In the fall of 2020, the Sovrin Foundation began stewarding an effort on behalf of the global SSI community to consolidate the various definitions of SSI into a single comprehensive set of principles. Over five months, through numerous meetings and doc-a-thons, including an Internet Identity Workshop session with over 80 participants, this list of principles was winnowed down to the following 12. In December 2020, these were translated into 15 languages by volunteers from around the world. All of these translations are published on behalf of the SSI community by the Sovrin Foundation at https://sovrin.org/principles-of-ssi. This is the English language version.
These foundational principles of SSI are intended for use by any digital identity ecosystem. Any organization is welcomed to incorporate these principles into its digital identity ecosystem governance framework provided they are included in their entirety. The principles of SSI shall be limited only by official laws and regulations that apply in a relevant jurisdiction.
An SSI ecosystem shall provide the means for any entity—human, legal, natural, physical, or digital—to be represented by any number of digital identities.
An SSI ecosystem shall enable digital identity data for an entity to be represented, exchanged, secured, protected, and verified interoperably using open, public, and royalty-free standards.
An SSI ecosystem shall not require reliance on a centralized system to represent, control, or verify an entity’s digital identity data.
An SSI ecosystem shall empower entities who have natural, human, or legal rights in relation to their identity (“identity rights holders”) to control usage of their digital identity data and exert this control by employing and/or delegating to agents and guardians of their choice, including individuals, organizations, devices, and software.
An SSI ecosystem shall not require an identity rights holder to participate.
An SSI ecosystem shall not exclude or discriminate against identity rights holders within its governance scope.
7. Usability, Accessibility, and Consistency
An SSI ecosystem shall maximize usability and accessibility of agents and other SSI components for identity rights holders, including consistency of user experience.
An SSI ecosystem shall not restrict the ability of identity rights holders to move or transfer a copy of their digital identity data to the agents or systems of their choice.
An SSI ecosystem shall empower identity rights holders to secure their digital identity data at rest and in motion, to control their own identifiers and encryption keys, and to employ end-to-end encryption for all interactions.
10. Verifiability and Authenticity
An SSI ecosystem shall empower identity rights holders to provide verifiable proof of the authenticity of their digital identity data.
11. Privacy and Minimal Disclosure
An SSI ecosystem shall empower identity rights holders to protect the privacy of their digital identity data and to share the minimum digital identity data required for any particular interaction.
An SSI ecosystem shall empower identity rights holders and all other stakeholders to easily access and verify information necessary to understand the incentives, rules, policies, and algorithms under which agents and other components of SSI ecosystems operate.