It can be challenging to decide if a Digital Identity system is a Self-Sovereign Identity (SSI) system or a central Digital Identity system. The question “Am I a SSI system?” can be tricky to answer.
Providers claiming their solution is SSI based, and of course use Blockchain – never let go a buzzword. The claim cannot be proofed, there is no assessment framework and no standard definition for a SSI system.
Even if a solution is based on “SSI” open source frameworks like Hyperledger Indy, it is not said that it is a SSI system. A single “short cut” in the implementation and all self-sovereignty is gone. SSI principles can be weakened because of technology limitations or process requirements. And sometimes claimed SSI solutions are not even close to SSI or even Identity.
A simple, yes it is SSI, is not enough. There are blurry lines and differences in implementations. The answer, NO it is not a SSI solution, is easier because there are certain KO criteria’s.
So how you can make an assessment? The question is bothering me for some month.
27 characteristics of SSI systems
On the base of the work of Cameron “Laws of Identity”, Christopher Allen “10 principles of SSI”, Satybaldy “SSI evaluation framework” and Naik and Jenkins “Governing Principles” I defined 27 SSI characteristics. Each one has a certain importance to SSI.
The 27 characteristics in the table below are the base for further work. If you have critics, comments or input. Please reach out.
- Work on the characteristic, define them and design a basic evaluation matrix
- Define a formula for a SSI score
- Define KO criterias
- Work on a generic SSI architecture
I am aware that the mapping includes duplications, blurry lines, and precise mapping was not possible every time and can be discussed. These inaccuracies cannot be avoided and are excepted.
|#||“Laws of Identity”||“10 principles of SSI”||“SSI eval. framew.”||“Governing principles”||CHARACTERISTICS|
|1||1. User Control and Consent||2. Control||1. Sovereignty|
3. Data Access Control
4. Data Storage Control
|2||2. Minimal Disclosure for a Constrained Use||9. Minimization||11. Privacy||Minimal Disclosure|
|3||3. Justifiable Parties||1. Existence|
|6. Decentralized||Concerned Parties – no middleman|
|4||4. Directed Identity||Correlation|
|5||5. Pluralism of Operators and Technologies||7. Interoperability||13. Flexibility|
|6||6. Human Integration||8. Consent||Consent|
|7||7. Consistent Experience Across Contexts||Usability||Usability|
|8||3. Justifiable Parties||1. Existence||2. Existence of a User||Existence|
|9||3. Justifiable Parties||3. Access||14. Accessibility||Access|
|10||3. Justifiable Parties||4. Transparency||16. Transparency||Transparency|
|14||5. Longevity||Long living|
|16||8. Recovery||Backup / Recovery|
|17||9. Cost Free||Free|
|18||10. Security||Storage Security|
|19||10. Security||Communication Security|