We live in an information-rich and interconnected world where our ability to maintain full control over our private information is limited. Surveys show that a majority of people are very concerned about their privacy and the lack of transparency regarding their options for regaining control. Self-Sovereign Identity (SSI) offers a compelling vision of a future where individuals would have greater agency over when, how and to what extent they share information with others. Here, we present a practical implementation of SSI in the analog world, which could revolutionize the way we identify ourselves in everyday scenarios like showing a driving license to a police officer or buying age-restricted goods.
The benefits of extending SSI to the analog world
SSI is a set of approaches to digital identity promising users unprecedented privacy, flexibility and control when proving their identity or providing data to a third party. The essential advantage of SSI is the ability to verify one’s identity without relying on a central authority for verification, all while minimizing the amount of information that needs to be revealed in the process.
Although SSI is most often discussed in the context of digital services (sign in to a website, use e-government services, etc.), it also has the potential to replace physical forms of identification, such as student cards or passports. But this would mean much more than simply swapping existing physical solutions for a digital counterpart. An SSI solution for the analog world comes with additional benefits, such as selective information sharing. It would make it possible, for example, to selectively share and verify one’s age with a store clerk to purchase alcohol without revealing all the other sensitive information usually found on a physical ID card. Perhaps even more compelling, SSI allows for zero-knowledge-proofs – where a condition is verified without revealing the underlying information. This would let a user prove that they are old enough to make a purchase without disclosing their date of birth. By relying on these types of cryptographic guarantees, SSI would significantly reduce the leakage of private information and put users in control: a clear departure from the status quo.
Why is the use of SSI in everyday life challenging?
When it comes to practical implementations of SSI, users typically interact with services via a digital wallet on their phone. This wallet is used to store and present their digital identifiers. But the solutions proposed to interact with websites and other digital services do not work well in the analog world. There are too many usability concerns making their widespread adoption unlikely.
Specifically, the current model relies on the verifier – for instance, the website that a user wishes to log in to – to initiate the verification process. For this, the verifier typically presents a QR code that the user then has to scan with their phone’s camera. This starts a back-and-forth between the user (a.k.a holder) and the verifier. The user must first accept the invitation, and then wait for the verifier to request specific information before sharing that information in the form of a verifiable credential. This verifier-initiated workflow makes sense for online authentication processes. But it is ill-suited for real-world interactions, where we need a much simpler, straightforward and user-initiated process.
Back and forth: The typical online verification process
Getting SSI right in the analog world
We investigated a new SSI approach optimized for mobile wallets and physical world interactions. For this, we developed a native mobile wallet prototype application for Android using Aries AIP 2.0 as a proof of concept and showcase.
Simple does it: A streamlined process putting the user in control
In this workflow, the holder initiates the process (potentially after a verbal prompt from the verifier) by opening their mobile wallet and presenting a QR code. The verifier scans this code to open a private and secure channel between the two parties (i.e. using DIDComm). The verifier then uses this channel to receive and check the relevant information from a verifiable credential. This makes for a more streamlined process and puts a bigger emphasis on the holder, who can actively decide what QR code (and therefore information) to share.
We also advocate for the use of edge mobile wallets (where all information is stored on the user’s device) for real-world SSI scenarios since using hosted wallets invalidates many of the advantages highlighted above by centralizing information. Using edge wallets also offers the advantage of making fully peer-to-peer (or offline) connections possible in the future (e.g. over Bluetooth). This will eventually allow for the adoption of SSI in a wider range of real-world scenarios.
Despite some open questions, it is clear that Self-Sovereign Identity offers compelling advantages over the current state of affairs – not only in the digital world, but as shown here, in the analog world as well. By providing a reference design compatible with easy-to-use, real-world SSI, we hope to help precipitate a future where everyone can verify their identity and share information with optimal privacy, security and autonomy.