Sovrin, the self-sovereign identity (SSI) network, launched in 2017. But as with most blockchain and decentralized projects, it was a limited launch. Since yesterday, organizations can now write to the public ledger. Although Canada’s British Columbia government is already using Sovrin, until now, it was somewhat ad hoc.
“We are very proud to announce that Sovrin is now open for any organization to begin issuing digital credentials,” said Sovrin Chairman of the Board, Dr. Phillip Windley. “We look forward to working with the first generation of credential issuers to help show how globally verifiable digital credentials can solve many longstanding issues of internet identity and trust.”
“It’s difficult to overstate what self-sovereign identity means for the future of the internet,” said Sovrin Executive Director Heather C. Dahl. “We are looking at the beginning of the end of usernames and passwords. We are looking at an entirely new way of using the internet, one that builds trustworthiness out of respect for people’s identities by interacting via trustworthy digital credentials.”
What is self-sovereign identity?
Self-sovereign means the user is in control of their own identity and credential details, and they can store it themselves or choose where they want to store it. Credentials could include a drivers license, a qualification, or a medical record. In other words, you could save the details on your phone or in cloud hosting of your choice. Once it’s more widely adopted, a hack like Equifax’s which exposed the private information of 148 million people should be far less likely.
Today the Economist published a report “The transparent business barometer: Preparing for the end of easy data“. 78.8% of corporate respondents said data privacy is very important. And 54% believe it will be even more important in three years. That bodes well for the adoption of self-sovereign identity.
The demand for credentialing
PwC recently ran a credentialing blockchain trial for their staff to prove accounting qualifications. Their research found that 37% of “bad hires” are the result of credential or skill misrepresentation. Similarly, Fujitsu and Sony are running a blockchain trial to verify the Japanese language proficiency of foreign hires, because they found when staff arrived in Japan they didn’t have language skills matching their qualifications.
In the U.S. for medical credentialing, there are blockchain projects from the Synaptic Health Alliance, ProCredX and CGFNS for foreign-trained nurses. The Swiss Federal Railways is running a trial to make sure construction workers have appropriate permits. These particular projects may not be Sovrin examples, but numerous high profile organizations are working on Sovrin projects.
We’ve previously written about the credit union CULedger MyCUID which is based on Sovrin. IBM, Cisco, Deutsche Telekom, Swisscom, Perkins Coie, NEC, and numerous others have signed up as Sovrin stewards and are working on projects.
What’s stored on the blockchain?
With Sovrin, personal details are not stored on a blockchain. Organizations and people have Decentralized Identifiers (DiDs). Many organizations will want to have a public DiD which is stored on the public ledger. That way you can verify the organization’s details before you have a relationship. But both individuals and organizations won’t just have one DiD. Instead, you will have one for every relationship you have, and they’re not saved on a blockchain.
As an example, if you want to exchange data securely peer-to-peer with your bank, then you each will have a DiD for that relationship which you each store privately.
In addition to DiDs there’s the concept of credentialing. That may be a passport, a driver’s license or qualification. A college or university might issue you a credential for your degree which you can store on your phone or with a cloud “agent” that you delegate to deal with things when you’re offline.
When you choose to share the credential, in this case, your qualification, you can decide to share only certain aspects. For example, you may only allow a potential employer to see that you have a degree from the college and the major. You may decide that you don’t want to disclose the grade and the year of graduation.
What’s more, the employer can verify the credential with the university. They won’t ask about you personally. Instead, they can verify that the credential you provided was signed with the college’s public key and has not been revoked.
To prevent the ledger from being spammed, a “modest” fee will be collected for writing to the public ledger. In the past, there was some talk about the potential for a Sovrin ICO. Today on Sovrin’s Telegram channel the discussion was raised again with some participants questioning whether it will beneficially impact adoption.
In the more immediate term, Sovrin has been nominated as a finalist for the “Greatest Social Impact” Know 2019 award. The awards recognize individuals and organizations for their contribution to identity, and the results will be announced next week.