What is a “Self-Sovereign Identity”?
Data breaches as well as losses are all over the news. If this involves only a few personal details such as first and last name, the damage is manageable. However, nowadays everyone is digitally omnipresent, often with identical data. We entrust such information to companies, online shops, financial institutions, insurance companies, etc. under the assumption that, due to statutory regulations, it will be processed in accordance with the highest security standards. This approach is referred to as a silo because many different data repositories comprise virtually identical data for different purposes.
If this approach was successful, there would be no serious data losses or the need for regulations to protect personal data. Unfortunately, we do not live in this ideal world. Therefore, a new concept is called for: Self-Sovereign Identity or decentralised identifiers.
This new concept restores control over identity data to each data owner. For this purpose, a so-called identity wallet (a digital identifier) is used, which collects and stores verified information on its owner from certified issuers (authorities, etc.)
Similar to a real wallet, you are always in control of your assets, e.g. your credit card, your ID card, etc.
In the event this information has to be disclosed to third parties, this can be done selectively, and usage permission can be revoked at any time. Data is not “submitted”, but access is granted instead. By withdrawing permission, the third party has no right to continue using this data. Thus, we have full control over our own data and benefit from a significantly improved protection against data theft and abuse.
Does this solve all problems?
Yes and no. In general, the approach is long overdue and the idea is well-developed at this point in time. If you bear in mind that the focus lies not on the data itself but on how it is processed, you can already anticipate which applications may be realised by means of this approach.
Not only the unfiltered provision is possible, but also the abstraction. A suitable example is the process of age verification: Age verification is required to comply with statutory requirements. Thanks to SSI/DID, however, it is no longer necessary to disclose the date of birth; instead, it is sufficient to answer the simple question: “Is the data owner over 18 years of age?”
The response will be accepted based on the certified data and can be made verifiably accessible via further technologies without necessarily requiring access to the wallet.
Having these possibilities, however, raises the following questions:
- Which use cases offer actual improvements to us as a company
- How can we integrate SSI/DID into our business processes?
- Which potential solutions are currently under development and are promising?
- What standards might be developing that should be pursued?
- How can the wallet be protected?
- Which manufacturers are involved
- How can users/data owners who are unfamiliar with technology be introduced to this topic?
Like every new idea and technology, it has to prove itself in practice. Regarding SSI and DID, this demonstration is now complete.
Renowned companies actively support the adaptation and acceptance by developing interfaces and integrations.
The right manufacturer for each project
Together with our technology partners, we provide premium products and solutions to optimally meet your requirements. The introduction takes place gradually in manageable project steps which do not overwhelm the organisation or the users.
Please do not hesitate to contact us!
We look forward to assisting you!
We support companies in the adaptation and integration of use cases around SSO / DID in connection with IAM processes. Our experts continue to train consistently and are sometimes ahead of their time, especially when it comes to such fundamentally new ideas. IPG has committed itself to the topic as a service for our customers, in particular due to the necessary measures to want or need to consistently improve data security and data protection of personal data.
Your contact to IPG