Today, when we interact with someone, be it an individual or an entity, can we be really sure he, she or it is whom they are claiming to be? Anyone can create and fake a social media profile in an instant, while a hacker can easily develop a malicious website and trick someone to visit it (phishing). The fundamental issue here is that identification always happens on one end.
The problems can be summarised with a single word… trust. And it doesn’t just end here.
The Problems in Today’s Internet Identity Landscape
To identify ourselves in the digital realm, we generally use an id and a password. However, we interact with numerous applications daily and it is practically impossible to remember multiple strong passwords. Thus, many of us usually use weak passwords and often a single password for many sites, making us easy preys for dictionary attacks. Additionally, we also tend to use federated identity providers like Google or Facebook. For convenience sake, we give these providers access to our private data on a whim. When these sites/providers get breached, our private data is at risk of being compromised.
Unbeknown to the majority, these providers also sell our data to other companies, who then co-relate our data and sell it to a third company. The data breach of a relatively unknown Floridian company called Exactis brought to light the horrible repercussions of such a massive breach, which affected almost all American companies.
What was more disturbing was the nature of the data. Over 400 elements per record were collected from different sites and co-related to create a user persona. They then sold this data to anyone willing to pay. One well-known example was consulting firm Cambridge Analytica, infamous for its 2018 political scandal. And the worst thing was… no one gave consent to Exactis to collect this data!
Putting Privacy Back Into the Hands of Users
With Self-Sovereign Identity (SSI), we ensure that connections are always unique and data can never be leveraged. A PALO IT Innovation Lab project, SSI provides a lifetime, portable identity to any person, organisation or thing, does not depend on any authority, and can never be taken away.
We are essentially solving a Public Key Infrastructure (PKI) problem in a decentralised way (DPKI). SSI is a two-party model where you form a connection directly with a peer, and what makes this possible is distributed ledger technology. Distributed ledger technology enables each party in the SSI model to trust each other cryptographically, and provides a way to store and verify public keys that anyone else can reference.
Fundamentally, what you have with SSI are digital wallets. Whether it’s your smartphone, laptop, car or any place where you require a digital presence, digital wallets operate on all of your edge devices. With these digital wallets, you form connections with all other peers. Like a conventional wallet, it also “collects” credentials — for example, a passport or a driving license from an issuer. When you need to verify your identity, you have control of what credential you want to show and to whom.
With SSI, you are a first-class citizen of the internet. You will have your own unique and persistent identifier. And you completely own and control your relationships.
Our work on SSI is to simplify the user experience by changing the way credentials are requested, developing apps (mobile and desktop) for end-users, and streamlining the legal and technological connections for organisations willing to participate in Sovrin, the open-source public service utility enabling SSI on the internet. We have also developed a new protocol that provides a way for communication to be established in a decentralised way.
In summary, the four open standards that have emerged to enable SSI are:
1. DID — Decentralised Identifiers
2. DKMS — Decentralised Key Management System
3. DID Authentication
4. Verifiable Credentials
SSI — Great Potential for Positive Impact
The video below highlights the various use cases of SSI and its possibilities:
At PALO IT, we are committed to harnessing the power of technology for the greater good. We see a future where tech brings positive change. Aside from using SSI to reinforce an individual’s ability to own their digital identity, this technology could also be applied to meet the UN’s Sustainable Development Goals as shown in our video. For example, SSI can be applied to reimagine refugee identity, tackle child labour, and secure voter registration systems.
If our work triggers questions and ideas for your organisation or business, please reach out to us to explore a potential partnership!