Self-Sovereign Identity offers a new perspective on one of the most important challenges of society and computing: safely managing our digital identities. As early adopters and leaders in this area, Drummond Reed and Alex Preukschat are uniquely able to introduce the technology and potential of SSI. In this book, you’ll enjoy not just their insights, but also the experiences of many other leading practitioners.
Most of what we call “identity” isn’t. It’s identifiers. It’s how some organization identifies you: as a citizen, a driver, a member, a student. Those organizations may issue you an “ID” in the form of a passport, license, or membership card, but that isn’t your identity. It’s their identifier. Your identity—how you are known to yourself and to others—is something else: something much more personal and under your control as a self-sovereign human being.
Self-sovereign identity (SSI) gives you control over what others need to verify about you, on a need-to-know basis. Simply put, it replaces identifiers with verifiable credentials. And, in the process, it greatly simplifies and speeds up the way identity works in the digital world for both individuals and organizations.
It’s early in the evolution of SSI; but not so early that we can’t get answers to the questions of how it’s going to work and where it’s going. Both of those questions are of massive importance and why this book is essential at this juncture in the history of digital technology. Reading and learning what’s being shared here might be the most leveraged thing you do this decade.
But before you start, it should help to visit how identity already works in the natural world where we live and breathe. True, it can get complicated, but it’s not broken. For example, if an Inuit family from Qikiqtaaluk wants to name their kid Anuun or Issorartuyok, they do, and the world copes. If the same kid later wants to call himself Steve, he does. Again, the world copes. So does Steve.
Much of that coping is done by Steve not identifying himself unless he needs to and then not revealing more than what’s required. In most cases, Steve isn’t accessing a service but merely engaging with other people, in ways so casual that no harm comes if the other person forgets Steve’s name or how he introduced himself. In fact, most of what happens in the social realms of the natural world is free of identifiers and free of recollection.
How we create and cope with identity in the natural world has lately come to be called self-sovereign, at least among digital identity obsessives such as myself. And there are a lot of us now. (Search for self+sovereign+identity and see how many results you get.)
Self-sovereign identity starts by recognizing that the kind of naming we get from our parents, tribes, and selves is at the root level of how identity works in the natural world—and that this is where we need to start in the digital world, as well. In the simplest possible terms, we need to be in control of it.
Our main problem with identity in the digital world is that we started with no personal control at all. Everything we did with identity began with organizations’ need to put names in databases. This served the administrative convenience of those organizations—and our convenience only to the degree that we are known separately to all the organizations that know us.
If we want to make SSI work on the internet, we have to respect the deeply human need for self-determination. That means we need to provide individuals with new ways to obey Kim Cameron’s seven laws of identity (explained in chapter 1), most notably individual control and consent, minimum disclosure for a constrained use, and justifiable parties.
Put as simply as possible, we need to give administrative systems no more personal information than they require. We call that information verifiable credentials. Note that these are still not identities. They are nothing more or less than what the other party needs to know.
This book explains how all this works. The authors of those explanations are pioneers and explorers working to make new systems while helping old ones adapt. The main point you need to keep in mind as you read the book is this: it’s personal.
Self-sovereign identity isn’t about administrative systems. It’s about you and me and how we selectively disclose personal information to others on a need-to-know basis, and being able to do that at scale. Getting to scale requires lots of help and alignment from the world’s incumbent identity systems. But those systems by themselves are not self-sovereign. You and I are. That’s the key. And it’s the only one that will open the true future of digital identity.
preface
On February 4, 2021, the following graphic appeared in the New York Times, under the headline “Pack your ‘Vaccine Passport’”:
The article, written by travel reporter Tariro Mzezewa, starts by explaining this new concept:
A vaccination pass or passport is documentation proving that you have been vaccinated against Covid-19. Some versions will also allow people to show that they have tested negative for the virus, and therefore can more easily travel. The versions being worked on now by airlines, industry groups, nonprofits and technology companies will be something you can pull up on your mobile phone as an app or part of your digital wallet.
The technology described in that paragraph—more formally known as verifiable credentials—is precisely the subject of this book. As the article goes on to explain, the worldwide rollout of COVID-19 vaccinations has triggered an avalanche of demand for verifiable digital credentials that will enable individuals to easily, safely, and privately prove they have received a COVID-19 test result or vaccination.
One of the most visible of these initiatives is the World Health Organization (WHO) Smart Vaccination Certificate Working Group (https://www.who.int/groups/smart-vaccination-certificate-working-group). When co-author Drummond Reed was invited in January 2021 to participate in this working group, he was asked if he knew of written materials the working group could read to quickly come up to speed on the open standards, open source code, governance frameworks, and real-world deployments of verifiable credentials.
Given that this book—a product of two years of work by over 45 contributing authors—was just entering the final stages of production, Drummond recommended several of the most relevant chapters. Manning obliged by providing WHO with a digital version of the requested chapters within 24 hours so they could be ready for the first meeting of the working group held February 3-5, 2021.
This anecdote illustrates the extraordinary way in which the COVID-19 pandemic is catapulting verifiable credentials and self-sovereign identity (SSI) technology into the internet mainstream. Just as pharmaceutical manufacturers were called upon to compress the normal four- to five-year vaccination development process into a matter of months, verifiable credential developers and integrators are being asked to compress a typical four- to five-year technology adoption cycle into a matter of months.
It is entirely possible that by the time you read this book, you will have received a “jab” and at the same time—or shortly thereafter—downloaded a digital wallet app, scanned a QR code, and received a verifiable digital credential that you can use to prove the precise vaccination you received.
In short, you will already be using SSI. And so will millions of other people around the world, to help reopen global travel and our economies.
We hope this is just the tip of the iceberg for what SSI can do—for all of us. And that will be just the very beginning of the SSI story.
Of course, we could not have anticipated this when we began work on this book over two years ago. But neither was it a cosmic coincidence. Rather, it was an outcome of the mutual trajectories of our careers. Here is a little about our own stories.
In 2014, driven by my interest in cryptocurrencies, I published the world’s first graphic novel about Bitcoin, called Bitcoin: The Hunt for Satoshi Nakamoto. Over the next several years, it was published in English, Spanish, Russian, Korean, and Brazilian Portuguese. Then, in 2017, I published Blockchain: The Industrial Revolution of the Internet (Spanish title: Blockchain: la revolución industrial de internet) (Gestión, 2017). This became the reference book about blockchain in the Spanish-speaking world. Shortly after that, inspired by David Birch’s book Identity Is the New Money (London Publishing Partnership, 2014), I was motivated to begin working in the decentralized digital identity space. I connected with one of the leading companies in that space, where I had the opportunity to begin collaborating with identity evangelist Drummond Reed and cryptographic SSI pioneer Jason Law.
Realizing the enormous potential of this new space being called self-sovereign identity or SSI, I founded SSIMeetup.org with Drummond’s and Jason’s support. It was an open community-based platform to share knowledge about SSI with the world. Everything on SSIMeetup is available via a Creative Commons Share-Alike (CC BY SA) license that allows free usage with attribution. I began doing webinars with leaders in the SSI space.
With each webinar I did, and the resulting discussion on social media, I realized the growing role that decentralized digital identity was going to play in the world. It unified everything I had been doing since 2006—understanding money, learning about blockchain, and discovering the power of a new type of digital identity.
That’s when I had the inspiration to invite Drummond to join forces to create what we hoped would become the reference book about SSI—one that would explain this fascinating topic not just to developers, but to business people, policymakers, university students, and myriad others who could start to put SSI to work in their everyday lives.
Decentralized digital identity encompasses much more than the word identity means by itself. Decentralized digital identity is at the crossroads of the free software / open source world, peer-to-peer technologies, cryptography, and game theory. In the same way that Bitcoin taught us that these disciplines could be recombined to create something new, decentralized digital identity recombines them into something so unique and powerful that some are calling it “the Internet for identity.”
While Bitcoin touches on one of the pillars of society—money—identity is even more fundamental. Human lives are too short to fully recognize and appreciate the cycles and changes of mankind, but exponential technologies like blockchain, artificial intelligence, biotech, and many others have accelerated the pace of change much faster than ever before in history. And while we crave change because of the opportunities it provides, we also fear it because of what we might lose in life as we know it.
SSI is one of the expressions of how the world as we know it may be completely reshaped. The outcome of that reshaped world is very hard to predict. It could fulfill the most beautiful of utopian dreams for a better and more balanced society. It could also become a dystopian nightmare.
Of course, the former is my hope for SSI. However, I’m not sure exactly how we will get there and which technologies will create the future “identity stack.” What I do know is that it is crucial for as many of us as possible to be involved and understand the opportunities to create that world together. So I have poured my heart and soul into bringing together some of the finest identity evangelists, thinkers, pioneers, and business people I could find, to share their visions of this future.
Each of them speaks in their own voice and shares their own vision—and they are by no means all the same. Much of what you will learn from this book is the different paths and tools they advocate for building that vision. But they share the belief that SSI can become a game-changing tool in your life—personally, professionally, economically, even politically. In short, if you take this path and one day look back at it, I think you’ll be glad you did.
Alex is one persuasive dude. Ever since this technology—nay,—movement that we now call SSI started to really take hold in 2018, I have been busier than at any time in my life. And here Alex was asking me to help him put together an entire book on this subject—when I couldn’t even find the time to write the papers and blog posts about SSI that were part of my day job at Evernym (and my night job at that time as a trustee of the Sovrin Foundation).
Was he crazy? On the other hand, the webinars I had started giving on his SSIMeetup.org site were proving to be surprisingly popular, and Alex made a compelling case that someone needed to pull together a complete book about SSI to support its growth and transition into the internet mainstream. What finally convinced me was his argument that I would only need to contribute a few chapters about the areas I was most deeply involved with; for the rest of the book, we would curate contributions from other experts across the growing SSI industry and other industries adopting SSI.
We were about a year into that effort—with much of our own content written and many chapters from contributing authors already received—when the COVID-19 pandemic hit. Suddenly our worlds (and everyone else’s) were turned upside down. We halted work on the book and, for a time, were not even sure if we would be able to continue. Then, after a few months, we realized that not only was SSI continuing to move ahead in the market, but also the need for verifiable digital credentials as a new tool for dealing with proof of COVID-19 testing—and soon vaccinations—might lead to even greater demand for SSI-based solutions.
Even so, when we restarted work on the book in the late summer of 2020, we had no idea of the tsunami of demand for SSI that was about to be unleashed by the COVID-19 earthquake. Once the arrival of the first vaccinations became imminent in late 2020, the market demand for an easy, fast, hard-to-forge solution for individuals to be able to prove their health status went through the roof. Within weeks, multiple initiatives to issue digital vaccination credentials were announced, including the World Health Organization (WHO) Smart Vaccination Certificate, IATA Travel Pass, Vaccination Credentials Initiative, AOK Pass, and Good Health Pass Collaborative.
Suddenly it was clear to everyone that SSI was about to go mainstream—and that by the end of 2021, verifiable digital credentials would be in the digital wallets of tens of millions of people around the world, being used multiple times every day for travel, work, sports, and other situations where proof of health status was needed for public safety.
Of course, I am heartbroken that a global public health crisis was what catapulted SSI into the limelight. But if SSI can play a part in helping us deal with the tremendous human and economic pain caused by this once-a-century pandemic, then I want to do anything I can to help. And if publishing this book can assist governments, public health authorities, healthcare providers, companies, universities, cities, and other communities around the world in understanding and implementing SSI more quickly, then I am all the more thankful that Alex persuaded me to help write it.
acknowledgments
From the very outset, we envisioned this book as a collaborative effort among many experts in the emerging SSI industry. So we want to begin by thanking each and every one of these contributing authors—this book would have been impossible without them.
A special thanks to several of these authors who did double duty by either contributing to multiple chapters or helping us review and edit multiple chapters. These include some of the best technology writers we know: Daniel Hardman, Markus Sabadello, and Shannon Appelcline.
When Oscar Lage was introduced to Mike Stevens of Manning Publications, that meeting sparked the first conversations in 2018 that kicked off this book. A special thanks to Oscar for that introduction and for co-authoring chapter 19 about the Internet of Things (IoT).
At Manning, we’d like to thank our development editor Toni Arritola for her perseverance as first our workloads and then the pandemic (and then both) stretched the limits of everyone’s patience. Her wise words about taking one step at a time paid off in the long run as she promised. Thank you also to our copy editor, Tiffany Taylor, for moving swiftly and surely through a book that was very complicated to edit. And our thanks to Mike Stevens and the rest of the editorial team at Manning for pushing through the extra hardships of the pandemic to get this book to publication.
To all the reviewers: Michele Adduci, Sambasiva Andaluri, Davide Cadamuro, Joe Justesen, Justin Coulston, Konstantin Eremin, Chris Giblin, Milorad Imbra, Michael Jensen, Aidan McCarty, Steven H. McCown, Sanket Naik, Zhu Vlad Navitski, Julien Pohie, Simone Sguazza, Stephen John Warnett, Brian van den Broek, Hilde Van Gysel, Sumit Pal Vincent, Chris Viner, Aleksander Wielgorski, Maura Wilder, and Sander Zegveld, your suggestions helped make this a better book.
We also want to thank our compatriots at Evernym, with whom we have been collectively forging SSI since 2016, especially co-founders Timothy Ruff and Jason Law and the outstanding executive team, board, employees, contractors, and investors. A special mention to Misty Bledsoe, who helped in the early drafting stages of the book.
Thank you also to all the board members, staff, and volunteers of the Sovrin Foundation who helped build the first global public utility for SSI and made it real for the world.
Finally, a shout-out to the co-authors of the Hyperledger Aries RFC that laid the groundwork for the ToIP Foundation: John Jordan, Dan Gisolfi, Darrell O’Donnell, Daniel Hardman, and Matthew Davie.
I would never have been in a position to write this book without partners and investors who believed in the vision of decentralized data sharing and digital trust infrastructure. This started with my Pattern Language consulting partner, Nick Duckstein, and my Intermind co-founder, Peter Heymann, together with anchor investors Barry Forman and Bill Bauce. It continued with Cordance board chair John Jordan, CEO Vince Calouri, and CFO Lon Weise. And a very special thanks to the executive team at Respect Network—Steve Havas, Les Chasen, and Gary Zimmerman—board chair Gary Rowe, and board members Barry Forman, John Kelly, and Bill Donnelly. I am deeply indebted to all the investors, led by Bill Donnelly and Mike and Trish Peters, whose belief in the Respect Network vision carried us through to the acquisition by Evernym.
I am also very thankful for the unending contributions of the three founders of the Internet Identity Workshop: Kaliya “Identity Woman” Young, Phil Windley, and Doc Searls. You are the moral center of the SSI movement and have kept it on the right path for 15 years. I am also grateful to Joyce Searls for being the ever-steady hand guiding the SSI community with her practical wisdom and effortless clarity every step of the way.
Finally, I want to thank every last member of the global SSI community, so wonderfully described in chapter 16 by Kaliya and Infominer. You have built everything we describe in this book. It is your passion and lifeforce that will “make it so.” Keep going!
about this book
Welcome to Self-Sovereign Identity! Our goal in this book is to first introduce you to the basic concept of self-sovereign identity (SSI) and give you a solid understanding of why we’ve reached a watershed in the evolution of internet identity. The rest of the book is designed to help you deepen and broaden that understanding.
We do that not just through our voices, but also through the voices of leading SSI experts from around the world. They share their perspectives on various aspects of SSI: the technology, the business and legal implications, the social impact, and even the philosophy.
We bring you specific examples of how SSI might be used to solve real market problems so you can see how it might be applied in your work, family, company, school, industry, city, or country. We also hope this book will open the discussion for other stakeholders and perspectives from society.
Who should read this book
Our philosophy in composing this book is that successful developers, product managers, and business leaders will benefit from a holistic overview of a foundational new technology in order to see the bigger picture, understand the cross-disciplinary currents, and assimilate upcoming major market shifts into their work. SSI is one of those cases that demands a mix of visions and skill sets to shape it into the future we want for the world.
The target audience of this book is quite varied. We expect all these people to be interested in different parts of the book:
For this reason, we have structured the book in four major parts:
Part 1 provides an overall introduction to SSI—where it came from, how it works, and its major features and benefits. This should be applicable to all audiences interested in SSI.
Part 2 is specifically designed for technical professionals who want a deeper understanding of the major components and design patterns of SSI architecture without having to go quite all the way down to the code level.
Part 3 goes in the other direction: it focuses on the cultural and philosophical origin story of SSI and what this means about its ultimate impact on the internet and society. This part is especially relevant for readers interested in privacy and those who want to understand the origins of the SSI and decentralization movements.
Part 4 explores what SSI means for business and government through industry experts who convey how it applies to their specific market vertical. This part is especially relevant for architects and product managers who need to convey to their business leaders why SSI matters to their business units—be it opportunity, threat, or disruption.
Chapter 1 introduces the basic concept of SSI and explains how and why it represents the third era of digital identity for the internet. The three remaining chapters in part 1 are as follows:
-
Chapter 2 —Introduces digital credentials, wallets, agents, decentralized identifiers, blockchains, and governance frameworks
-
Chapter 3 —Presents seven examples of how the building blocks can be put together to solve hard problems of digital trust
-
Chapter 4 —Discusses 5 categories summarizing the 25 key benefits of SSI infrastructure
We recommend reading these chapters sequentially as they apply to anyone interested in SSI, regardless of whether your focus is technical, product, business, or policy.
In part 2, we dive deeper into SSI technology for those readers who want to seriously understand how it works. While these chapters do not go quite all the way down to the code level (with the exception of some code examples in chapters 7 and 8), they cover all major aspects of SSI architecture and should provide a solid technical introduction for architects, developers, system administrators, and anyone who wants to understand the SSI “stack.” The topics are as follows:
In part 3, we broaden the focus to look at SSI as a movement that crosses traditional industry boundaries and encompasses larger technological, legal, social, or political infrastructure. We explore how the decentralization technologies powering SSI are rooted in even larger shifts of philosophy, society, and culture. We discuss the various points of view—historical, political, sociological—on what is and is not considered SSI and why. We hope this part is relevant for all readers, but if your focus is primarily on SSI technology or business solutions you can choose to skip it. Here are the topics:
In part 4, we look at how SSI will impact different categories of business, industry, and government—with chapters written by individual experts in each of these verticals. Most chapters end with a SSI Scorecard summary (defined in Chapter 4) assessing the impact of SSI on that particular vertical market:
-
Chapter 20 —Animal care and guardianship just became crystal clear
-
Chapter 22 —Supply-chain management powered by SSI in Pharma
Finally, we have a set of appendices that provide additional tools and perspectives to help you further explore SSI:
-
Appendix A —A roster of 11 additional chapters that appear in the liveBook edition of this book to continue the exploration we begin in part 4 of vertical market applications of SSI as explained by experts in each market.
-
Appendix B —A list of famous essays about SSI, published on the web, that go deep into special topics on SSI and decentralized digital trust infrastructure.
-
Appendix C —“The Path to Self-Sovereign Identity,” by Christopher Allen. This is the original landmark essay about SSI written by the co-author of the SSL protocol that finally standardized encryption on the web.
-
Appendix D —“Identity in the Ethereum Blockchain Ecosystem,” by Fabian Vogelsteller and Oliver Terbu. This is another landmark essay about SSI from one of the best-known developers in the Ethereum ecosystem together and the identity product lead at ConsenSys.
-
Appendix E —“The Principles of SSI.” We conclude the book with a listing of the 12 foundational principles of SSI developed by a global community project hosted by the Sovrin Foundation and published in 15 languages in December 2020.
About the code
The technical chapters of this book are mainly in part 2. Because of the wide-ranging architectural and design choices possible for SSI, the book in general does not go down to the code level. The exception is examples of verifiable credentials in JSON and JSON-LD in chapter 7 and DIDs and DID documents in chapter 8. However we also include numerous references to the major open source projects working on SSI components around the world, most of which are highly accessible.
liveBook discussion forum
Purchase of Self-Sovereign Identity includes free access to a private web forum run by Manning Publications where you can make comments about the book, ask technical questions, and receive help from the author and from other users. To access the forum, go to https://livebook.manning.com/#!/book/self-sovereign-identiy/discussion. You can also learn more about Manning’s forums and the rules of conduct at https://live book.manning.com/#!/discussion.
Manning’s commitment to our readers is to provide a venue where a meaningful dialogue between individual readers and between readers and the authors can take place. It is not a commitment to any specific amount of participation on the part of the authors, whose contribution to the forum remains voluntary (and unpaid). We suggest you try asking the authors some challenging questions lest their interest stray! The forum and the archives of previous discussions will be accessible from the publisher’s website as long as the book is in print.
Other online resources
All chapters have references that can be relevant for further reading. We especially recommend the references in chapter 16, which covers the evolution of the internet identity and SSI communities.
Throughout the book, we have included references to SSIMeetup.org webinars whenever there is a webinar with more information about the corresponding chapter. You can also sign up for more updates related to the book at IdentityBook.info.
We especially recommend following these communities to stay current in the SSI space:
-
W3C Verifiable Credentials Working Group, https://www.w3.org/groups/ wg/vc
-
W3C Decentralized Identifier (DID) Working Group, https://www.w3.org/ 2019/09/did-wg-charter.html
-
W3C Credentials Community Group, https://www.w3.org/community/creden tials
-
Decentralized Identity Foundation, https://identity.foundation
-
Sovrin Foundation, https://sovrin.org
-
Trust over IP (ToIP) Foundation, https://trustoverip.org
-
COVID-19 Credential Initiative, https://www.covidcreds.org
about the authors
|
|
Alex Preukschat @AlexPreukschat Alex is passionate about exploring the new horizons that exponential technologies offer for continuous social transformation as a process of self-discovery. He is the co-founder of Blockchain communities BlockchainEspana.com, focused on Spain; AlianzaBlockchain.org of Iberoamerican communities from Argentina, Chile, Colombia, Bolivia, Panama, Guatemala, Costa Rica, Mexico, and Spain; and SSIMeetup.org which is focused on SSI knowledge sharing. He is the creator of the first Bitcoin graphic novel of the world (BitcoinComic.org) and the Spanish Blockchain bestseller Blockchain: the industrial revolution of the Internet (LibroBlockchain.com). He has also created a cryptocurrency mobile game with MoneyFunGames.com and is a 1729.com enthusiast. Alex was the Global Head of Strategic Blockchain Projects with Evernym and has worked and started a number of Blockchain and Technology ventures in his career. He studied at Universidad Pontificia Comillas-ICADE E-4 in Madrid (Spain) and ESB Reutlingen (Germany). |
about the cover illustration
The figure on the cover of Self-Sovereign Identity is captioned “Marguerite of France.” The illustration by Rigaud D’Aurellie is taken from a collection of works entitled Costumes Historiques de la France, published by the French Administration of Libraries in 1852. The collection includes fine drawings of historical costumes, monuments, statues, tombs, seals, coins, and more. Each illustration is finely drawn and colored by hand and the rich variety of drawings in the collection reminds us vividly of how culturally apart the world’s regions, towns, villages, and neighborhoods were just over a century-and-a-half ago. Isolated from each other, people spoke different dialects and languages. In the streets or in the countryside, it was easy to identify where they lived and what their trade or station in life was just by their dress.
Dress codes have changed since then and the diversity by region, so rich at the time, has faded away. It is now hard to tell apart the inhabitants of different continents, let alone different towns or regions. Perhaps we have traded cultural diversity for a more varied personal life—certainly for a more varied and fast-paced technological life.
At a time when it is hard to tell one computer book from another, Manning celebrates the inventiveness and initiative of the computer business with book covers based on the rich diversity of regional life of two centuries ago, brought back to life by pictures from collections such as this one.