Am I a Self-Sovereign Identity system?

It can be challenging to decide if a Digital Identity system is a Self-Sovereign Identity (SSI) system or a central Digital Identity system. The question “Am I a SSI system?” can be tricky to answer.

Providers claiming their solution is SSI based, and of course use Blockchain – never let go a buzzword. The claim cannot be proofed, there is no assessment framework and no standard definition for a SSI system.

Even if a solution is based on “SSI” open source frameworks like Hyperledger Indy, it is not said that it is a SSI system. A single “short cut” in the implementation and all self-sovereignty is gone. SSI principles can be weakened because of technology limitations or process requirements. And sometimes claimed SSI solutions are not even close to SSI or even Identity.

A simple, yes it is SSI, is not enough. There are blurry lines and differences in implementations. The answer, NO it is not a SSI solution, is easier because there are certain KO criteria’s.

So how you can make an assessment? The question is bothering me for some month.

27 characteristics of SSI systems

On the base of the work of Cameron “Laws of Identity”, Christopher Allen “10 principles of SSI”, Satybaldy “SSI evaluation framework” and Naik and Jenkins “Governing Principles” I defined 27 SSI characteristics. Each one has a certain importance to SSI.

The 27 characteristics in the table below are the base for further work. If you have critics, comments or input. Please reach out.

Whats next?

  • Work on the characteristic, define them and design a basic evaluation matrix
  • Define a formula for a SSI score
  • Define KO criterias
  • Work on a generic SSI architecture

I am aware that the mapping includes duplications, blurry lines, and precise mapping was not possible every time and can be discussed. These inaccuracies cannot be avoided and are excepted.

#“Laws of Identity” “10 principles of SSI”“SSI eval. framew.”“Governing principles” CHARACTERISTICS
11. User Control and Consent2. Control 1. Sovereignty
3. Data Access Control
4. Data Storage Control
Control
22. Minimal Disclosure for a Constrained Use9. Minimization 11. PrivacyMinimal Disclosure
33. Justifiable Parties1. Existence
3. Access
4. Transparency
 6. DecentralizedConcerned Parties – no middleman
44. Directed Identity   Correlation
55. Pluralism of Operators and Technologies7. Interoperability 13. Flexibility
17. Portability
18. Interoperability
Interoperability
66. Human Integration8. Consent  Consent
77. Consistent Experience Across Contexts Usability Usability
83. Justifiable Parties1. Existence 2. Existence of a UserExistence
93. Justifiable Parties3. Access 14. AccessibilityAccess
103. Justifiable Parties4. Transparency 16. TransparencyTransparency
11 5. Persistence  Persistence
12 6. Portability  Portability
13 10. Protection  Protection
14   5. LongevityLong living
15   7. VerifiabilityVerifiable
16   8. RecoveryBackup / Recovery
17   9. Cost FreeFree
18   10. SecurityStorage Security
19   10. SecurityCommunication Security
20   12. SafeguardSafeguard
21   15. AvailabilityAvailability
22   19. ScalabilityScalability
23   20. SustainabilitySustainability
24    Open Source
25    Traceability
26    Link-ability
27    Mobility