I really liked Timothy Ruff‘s recent post: 7 Myths of Self-Sovereign Identity.
I was especially glad to see him confirming my observation that the term “Self-Sovereign” seems to create a lot more confusion than understanding. He makes some excellent points in his post, but it left me scratching my head that such a smart guy has to spend his time busting myths that are really just the result of lazy naming. Then again, should we be surprised? Lazy naming is rampant amongst us technologists, making our lives difficult at every turn…
Timothy writes:
I recently attended the ID2020 event in New York, where some of the biggest players in identity were on hand, working toward fulfilling the United Nations’ Sustainable Development Goal 16.9: Identity for all by 2030. It was an excellent event, lots of energy, very professional, and serious about moving the needle on this BHAG (big, hairy, audacious goal).
We heard first-hand examples of the pains caused by broken identity systems around the world, some of which were truly heartbreaking. Most of us take for granted that we can prove things about ourselves, unaware that over a billion people cannot, leaving them unable to obtain desirable work or advanced education, open a bank account, hold title to property, or even travel. As noted by the World Bank’s ID4D, identity is a prerequisite to financial inclusion, and financial inclusion is a big part of solving poverty.
That means improving identity will reduce poverty, not to mention what it could do for human trafficking. Refugees bring another troubling identity dilemma where the need is critical, and where we are commencing efforts through our partnership with iRespond.
The Culprit
Several times throughout the event, Self-Sovereign Identity (SSI) was discussed as a new and potentially big part of the solution. While there was clearly hope, there was also skepticism that, in my opinion, stems from misperceptions about what SSI really is and is not.
If SSI really was what these skeptics thought, I wouldn’t favor it either. And if they knew what SSI really is, I think they’d embrace it wholeheartedly.
The perception problem begins with the very term, “self-sovereign.”
At one point on the main stage, the venerable Kim Cameron, Microsoft’s Principal Identity Architect and author of the seminal 7 Laws of Identity, quipped:
“The term ‘self-sovereign’ identity makes me think of hillbillies on a survivalist kick.”Kim went on to clarify that he is strongly in favor of SSI, he just dislikes the term and the negative perceptions it conjures up.
Me, too.
Self-sovereign identity is not a great term — for lots of reasons — but until we have a better one, (“decentralized identity” is a serious candidate) let’s clarify the one we’ve got.
I guess it’s OK to postpone the search for a better term (and no, “decentralized identity” isn’t an answer except amongst identerati!) while people read the 7 Myths of Self-Sovereign Identity – but not for much longer, since the myths resulting from the awful failed name may be contagious:
- Self-sovereign means self-attested.
- SSI attempts to reduce government’s power over an identity owner.
- SSI creates a national or “universal ID” credential.
- SSI gives absolute control over identity.
- There’s a “main” issuer of credentials.
- There’s a built-in method of authenticating.
- User-centric identity is the same as SSI.
All the points Timothy makes (except his definition of user-centric identity – my views were explained here in 2008 in – er – ‘terse prose’, rather like espresso) should help convince people who understand identity that SSI is worth looking at.
But the first point stands out as a basic stake in the ground.
Decentralized identity systems must allow us to present claims we make about ourselves (now called self-attested), but must allow us to present claims that express things others say about us too.
Governments offer an excellent example. Governments make laws. For those of us in contact with civilization our legal identities are key to important aspects of our lives – like signing contracts or crossing borders. So our identity systems must allow us to present legal, verifiable, government-backed claims whenever it is appropriate and we agree to do so.
Writing this, I get a strange déjà-vue pointing out that “Just because some tables are green, it doesn’t mean that all tables are green.” Must we really argue that just because some claims should be self-issued, that doesn’t mean all claims should be self-issued?
The principle is self-evident. But I’ll be posting at length about the ways we can combine user-control, self-issued claims and verified claims to create the next big mainstream identity technology.
Meanwhile let’s explain to our colleagues who don’t have the opportunity to interact with real customers that “Self-Sovereign Identity” has been test-marketed and bombed. Let’s start brain-storming a really good name for the true social network that is controlled by its users and allows us to present claims from whoever we want.