The Obyte Guide to Self-Sovereign Identity

Identifying oneself globally can be challenging, even with government-issued IDs like passports, licenses, and birth certificates. This limitation is especially evident in the digital realm, where personal data can be easily exposed without proper management.

Self-sovereign identity models emerged to address this issue, allowing individuals to own, control, and selectively share their data. Unfortunately, current identity management practices are still dominated by third-party entities, even online.

In this article, we will explore these issues in greater detail.

What is “Identity”?

Of course, we need to define this complicated thing a little. Identity is, undoubtedly, a very complex concept —but we’re not here to philosophize. You can define “identity” as you want to, on an intellectual, spiritual, or moral level.

Beyond the metaphysical issues, an identity is a vital tool in our society. Everyone needs an “official” identity these days. Some kind of verification that assures they are who they say they are, or their data is what they say it is. 

Without this verification, a lot of doors would be closed to you. From education and transportation to jobs and financial services, almost everyone will ask you to identify (verify) yourself before providing you with anything.

This also happens on websites, where you should register at least with a nickname and/or email. If it’s a sensitive site, they could ask for your age as well, with official proof —usually, your government-issued ID card.

This way, an identity is formed by a lot of personal fragments. As the crypto analyst Alex Preukschat stated:

“From a functional point of view, identity can be the sum of attributes associated with a person (age, height, birth date, biometrics, etc.), attributes accumulated over time (medical information, preferences, communication metadata, etc.), and designated attributes (telephone number, email, Passport numbers, etc.), but we can go beyond people and also talk about legal identities, identities of devices or assets which are often linked to human identity.”

Those numerous factors could become numerous “identities” too. You can be John Doe for your government, but maybe you’re only “Carl” in your local bar, and “Daniel” on Facebook. Perhaps you’re also “C-Doe” on Medium and “awesomeuser2” on Reddit. Unifying those identity pieces could be really hard, but also very convenient in most cases (if we keep the privacy untouched). 

Types of digital identity systems

“The path to Self-Sovereign Identity” by the technologist Christopher Allen is a great start to understanding this concept and exploring a bit of history about identity on the Internet. As he described back then, we can divide that history into four phases or eras, depending on who’s behind the ultimate control of that identity. 

The first phase was centralized. A single authority or hierarchy, like the Internet Corporation for Assigned Names and Numbers (ICANN), verified the identity of websites and IP addresses on its own. For their part, every website registered its users independently from each other. Very soon, this kind of authority was split into a federation (phase two), formed by several companies/organizations handling a more interoperable identity for users —to access several sites with the same “digital passport.”

Microsoft Passport (now Microsoft account) was first offered as an identity federation. The issue is that the company itself is at the center of that federation.

Phase three is the user-centric identity. It’s focused on user consent and interoperability without requiring a federation behind it. However, the user isn’t in complete control either. An example is the OpenID service. It works to login into numerous websites, and it’s theoretically decentralized. But you’ll always need an external provider (like Google or Microsoft), who’s in ultimate control of the data. 

Self-sovereign identity is phase four. With this model, anyone would be able to have definitive power over their own data across any number of authorities. It wouldn’t matter if Google, Microsoft, or any other company's system fails or suffers massive data breaches.

Your information would be safe under your own control, and only you can decide what to share and what not to share. This time, it’s truly decentralized, because it’s based on a decentralized platform (like a Distributed Ledger).

Self-sovereign identity features

Just like it sounds, a self-sovereign identity must be completely handled by its owner. It should be widely usable and built by those numerous “personal fragments” that make up an individual —age, biometrics, nicknames, emails, etc. Allen also mentioned ten principles to make it really “self-sovereign”. We can sum up these attributes a bit.

1. Existence: an identity isn’t a person, just a representation of it. So, this person must “exist” beyond that identity.

2. Control: users should always be able to modify, share, or hide anything about their identity.

3. Access: an individual shouldn’t need any external permission to access their own data. There must be nothing hidden or locked for them about their own identity.

4. Transparency: the systems and algorithms behind a digital identity platform must be open-source and/or clearly publish their inner workings.

5. Persistence: the identity must last as the user wants to, or until it needs to be updated. 

6. Portability: since users should have full control and access to their identity, this one must be transportable everywhere. Centralization around external third parties must be eliminated.

7. Interoperability:  a single identity must be valid and accepted everywhere. 

8. Consent: the user must always give its permission to use and/or check their identity.

9. Minimization: disclosed data should be as little as possible. For example, if only the age is required, the user must be able to share only that number and nothing else. 

10. Protection: the rights of the user must always be protected against centralized parties. Independent, decentralized, and censorship-resistant systems are needed for that. 

Obyte attestations

Anyone can create their own self-sovereign identity/verified data on Obyte. The identity is completely decentralized since the information is stored in the user’s personal wallet —only accessible and controlled by themselves. We call this function “attestation”, and it could also work to access several applications in the Obyte ecosystem. 

You can verify your real name, your email, your GitHub account, your status as an accredited investor, and more. The only thing you’ll need is your personal Obyte wallet and a verified attestor. They’re individuals, businesses, or even bots trusted by both the user and whoever needs to verify them.

By using the built-in chat in the wallet, you can add your own attestor or an attestation bot to your contacts. For example, here we have a chat with our Real-name attestation bot:

“Your real name and other personal information (date of birth, document number, country, etc) will be saved privately in your wallet, only a proof of attestation will be posted publicly on the distributed ledger [Obyte]. The very fact of being attested may give you access to some services or tokens, even without disclosing your real name. Some apps may request you to reveal some of the fields of your attested profile, you choose what to reveal and to which app.”

In this case, the attestation fee ranges from $0.50 to $8, depending on the providers offered by the bot. This fee is refundable for the first attestation. Additionally, a reward of $8 is offered as well, spendable after a year, and locked in a smart contract. Once the data is attested (verified), it’ll stay like that forever on the DAG, independently from the original attestor.

Some attestation’s use cases

• After attesting your real name, age, and birth date with your government-issued ID, you could share only parts of it with digital apps. For example, if they only need your age, that’s the only thing you’ll share. 

• With the same real name attestation, you can also verify your nationality. If you want to access investment opportunities like Initial Coin Offerings (ICOs), not available for certain countries, you could prove that you’re not from there, without revealing anything else. 

• If you attest your email, then anyone can send you funds just with it from an Obyte wallet.

• Only accredited investors can participate in Security Token Offerings (STOs). An attestation could verify that you’re one, sharing just that verification.

• If you attest your GitHub account, you can receive payments from an Obyte wallet (like an attested email). Additionally, only attested GitHub accounts can receive cascading donations from Kivach. 

• By attesting any kind of personal data, you can offer more trust to business partners, service providers, users, and the community; without revealing too much about yourself or your operations. 

If you’re ready to own a decentralized self-sovereign identity, start now with an Obyte wallet!

Featured vector image by storyset / Freepik