SSI.png

An In-Depth Exploration of Self-Sovereign Identity and Verifiable Credentials

SSI is a new framework that enables an entity to control one’s data. In this article, we’ll see what it is and its implementation with VCs.
image
Affinidi
Nov 15, 2021
    • As we increasingly move towards a digital world, there are many hurdles that emanate from this increased adoption, such as privacy violations, security breaches, and data ownership concerns.

These challenges stem from the perspectives of seeing an entity’s identity as a mechanism of control and a means of monetization, instead of seeing it as something that defines a particular entity and belongs to it! Self-Sovereign identity or SSI, in short, has the potential to change these existing perspectives and to put an entity completely in control of its information.

Self-Sovereign Identity — Principles and Benefits

Self-Sovereign Identity (SSI) is a new framework that enables an entity to control where and how one’s data is stored and with whom it is shared. If you look closely, there are many principles involved in it and they are:

  • Selective disclosure — You disclose only the information you choose to share with others.
  • Decentralized identity management — Since every entity is responsible for its identity, there is no more centralized storage and management of digital identities.
  • Control — The user has complete control over his/her information and can determine where and how it must be shared.
  • Transparency — There is complete transparency for the user on how his/her data is being used and by whom.
  • Interoperability — SSI supports interoperability across different systems
  • Zero-Knowledge Proof (ZKP) — This is a process by which one entity can prove if a statement is true by revealing as little information as required.
  • Portability — SSI supports the use of data formats that are portable across devices.
  • Secure — Since it uses cryptography and blockchain, the information tends to be secure.

These principles provide a ton of flexibility and benefits for both individuals and organizations, and the society at large.

Benefits for Individuals

For individuals, it is a safe and secure way to store and share their information with others, all the while being in control of what is happening with their data. This is a big shift from the existing federated identity and other centralized systems where organizations store and control the way users’ data is shared and used.

Benefits for Organizations

SSI is beneficial for organizations too, as it streamlines the customer onboarding process and at the same time, enables the organization to comply with the growing privacy and security legislation.

With SSI, organizations no longer have to spend resources in protecting and managing users’ data.

Benefits for the Society

SSI helps society as a whole by reducing the number of data hacks and by providing a framework for governance. It can provide the much-needed privacy and security that are necessary to enhance the trust factor among users.

Now that you know the benefits of SSI, how can you leverage it?

While there are many ways to implement SSI, we will focus on its implementation through Verifiable Credentials (VCs).

Elements of a Verifiable Credential

Verifiable Credentials (VCs) are open standards to represent digital identities. These credentials are expressed using JSON and are digitally signed, thereby making them tamper-proof and machine verifiable.

Here’s how a VC looks like.

{ “@context”: [ “https://www.w3.org/2018/credentials/v1", “https://www.w3.org/2018/credentials/examples/v1" ], “id”: “http://example.edu/credentials/58473", “type”: [“VerifiableCredential”, “AlumniCredential”], “issuer”: “https://example.edu/issuers/565049", “issuanceDate”: “2010–01–01T00:00:00Z”, “credentialSubject”: { “id”: “did:example:ebfeb1f712ebc6f1c276e12ec21”, “alumniOf”: { “id”: “did:example:c276e12ec21ebfeb1f712ebc6f1”, “name”: [{ “value”: “Example University”, “lang”: “en” }, { “value”: “Exemple d’Université”, “lang”: “fr” }] } }, “proof”: { … } } Source: w3.org

If you look closely at the VC, it contains the following elements.

Context

The context provides a background to what’s coming and in the case of a VC, it always starts with “@”. This is an ordered set where the first is always the URI — https://www.w3.org/2018/credentials/v1. This lets the other systems know that this is a VC and will process it accordingly.

ID

This element helps to identify a particular object or credential and is unique for every VC. Since this ID doesn’t change, it can be used across devices and platforms to represent the thing. This element can take only one value.

Type

Type is a mandatory field that identifies whether the rest of the JSON code is a verifiable credential or not. Also, it must mention what kind of a credential it is, such as a passport, university degree, driver’s license, and more.

Issuer

The issuer is the entity issuing the credential and along with the holder and verifier, it forms what’s called a trust triangle.

Credential Subject

This is the core part of the VC and describes the VC itself. It talks about the holder and can have many properties such as id, name of the attribute, its value, etc. There is no defined format for this part of the VC as it depends largely on the VC type.

For example, if the VC is a university degree, its attributes would be the name of the university, the degree of the holder, year of passing, etc. On the other hand, if the VC is the holder’s passport, it will contain information such as first name, last name, address, date of birth, etc.

Proof

This is the last element of a VC and is a mandatory one as it contains the digital signature of the issuer. This is the cryptographic part that authenticates the rest of the information in the VC, and this is the attribute that makes the VC tamper-proof and secure.

You can explore different VC types with Affinidi’s Schema Manager.

Also, visit the Dev Portal to learn more about SSI and VC, and how you can leverage our tech stack to generate and issue VCs and to build SSI-based apps.

Get an email whenever Affinidi Publishes!

Subscribe