Picture above: SSI workshop at Decentralized Web Summit 2018, San Francisco Mint, (left to right) Kim Duffy, Christopher Allen, Jonathan Holt, Daniel Buchner, Christian Lundquist, Markus Sabadello, Eugeniu Rusu, Rouven Heck.
At this point, we know what self-sovereign identity (SSI) is, but where does it come from? A short timeline highlights just how quickly SSI has developed. It underlines the path and development of the evolution of Internet Identity. From a centralized to a federated to a user-centric identity, the self-sovereign identity is seen as the most recent and urgently needed step in this evolution. It is independent from any individual silo, and provides three essential elements: individual control, security, and full portability.
The source goes back to the 1990s
Christopher Allan estimates the birth of SSI in the early 90s (cf. Allan 2016). In 1991, PGP mentions a first hint towards what could become a self-sovereign identity when introducing a ‘Web of Trust’. This was an example of a decentralized trust management, but focusing only on email addresses. Therefore, PGP can be seen as one of the first to highlight a different way, in which identity can be supported by peers instead of centralized authorities. As another early thought, Allan recognizes a paper by Carl Ellison that examined how digital identity was created, published in 1996 (‘Establishing Identity without Certification Authority’). Ellison’s main argument highlighted that there was a need for a method of establishing identity without using certificates from trusted certification authorities (Ellison 1996).
These early approaches could mark the beginning, but it is safe to say that SSI really took off in the 21st century, along with the development and further spread of the internet.
Since then, things have changed of course. Essentially, Sovereign is really about the individual being able to control what happens to stuff others (trusted parties) say about them. The community as a whole does not rely on web of trust infrastructure anymore for SSI, but rather connects the SSI technology with the existing trusted certification authorities (ie. the state).
Taking off: SSI in the 21st century
In 2000, the Augmented Social Network provided the groundwork for a new digital identity. Their most significant advance was ‘the assumption that every individual ought to have the right to control his or her own online identity’ (Jordan 2003).
One major contribution, paving the way for the SSI development, is the Internet Identity Workshop, which started back in 2001 and introduced on a new term: user-centric identity. It is interesting to notice that the term of self-sovereign identity itself only came into increased use in the late 2010s. At Jolocom, we used the term ‘autonomous identity’ before SSI picked up. One of the first references is Devon Loffreto’s blog post back in 2012, where he wrote about ‘Sovereign Source Authority’ (Loffreto 2012).
Five years later, Phil Windley described self-sovereign identity as an ‘Internet for identity’ (Windley 2012). He highlights three major virtues of such: no one owns it, everyone can use it, and anyone can improve it. Ever since, SSI has grown into an ecosystem aiming to put users in control over their own personal information and data. Identity management can be expected to become increasingly significant due to the rise in digital interactions. Already, self-sovereign identity is becoming a large industry.
The late 2010s
A year to remember is 2018. Back then, the emerging SSI community agreed on a high level definition of the term SSI in the Identity Position Paper by Bundesblock for the first time. INATBA’s position paper ‘What’s at stake’ in 2020 built on exactly this foundation and furthermore highlighted possible development scenarios for SSI. These efforts helped to make SSI a priority in the digitalization process within Germany and the EU. In Germany specifically, the SDI (secure digital identities) projects are a significant effort to start an SSI ecosystem.
On a European level, developments towards an SSI friendly legal framework were proposed by the European Commission in June 2020. The initial examples of successful SSI pilots and projects across EU member states and the international momentum on the topic have found their way into the proposal for an updated eIDAS (electronic Identification, Authentiction and trust Services) regulation. This proposal It is currently being debated by the European Council and the European Parliament and foresees a introduction of European Digital Identity Wallets for all European citizens. The proposed regulation is taking inspiration from self-sovereing identity principles and is a great chance for Europe. It’s main potetnial lies in the provision of a legally binding Trust Framwork, as well as associated Technical Specifications for a coherent technical infrastructure. As a result, if the European Commission has its way, all public services should be available online by 2030 and 80 percent of EU citizens should use an eID solution.
We have been contributing to this process on a German, European and Global level in different capacities of the past years as Jolocom and will do our best to ensure that our vision for an open- and decentralized infrastructure will be achieved.
To find out where we stand, read about Jolocom here: https://jolocom.io/