- The concept of identity and the concept of identity on the web
- The birth of the Internet and the problem of digital identity
- Introduction to the founding concepts and technological architecture of Self-Sovereign Identity.
Identity is a purely human concept. It is that “I” of self-consciousness, something that is understood throughout the world by every person living in every culture. As René Descartes said, “Cogito ergo sum” – I think, therefore I am.
The concept of identity and the social ego
The subject of identity and its study is certainly not an easy one to analyse and understand. In philosophy, from pre-Sophists such as Heraclitus and Parmenides to modern logicians Wittgenstein or Russell have struggled to give the concept of the ego an absolute and comprehensive meaning, clearly encountering conjectural limitations. Even in more modern psychology, the subject of the self and identity has always been a topic of great debate, often generating currents, undercurrents and different interpretations.
It is certainly interesting to introduce the concept of the Social Ego, a term that defines the Ego in social relations and interactions, in relationships with people and in the different social contexts in which we are immersed.
With the birth of the web and the first virtual communities, the social Ego was manifested in the strict sense of our virtual presence, our avatar and/or nickname. In the information society, the ego has found a way to expand in the network, becoming itself liquid, contingent and multifaceted. Moreover, it is important to note that there has never been (or at least there is currently no) a real barrier between the online and offline worlds, as these worlds are interdependent on each other. Indeed, cyberspace is a place where interactions, desires, and ideas can be exchanged, potentially amplifying earthly space.
However, the Internet has indeed expanded the self in different forms, providing the user with the possibility to connect and link his or her self with a number of individuals unthinkable until a few decades before, but at the same time it has not been built to grant the subject full control over his or her own identity.
The birth of the internet and the problem of identity
“The Internet was built without an identity layer.”
Kim Cameron, Chief Architecture of Identity, Microsoft
The Laws of Identity, May 2005
What did Kim Cameron, Microsoft’s Chief Architect, mean by “identity layer” with this sentence? What is an “identity layer?” Cameron gave an answer in his groundbreaking series of essays entitled “The Laws of Identity”, published on his blog over a series of months between 2004 and 2005. Taking a small excerpt:
“The Internet was created without a way to know who and what you are connecting to. This limits what we can do with it and exposes us to increasing dangers. If we do nothing, we will quickly face incidents of theft and deception that will cumulatively erode public trust in the Internet.”
What Kim was trying to predict was that the Internet might not yet be ready, as it was designed in its early days, to solve the problem of digital identity. Well, can you blame him?
The birth of the Internet
The Internet was originally not very extensive. When it was first developed in the 1960s and 1970s, the users were very limited and were mostly scientists, computer scientists and academics. Most of them were well known and the main function of the network was to interconnect machines to share information and resources. The solution, packet-based data exchange and the TCP/IP protocol, was so ‘robust’ that it eventually enabled a true ‘network of networks’. So although the Internet was designed to be decentralised with no single point of failure, it was effectively a network made up of a relatively small club in the beginning.
This element is the trigger that Cameron refers to in particular, explaining that with the Internet’s TCP/IP protocol, you only knew the address of the machine you were connecting to; whereas, there was no way of knowing the person or organisation that controlled it. There was no way to identify the person on the network. And what was missing for Kim was an identity layer.
The centralised digital identity
Then the rest, as they say, is history. And it is clear, nobody would have ever expected that the Internet would become an integral part of our lives and identity. Today, there are billions of people and billions of devices connected to the Internet, almost all of them unrelated to each other. It is also no coincidence that in the same years when the issue of identity was being discussed, Facebook, Gmail, LinkedIn were launched, which with perfect timing, at least initially, succeeded in bridging the identity gap, bringing it to be managed in a ‘federated’, rather than centralised, way.
If on the one hand, the presence of these organisations, posed as intermediaries, facilitated user identification, on the other hand, the same centralisation of identity data on the internet opened up two major question marks: security and control over such personal data.
Digital identity is, in fact, one of the main economic sources of cybercrime; moreover, the more data we have on the net, the greater the interest in obtaining it. Our inability to solve the problem of identity on the Internet is reaching a breaking point: either it will be solved, or the very future of the Internet is in doubt.
Introduction to SSI concepts and technology
The need to solve the problem of centralising personal data is at the heart of self-sovereign identity. Having said that, what exactly is self-sovereign identity (SSI)? Generally speaking, SSI can be considered both an ideology and a technological architecture. As far as ideology is concerned, SSI is understood as the will to claim human dignity and authority in the digital world, based on the principle of Enlightenment and on what follows from the Universal Declaration of Human Rights. In terms of architecture, the ISS is a technology, composed of different elements, that enables and empowers individuals to fulfil the conditions set out in the ideology.
Expanding a little on the ideological basis, the main premise is to be able to control one’s digital identity as far as it arises from our relationships and interactions with people, organisations and things. In the words of Christopher Allen, self-sovereign identity is based on human dignity and its extension into the digital world; and, above all, our identity cannot be owned and controlled by someone else outside of us. Freedom and privacy are the keywords we should have in mind.
However, this definition alone is not enough. This series of guides aims to initiate a dialogue on this topic, providing you with all the tools you need to understand this technological and cultural paradigm shift.
The history of the SSI
One of the earliest references to the concept of ‘sovereignty over one’s digital identity’ can be found in developer Moxie Marlinspike’s ‘Sovereign Source Authority’ of February 2012. In a small excerpt, he stated that ‘individuals have an established right to their own identity, but the registry (or national registration) has destroyed the possibility of having control over it’. Although these are strong statements, it is not surprising that almost simultaneously there has been a proliferation of similar initiatives and proposals on the web.
In March 2012, Patrick Deegan started working on Open Mustard Seed, an open source framework that offered users control over their identity through a decentralised system.
Deegan’s message was clear: how to address the issue of sovereign identity through cryptography and mathematical tools to protect user autonomy. Clearly, Open Mustard Seed was not the only experiment with SSI. Everynym Essentials, written by Samuel M. Smith Ph.D. and Dmitry Khovratovich Ph.D., was another key piece in the development of a sovereign digital identity. Finally, in 2016, the World Wide Web Consortium, also known as the W3C, the international non-governmental organisation whose aim is to develop the full potential of the World Wide Web, started to set up working groups to develop open frameworks that would allow the standardisation of this new digital infrastructure.
The architecture of the SSI
And it is here that we will stop with this first guide, briefly analysing what are the fundamental technological building blocks to give users power over their data. Clearly, in the following guides we will analyse these elements in detail, in order to provide you with a complete understanding.
The technological substrate on which self-sovereign identity is based has to do with the technology that gave birth to Bitcoin and other cryptocurrencies: the blockchain. But not only that, in fact to enable the ‘Self Sovereign’ paradigm, the distributed ledger is only one of the technologies used. These clearly include the internet, “the token” we already know today (e.g. JWTs), asymmetric cryptography, hash functions and open identity management protocols. Although Self Sovereign Identity is an innovative technology, the technological tools used have been tested for several years. However, the combination of these has enabled the realisation of this new standard.
The topics covered in this guide will be expanded upon in subsequent guides, so as to provide an overview of all the elements that are part of Self Sovereign Identity, such as:
- Verifiable credentials (i.e. digital credentials)
- Issuers, holders and verifiers
- Digital wallets
- Digital agents and hubs
- Decentralised identifiers (DID)
- Governance frameworks (also known as trust frameworks)
See you next time!