Definition

self-sovereign identity

Alexander S. Gillis

By

Alexander S. Gillis, Technical Writer and Editor

What is self-sovereign identity?

Self-sovereign identity (SSI) is a model for managing digital identities in which individuals or businesses have sole ownership over the ability to control their accounts and personal data. Individuals with self-sovereign identity can store their data to their devices and provide it for verification and transactions without the need to rely upon a central repository of data. With self-sovereign identity, users have complete control over how their personal information is kept and used.

In all models of identity management, a digital identity requires identifiers that ensure users are who they say they are. With self-sovereign identity, however, identifiers do not need an intermediary. This means a user's self-sovereign identity can be registered to a claim, such as a block on a blockchain. The person can then share that identifying data when making a transaction, for example, with a bank.

With self-sovereign identity, users can enter an app on their phone where their identity data is stored, then use an identification number and identity information to verify who they are. Self-sovereign identity adds security and flexibility to users and enables them the ability to share data only when they choose.

Self-sovereign identity concepts

Self-sovereign identity is made up of claims, proofs and attestations:

A claim is an assertion of identity made by the user.
Proofs are the forms or documents that act as evidence for a claim. For example, a proof could be a passport or birth certificate.
An attestation, or validation, is when the other party validates the claim is true. Attestations can be stored in the user's device and are typically machine readable.

Pros and cons of self-sovereign identity

Some pros to using self-sovereign identity include the following:

It is more secure and prevents common attacks to personal data, such as breaches.
Data is more private.
Users have a higher control over their own data.
The process is more efficient.
Users do not have to rely on identity providers that may sell and monetize their data.

Cons of self-sovereign identity include the following:

Users are responsible for their own security.
Multiple identity platforms may be required, meaning users may have to use multiple apps.
Keeping track of personal data and permissions can be complex.
Certain data intermediaries may not be removable.
Proof data is normally unstructured and could be easily faked.

This was last updated in December 2022

Continue Reading About self-sovereign identity

8 best practices for blockchain security

10 ways blockchain can improve IAM

5 IAM trends shaping the future of security

Blockchain for identity management: Implications to consider

Digital identity: Leveraging the SSI concept to build trust

Dig Deeper on Identity and access management

5G NSA vs. SA: How do the deployment modes differ?
Non-standalone 5G uses a combination of existing 4G LTE architecture with a 5G RAN. Standalone 5G, on the other hand, uses a 5G ...
How network data models work with automation
Network data models can help network engineers with their automation strategies, thanks to the essential data they store about ...
A guide on how to learn network automation
Networks are always evolving, and network automation is the next step forward. From soft skills to AI, these skills are essential...

CIO

Where 2024 U.S. presidential candidates stand on tech issues
The next U.S. president will set the tone on tech issues such as AI regulation, data privacy and climate tech. This guide breaks ...
6 tips to plan a digital transformation budget
Formulating budgets for digital transformation projects is fraught with complexities, expectations and unknowns that ...
Businesses left in legal limbo with FTC noncompete ban
Employers need to start planning for compliance with the FTC noncompete ban, effective Sept. 4, despite uncertainty around ...

Enterprise Desktop

Understanding how GPOs and Intune interact
Group Policy and Microsoft Intune are both mature device management technologies with enterprise use cases. IT should know how to...
Comparing MSI vs. MSIX
While MSI was the preferred method for distributing enterprise applications for decades, the MSIX format promises to improve upon...
How to install MSIX and msixbundle
IT admins should know that one of the simplest ways to deploy Windows applications across a fleet of managed desktops is with an ...

Cloud Computing

Why should I use Docker containers vs. VMs for my cloud apps?
Containers and VMs have their own use cases, but one takes the lead in efficiency. Compare the two options, and see how Docker ...
Optimize Amazon Athena performance with these 5 tuning tips
Amazon Athena can provide an efficient, cost-effective method of data analysis. But did you properly optimize Athena performance ...
How to secure Azure Functions with Entra ID
Centralized identity management is vital to the protection of your organization's resources. Do you know how to secure Azure ...

ComputerWeekly.com

NHS Trusts cancelled over 6,000 appointments after Qilin cyber attack
The two NHS Trusts most heavily impacted by the Qilin ransomware attack on pathology services provider Synnovis have cancelled ...
Ericsson, Oppo ink global patent cross-licence agreement
Global comms tech firm teams with leading Asian smartphone provider on multi-year global cross licence covering cellular ...
Telecom Egypt makes nation’s 5G first
Tech provider announces partnership with leading Egyptian telco to bring 5G technology to the country for first time, aiming to ...

Close