Self-sovereign identity’s promise is big but so are its challenges

Today’s consumers do not have much say in deciding the destiny of their data. They might not be able to define rules on data privacy, nor to decide how their data should be used by Google, Amazon and others.

Self-sovereign identity (SSI) could solve that issue by giving control over biometric data to consumers. A new paper published by the Association for Computing Machinery (ACM) illustrates SSI’s place among other data-management concepts and its challenges.

Data sovereignty can be understood two ways — people’s right to control their data and as data residency. In the first case, the authors propose that data be governed by the CARE principles for indigenous data governance and the FAIR principles.

CARE (collective benefit, authority to control, responsibility and ethics) is the first attempt to outline collective rights as part of the movement to open data in the context of the United Nations Declaration on the Rights of Indigenous Peoples. FAIR (findable, accessible, interoperable and reusable) principles were developed in the Netherlands in 2015 and have since become a way of sharing data that maximizes the use and re-use of data.

Data residency, on the other hand, is when a business or government specifies the geographical location of its data. The European Union’s General Data Protection Regulation (GDPR) includes data residence.

Another connected term is digital sovereignty, which is getting increasing attention in the context of control over digital assets. Digital sovereignty has been used to convey the idea that governments should reassert their authority over the internet and protect their citizens and businesses with regulations.

Self-sovereign identity is a relatively new decentralized model that has the potential to solve the problems of digital identification and authentication and to give individuals full control of their digital identity, according to the ACM researchers.

Self-sovereign identities are supposed to provide a digital identity, prevent theft and fraud, assure privacy and help get rid of passwords. But it faces challenges.

Among them are challenges in decentralized identifiers, which are often related to the distribution of public keys, the security of users’ personal data and identities, the scalability and reliability of decentralized identifiers, which are commonly based on blockchains and on ensuring users can keep their identities private.

But there are issues beyond technical ones that SSIs have to solve, including standardization. The market is fragmented with legal and regulatory uncertainty. The research also lists relevant frameworks, policy and regulations connected to SSI.

A meta-analysis of research in the self-sovereign identity field shows that most papers focus either on the proof of concept or on the prototype implementation of the concept. Another portion of the research focuses on domains or industries where SSI solutions can be applied. This includes financial banking, education, certification, healthcare, transport, e-government and IoT.

The paper was written by Kheng Leong Tan, Chi-Hung Chi and Kwok-Yan Lam from the Nanyang Technological University in Singapore.

Article Topics

ACM  |  data privacy  |  decentralized identifiers (DIDs)  |  digital identity  |  self-sovereign identity