As we move towards greater use of online services, and these services increase in value, we find ourselves interacting online in ways that involve sharing sensitive data or making transactions that have the potential for significant consequences. These kinds of interactions, that previously required in-person engagement and the presentation of government-approved photo identification, need equivalent methods of engagement that provide the same level of assurance online. When we can’t present our real-world identity to the service provider, we must present our digital twin, along with proof we are, in fact, the same person.
The previous post focused on identity as a single topic, pulling it away from the data exchange component where it has recently become muddled up. In terms of identity, self-sovereign identity (SSI) and traditional public key infrastructure (PKI) based offerings are, for the most part, on the same page. They put control in the hands of the user, mostly differing around trust, its levels, and where it comes from. For this post, the focus is on data exchange, where both SSI and PKI put much of the responsibility for privacy.
There’s been a lot of talk recently on self-sovereign identity (SSI), as it appears to be the next “new thing” in the digital identity sphere, especially in the context of possibly replacing the traditional public key infrastructure (PKI) based offerings.
Here, I aim to pull apart the kinds of identities we use every day; those in government-led society and those online, and find where self-sovereign identity might fit and where it’s not appropriate. I also want to discuss two aspects of SSI that often get bundled together and cloud the conversation - identity and data exchange. Since SSI relies on data exchange to simply identify ourselves, these two offerings get talked about as one, leading to misconceptions and limited opportunities. I’ll start with identity and uncover what’s important, where. In the second post, I’ll dive into data exchange, highlighting what needs to be considered to achieve a balance of transparency and trust, privacy, control, and security.