Author: Dr Elias Ekonomou, Architect at Condatis
Our family is moving to a new house: exciting times ahead! Buying a house involves a substantial chunk of identification and authentication. The new trend in Digital Identity is Self-Sovereign Identity (SSI): a solution for authentication that improves privacy whilst giving people control of their personal information and who they want to interact with.
Part-exchange: who are you and why are you in my house?
As we are buying a new build home, the builder has offered part-exchange, which we decided to try, to keep things simple and smooth! As part of the process, numerous professionals, surveyors, estate agents, builder staff etc knock on our door to view our house, assess it and value it.
The first problem we encounter is identifying these people; how do we know if we are opening the door to a legit professional and not some petty criminal? Sure, they could have a badge or business card, but those are easy to copy that they don’t even matter.
SSI offers the secure digital equivalent of a badge. It is a Credential that they have on their phone and can share with yours, or your smart doorbell even, and you’ll be able to tell that it’s the person you expected.
Mortgage advisors, solicitors, and the endless oversharing of private details
Our builder offered a low price that we don’t like, so we are getting a temporary mortgage for the old home instead, to sell it at our own time. This is a high risk, high workload and high return job that would have been much easier with SSI.
We need to apply for two mortgages – when looking for a mortgage advisor, how do you know if they are licenced? How do you know if they will look at the whole market? How do you know if they are any good? Sure, we could google them, but with SSI we could simply scan a QR code on their website to immediately see their accreditations, reviews and other information.
We also need to find a solicitor. Solicitors must do an Anti-Money Laundering (AML) check, which includes an Identity check. The solicitor requires numerous documents and they must all be produced in physical form in their offices.
Not only did we spend the afternoon to go to them; they also had to keep a copy of our documents, hopefully somewhere safe. The solicitor required the following documents:
· Bank statements
· Driving licences
· Signed copy of their “Terms of Business”
All the above would literally be a few clicks away with SSI, for example:
· Banks can give you SSI credentials proving that you have more than enough money in your bank account and that the money is clean.
· Passport check can be replaced with a name check, in a Credential coming from the HM Passport Office stating your first, middle and last name and only that.
· Address check can be the same as name check.
· Terms of Business can literally be signed by tapping and looking at your phone.
Self-Sovereign Identity is the way forward
So how does SSI work and why is it such a good thing? The simple premise is that any entity, called the Issuer, who has information about you can give this information to you in a digital Credential. This could be anything about you like your name, your professional qualification or your credit score. The information goes into your digital wallet App and you can control it from there. Using this Credential, the wallet can create proofs that you have it, for example:
· Proof that you have a job – can be issued by your employer or the tax office.
· Proof that your income is over x – may come from your employer or tax office or even your bank.
· Proof of your name – could come from your bank or passport office.
Now, here are some very important aspects:
· The “magic” bit: Credentials stored in your wallet state the actual values, but the Credential proof that is shared utilises Zero-Knowledge Proofs and only answers with a yes/no. This can minimise disclosure and limit exposure of your privacy to the absolute necessary only.
· Credentials can come from various sources; you choose where to get it from and you choose which credential to use (assuming it meets other requirements).
· In addition to choosing credential Issuers, you can also choose which SSI network to use. If you don’t like your bank, you can use the government SSI network or the Worker’s Union one. The choice will be there, and many networks will work with the same App. The networks themselves don’t see the data, they are all about organising the communications and making sure secure and trusted connections are created between participants.
· Finally, there is security. SSI is built by big names in the industry, that form a community of privacy promoters, cryptographers and engineers who are all experts in their fields. It is open source to the next level. There are numerous well-known open foundations involved including the Linux Foundation, IETF and the W3C.
The advantages of SSI over a paper documentation system or a central database are obvious. In our house buying quest we spent two days dealing with documents. These are two days of my annual leave that I am never getting back. With SSI, it would be less than an hour’s work including the time to set it up for the first time.
The present is boring, the SSI future is a tap on your smartphone.