CfC: Requirements for Self Sovereign Identity

Main complaints around Self-Sovereign Identity fiasco that I have is that it is at best “Self-sovereign Identifier”. You will see it if you read the W3C community group draft.

When we define “identity” as “set of attributes related to an entity”, just being able to claim a “name/nym” as one’s own is not enough. To be useful, it has to help the person to re-establish him/herself at the time when they were forced to be in exile. For it, it is very important to prove that they had a certain track record and qualifications/attributes.

Also, some claims that SSID’s characteristics as:

‘Self-Sovereign Identity’ (SSID) assumes an Individual has control over their identity, where the data is decentralized, and where an individual exerts that control by providing consent to share their data in order to access services

but that’s just a “User-centric Identity”. SSID should go much farther than that.

So, here is a starting point.

A self-sovereign identity system shall allow the PII principal

  1. that the Identity (set of data related to the entity) needs to be provable as attested at the time of attestation and cannot be taken away;
  2. to identify himself that he is the PII principal that the identity relates to;

This blog post is a call for contribution (CfC) for the discussion around it.

You can use the comments to this post for discussion, or if you want more privacy 1, I have a closed facebook2 group called “Self-sovereign identity research group” so you can join it and discuss there.

Footnotes

  1. it can actually get quite political easily from some people’s point of view
  2. well, I agree why facebook but I cannot access Slack etc. from my corporate network. Facebook, Twitter, and G+ are pretty much the only social network I can get access during office hours.