Self-Sovereign Identity or the digital identity revolution
With the digitalisation of our society and the dematerialisation of the vast majority of exchanges, the issue ofdigital identity is at the centre of all concerns. From opening a bank account to paying your electricity bills, or making an appointment with your GP, digital interactions between organisations and individuals have become the norm. Sometimes, these digital interactions make everything better: making an appointment in 2 clicks is an amazing experience! But also, this digitalisation can be an issue, especially when the user loses control over one's own personal data).
Today, more than ever, the issue of trust and security has become central, particularly thanks to a collective awareness of the massive data leaks and cyberattacks of recent years (in 2020, the number of compromised personal data - including names, identifiers and passwords - amounted to 36 billion, compared to 15.1 billion in 2019, i.e. more than double). To address these concerns, the Self Sovereign Identity approach has naturally emerged.
Definition of Self-Sovereign Identity
So-called Self-Sovereign Identity (SSI) describes an approach where the individual should be able to control and manage their digital identity, without the intervention of a third-party administrative authority. This user-centric approach - where the individual has full control over the management of his or her personal data - is currently missing from most user experiences on the Internet where such data is stored, managed and used by online service providers, sometimes without the user being fully aware of the scope of use of his or her data. With Self Sovereign Identity, the individual is put back at the centre of the digital experience.
In fact, SSI is simply inspired by the physical world where 1) everyone is free to share information about themselves and 2) providers ask for information that they strictly need to provide access to their services (unlike many online services that ask you for additional, non-necessary information).
Thus, in the real world, a student who wishes to benefit from a discount at a museum presents his or her student card, a traveller applying for a tourist visa provides the supporting documents requested by the country of destination, an employee who wishes to benefit from a company discount for his or her gym membership provides his or her employment contract.
You've got it: in the physical world, you only ask for what you need to get access to a service.
SSI is about replicating this approach in the digital world by putting the individual and their personal data back at the centre of the experience. In this model, to create an account on a social network, you would need nothing more than an email address, a password and proof of age. Service providers and other access providers would only collect the information strictly necessary for their services, no more, no less (no more tracking of your online behaviour to access an email service or a social network). But above all: you will now control third-party services' access to your personal data, with the possibility of revoking it at any time.
Today's technologies allow the digital ecosystem to take the lead in Self Sovereign Identity in its product and service offering, giving control of credentials back to end users.
This is a revolution that will require some adjustments from digital players, whose business models are largely based on the exploitation of this personal data.
What's new in recent regulatory development?
While the concept of Self Sovereign Identity promises an innovative digital experience, it is not new. In 2016, Christopher Allen published a blog post detailing the 10 principles of decentralised identity - Existence, Control, Access, Transparency, Persistence, Portability, Interoperability, Consent, Minimisation and Protection - of which you can find more exhaustive descriptions on page 38 inour white paper.
What has really changed has been the emergence of new technologies and the application of a regulatory framework that makes SSI possible. GDPR and the eIDAS regulation are working to secure data and provide a framework for the expression of ISS.
It should be noted that Europe is positioning itself at the heart of the process by proposing innovative initiatives focused on Self Sovereign Identity. This is notably the case with eIDAS v2, which enables the creation of a digital trust framework, as well as the European digital identity project, which would be a self-sovereign digital identity that can be used anywhere in Europe.
As a reminder, the eIDAS regulation applies to electronic identification, trust services and electronic documents with a view to securing personal data and preserving the digital identity of every European citizen.
How can decentralised digital identity support SSI?
Self Sovereign Identity is an approach that has become established over time, but has suffered until now from the lack of robust and secure technology that can protect everyone's personal data and make access to it as safe as possible.
Blockchain technology solves this problem by offering an architecture that fully embraces the SSI logic, thanks to the immutability of the identification data anchored on the blockchain or the security of the latter with the decentralisation of the register.
Decentralised digital identity, based on blockchain, is all the more relevant as the user directly administers his own digital identity thanks to the use of a distributed registry architecture. It is a first choice alternative to the current model, which means that each time an account is created to access a service (banking, social network, mutual insurance company, etc.), the user's digital identity is managed in databases specific to each service provider.
This centralisation increases the points of failure and is accompanied by an accumulation of personal data at the technology giants.
Today, with the proliferation of online services, the number of user profiles created is uncountable. It is estimated that a person has around 150 different accounts, i.e. 150 different entry points to the personal data of a single individual, who rarely knows how his or her personal information will be used by the service providers (who are not invulnerable to cyber-attacks, as shown by the numerous security breaches of recent years).
By giving the user the keys to his or her digital identity, the combination of the SSI approach and blockchain technology would make it possible to
- Secure access to digital services: tax payments, printing of entitlement certificates, etc.
- Access to its digital financial services: creation of a bank account, transfer orders, etc.
- Enhance privacy protection: reduce the risk of cyber-attacks through the use of a distributed registry
- Simplifying education-related services: providing access to a diploma or certificate of study
- Access to health services: make an appointment with a doctor, create an account with a mutual insurance company, etc.
- Improve the customer experience on many platforms: create an account without a password...
The Archipels augmented identity platform takes an SSI approach
Aware of the complex technical challenges that an SSI approach represents for a company, Archipels offers turnkey solutions to enable companies and administrations to opt for a digital identity system based on a Self-Sovereign Identity approach. Automatic identity verification, certification of documents with probative value or electronic archiving in less than a second, the Archipels platform adapts to all your use cases while respecting the confidentiality of your end users and the European regulatory standards on data security.
In this way, companies can completely revolutionise their approach to data management and digital security of their users, while substantially improving the user experience - from onboarding to monitoring of users and customers - and thus increase their revenue.
If you would like to explore Self-Sovereign Identity with us, please contact us!