Non-Custodial Self Sovereign Identity: The “Radical” Notion That You Can Truly Own Your Info Online
Over the last several years, the Internet has become more central to the lives of individuals, with developers making protocols and standards that would create technologies that are more universal and scalable. However, looking at things from a security standpoint, the amount of trust we’ve placed on internet services with our information is a cause for grave concern. Your identity and everything tied to it is the most precious data you can possibly give away, and every service you give it to has its own way of handling it.
A surprising number of services store your personal information without any level of strong encryption or with improper key management, exposing you to risks that you might not know you’re taking.
Perhaps the best solution we have now thanks to the development of other “backbone” technologies is Self-Sovereign Identity (SSI), also referred to as Decentralized Identity. Although this may sound like yet another proprietary blockchain fad,
What Is Self-Sovereign Identity?
SSI is an implementation of blockchain technology that provides a user with a key pair that’s intrinsically linked with their real-world identity. This allows people to authenticate their personal information with a portal on the web without having to trust that portal with the management of the information itself.
Your passport number, for example, could be a part of this key pair authentication process, and the portal asking for it can simply authenticate you without having to store the number anywhere on-site. This way, you don’t leave your fingerprint everywhere on the Internet and you don’t have to trust that every portal you’ve shared that particular piece of information with is treating it with a respectable level of security.
The self-sovereign identity model is driven by empowering users on the web with consent, control, independent existence, interoperability, minimization of disclosure, portability, and transparency. Your identity is something you own, and it should be as detached as possible from data collection and storage.
SSI has three principal components:
- Decentralized Identifiers – An online identity that you can create, genuinely owned by you.
- Verifiable Credentials – Digital credentials that can be verified by a cryptographic handshake, removing all plain-text transmission.
- Supporting Actors – Agents and key management.
Traditional Models vs. SSI
The traditional model used in the majority of platforms across the world involves some level of database that stores the information either in plaintext or with some form of encryption.
Sometimes, these platforms will outsource the storage of sensitive data to an IAM (Identity and Access Management) provider, a kind of service that has been around for a very long time. For many, IAM represents a reliable way to gather data and store it in the hands of an entity that specializes with handling sensitive information tied to people’s personal identities.
Let’s look at the pros and cons of this kind of model:
- Some services can provide an extremely robust way to store personally identifiable information. The information is immediately reachable by the platform and can conveniently be drawn.
- Third-party connections aren’t necessary (barring regulations stipulating the need for them), making the platform capable of keeping a “closed circuit” that ensures that information flows quickly and users don’t experience things like longer load times during peak hours.
- It has the potential of minimizing costs as you only pay once for setting up a database as opposed to paying a subscription or query rate to a third-party service.
- Data breaches are more likely. As a platform evolves, certain parts that manage data could be neglected, leaving certain vulnerabilities open (sometimes for years!). It only takes one script kiddie with Metasploit to make life difficult for a large corporation that’s stretched thin with an underfunded IT department.
- A poorly planned data infrastructure can compromise your ability to deliver reliable service.
- Since you house the data, you also house the liability for it. This means you have to stay one step ahead of regulation. Remember the EU’s GDPR?
What Does SSI Offer, Then?
Imagine, for one moment, that your goal is to authenticate a user’s identity, but you don’t want to deal with the potential regulatory liability that puts you in legal limbo for ages. The ideal situation here would be not to store any personally identifiable information of your user, right?
This is exactly what SSI lets you do. Instead of storing the data, you can simply authenticate it from a trusted source. The SSI model involves the user placing their data into a system that “tokenizes” it, allowing other platforms to use that token to authenticate the veracity of the data rather than storing it themselves.
Going back to our original scenario, this model now lets you store the authentication token that represents how “true” the data is as opposed to storing the data itself. All the problems previously mentioned were solved in one go.
Let’s now explore the pros and cons of this particular model:
- End users retain complete control and ownership of their data, eliminating the concern of it leaking due to a data breach. A hacker breaching your database won’t find the data, but just proof that it exists and is authentic. It’s akin to stalking someone to their home only to find an image saying “Yep, this is a house” and no address number.
- This takes care of accidental or purposeful data collection for monetization.
- The data is universally accessible through a blockchain, meaning that all authenticable materials are still there even if the SSI provider’s own website is down for whatever reason.
- This is still a new technology, meaning some of the back end and protocols are still under development. That said, it must be noted that the backbone technology that everything sits on top of (blockchain) has its own track record as a mature technology that provides a reliable ledger.
- Pre-packaged implementations of authentication front-ends are not currently available, making early adopters have to make their own versions. There’s a lot of room for experimentation, however, as a vulnerability leading to a data breach is not as consequential in this context.
- The data on the blockchain is immutable, meaning that no platform can edit it in the traditional sense.
With every change in technology, there are trade-offs. SSI is no exception. There are always caveats you’ll have to live with, but we’re confident that with SSI the pros far outweigh the cons.
How NamaChain Is The Future of SSI
Namachain is a patented self-sovereign identity platform based on blockchain technology. It offers its users a verified and authenticated digital identity that’s reachable from anywhere in the world.
In essence, we provide a service that offers a greater level of convenience with no compromise on security, all while adding one more variable into the equation: Ownership!
Users now have complete authority over their own data, making them more capable of deciding who gets to access it. It’s the only non-custodial solution that also offers KYC/AML services for its users.
The NamaChain identity gateway offers:
- Portability – We empower people to use their identities on different platforms, from different devices, and in different contexts without having to adapt the way they use the Internet.
- KYC/AML – Authenticating PII for compliance with KYC/AML regulations can be done easily by interacting with NamaChain as opposed to having to implement custom infrastructure for this purpose.
- SSO & Identity Management – Users can manage their passwords and other credentials on the web through our platform for their online/offline identities, wallets, applications, and IoT devices.
- Data Sharing:
- When completing KYC authentication, all parties can see it passed without having to gain access to the data itself.
- Users can authorize sharing small parts of their personal data if they so desire, but also revoke a platform’s access to it if they no longer deem it worthwhile (i.e., passport data for visa application).
- We’re also working on ways for companies to use the Nama Identity Gateway for managing their own data exchanges in their relationships with suppliers, employees, and customers.
- Nama Key – Users will be protected by our patented algorithm that ensures that no individual’s private key is stored anywhere.
- Single Identity – End users will have an identity that can be used universally for everything.
- Global Compliance – Governments, service providers, corporations and other organizations using NamaChain solutions don’t have to worry about regulatory compliance issues regarding the storage of personally identifiable information.
- Extreme Scalability – To take care of the needs of billions of people around the world, we need to be capable of catching up to the demand that arises with the growth we foster. That’s why our platform supports up to 50K transactions per second.
Self-sovereign identity has the potential to be a harbinger of a new era of personal ownership of oneself on the Internet. However, as much as this sounds great on paper, we hope we’ve made it clear that there are challenges to wider adoption that could present roadblocks for many organizations that attempt to implement this technology.
Our hope is that through our presentation, we’ve convinced you that NamaChain is poised to take the torch of leadership and guide the future of decentralized personal identity ownership. The Nama Identity Gateway is in a ripe position to connect regions, businesses, citizens, and governments that want to contribute to the global economy.
The second decade of the 21st century has primarily been about the fight between users concerned about their privacy and the corporations collecting their data. NamaChain can end this fight, holding a banner that reads, “Let freedom ring!”
Blockchain has the potential to disrupt almost every industry, redefining our relationship and reliance on technology through decentralization, improved security and better compliance.
The SSO password manager upholds one key IT security principle – the use of strong passwords. At the same time, it breaks another – relying on a single password for access creates a potential single point of failure.
Self-sovereign identity empowers the idea of decentralization in Web3 by giving users the power to exclusively own their digital identity and have absolute right over its sharing in a much more secure way.