Before we talk about what DSSI (Decentralized Self Sovereign Identity) is, we have to talk about why we need basic SSI (Self Sovereign Identity) in the first place. SSI is simply the concept that the individual has the right to own, control, and distribute their personal information. Anybody else that wishes to use someone’s information in any way needs to request it, and the subject of the information has the ability to choose exactly how much information they wish to disclose.
So, how is your identity information handled now? In a word: poorly.
Typically, our credentials are issued to us from some governing body ( medical, educational, certification board, etc.), we get a hard copy (like a driver’s license, insurance card, or social security card) and usually some identification number to go with it. These hard copies have "tamper proof" elements which are used to certify authenticity without any direct communication with a gatekeeping entity (the issuer in this case). This is the basis for self-sovereign identity. A driver's license is a great example of this concept.
Unfortunately, this begins to fall apart as we integrate digital solutions. With a significant transition of verification to the digital space, we've moved away from the concept of SSI and towards an ecosystem managed by gatekeepers. If any of these centralized entities are compromised, the result can be catastrophic. The 2017 Equifax data breach, the Facebook-Cambridge Analytica data scandal, and any other number of online breaches have shown that centralized companies storing our personal information in their vulnerable, easily targetable data silos is clearly not the ideal solution.
Consider the immense power these entities have over your personal well-being. They have a monopoly on your personal information and are in a position to leverage it at your expense. In the case of academic credentials, the US Department of Education is an active proponent of withholding academic verification in the case of loan default. This can result in catastrophic consequences on job prospects which would help absolve the infringing loan.
"Your school may withhold your academic transcript until your defaulted student loan is satisfied. The academic transcript is the property of the school, and it is the school's decision—not the U.S. Department of Education’s or your loan holder’s—whether to release the transcript to you."
- US Department of Education
Another problem arises when we realize that these credential solutions are really bulky – they provide a huge excess of information. When a person is asked to verify their age to buy alcohol, usually they will show their driver’s license. The information needed here is simply whether or not the person is over or under the legal age. A driver’s license provides not only that, but their exact date of birth, name, how long they are allowed to drive, eye and hair color, height, weight, sex, any impediment that may keep them from driving, the classes of vehicle they are qualified to drive, and their exact address.
When you apply for a loan or a job in the United States, you’ll have to provide your social security number. They ask for this to be able to check your credit or report your wages to the government. However, it’s become the de facto identifier for any person in the US, and access to someone’s social security number could be the key to a huge wealth of personal information, and the ability to do any number of things in that person’s name. Suffice it to say, if an identity thief has your social security number, you wouldn’t be blamed for being very, very concerned.
SSI means that not only would you have access to your data, but you’d be able to distribute information only as needed (for example, whether you are over 18 or not) without needing to reveal anything else. Not only that, but you control the access to your information at all times. This would mean fewer Equifax-style breaches, since the data isn’t all concentrated in one place, and there is less data being revealed overall. You’d also be able to see and track usage (and potential misusage) of your information. SSI also has the potential to be much faster than legacy systems, as it removes the (often sluggish) middleman that verifies your identity each time a third party requires that information. Instead, it's a direct line between you and the party you're dealing with and verification can happen almost instantly.
So what’s the difference between DSSI and SSI? Each person having control of their own information (rather than the companies) sounds as decentralized as it can get. But the idea of SSI in itself doesn’t really define HOW this is going to work. A person, born in the middle of nowhere, without any government identification could be the only person on Earth who knows anything about themselves, which is as Self Sovereign as it gets. But when they walk into a bar and are asked to verify their age, they’re not going to be trusted without some sort of accepted verified identification.
In DSSI, we utilize cryptographic security and verification of information, decentralized data storage, decentralized identifiers (DID), and tools to allow the individual to manage their own data. Much of this can be enabled through distributed ledgers. This means that there no central point of failure, and it can’t be shut down or censored by any one company or government. The persistence of the proof of data is a huge benefit of this. Say you’ve lost your diploma, and you need some way to prove you went to University X. However, University X has shut down 10 years ago and is unable to verify your claims or provide another diploma. If you’ve got proof you graduated from the University in a DSSI solution, though, that will be available to you forever.
Moonlight and Vivid are delivering wider availability and acceptance of DSSI and its standards to the world through our work and we envision a safer, easier, and more seamless digital landscape in the future because of it. We’ve seen work on SSI accelerating recently (much in part because of the possibilities offered by blockchain), so who knows – that future may just arrive sooner than we think.
To get started with DSSI, all you need to do is register on the Moonlight platform. All registrations issue a sovereign digital identity and claim. https://app.moonlight.io/register