agreement to processing. While this level of consent is nearly impossible to achieve in today’s big data ecosystem with its huge volumes of data, vast information asymmetries and uneven bargaining power between individuals and organizations, SSI model combined with advances in technology could help us achieve real, meaningful consent in the future.
9. Minimization: Disclosure of claims must be minimized.
10. Protection: The rights of users must be protected.

These principles reinforce the view that the individual is in control of their identity related information, including their identifiers, Credentials, and other personal data. In that sense, they can be understood as a true sign of the quality and values that the decentralized identity community endeavors to enforce through SSI.

Source for the article: https://www.bundesblock.de/wp-content/uploads/2019/01/ssi-paper.pdf