The Time for Self-Sovereign Identity is Now: Case Studies in Open Standards for Decentralized Identity and Verifiable Claims
In 2016, Learning Machine collaborated with the MIT Media Lab to develop Blockcerts, an open standard for issuing and verifying credentials on the blockchain. The aim behind Blockcerts is to give recipients ownership of their official records so that they are freed from ongoing dependency on issuing institutions--or any centralized authority--to verify their own credentials and achievements. This not only affords recipients a maximally portable, private portfolio of their own records, but simultaneously helps issuing institutions prevent fraud and misrepresentation of official documents that they issue while allowing independent parties to instantly verify the authenticity and validity of records and credentials presented to them.
The Blockcerts standard was made open-source in 2016 so that any institution, vendor, or researcher can use it to build their own applications for issuing and verifying claims on the blockchain. The intent behind open-sourcing Blockcerts was twofold: 1) avoiding a standards war and 2) ensuring maximum portability of records by recipients and issuers (helping to avoid vendor or issuer lock-in). Since 2016, dozens of organizations and individuals around the world have begun building on the Blockcerts standard; Learning Machine has also developed enterprise software that is fully Blockcerts-compliant. During the summer of 2017, the first organizations issued blockchain credentials using the Learning Machine solution.
Blockcerts was designed to be identity-agnostic; that is, to take a claims-based approach to identity, which allows organizations and recipients to employ their preferred methods for identity management. However, the possibilities afforded by blockchain infrastructure for the development of identities that are truly self-sovereign cannot be ignored. Especially worrying in the current historical moment is the unstoppable intensification in data collection and transferability made possible by nation-states, industry leaders, and software providers. Regulating this momentum from a policy standpoint will have at best limited effects so long as the incentives for powerful actors are aligned toward maximum one-way transparency into the lives of citizens, employees, customers, and learners.
Any long-term solution to protect individual privacy and social agency must be technological and infrastructural, and that is precisely the opportunity now provided by the blockchain. Accordingly, Learning Machine has been actively contributing to technology standards organizations that are at the forefront of the movement toward self-sovereign identity—the Open Badges Initiative, the Web-of-Trust, and the W3C’s Credentials Community Group—to help define next-generation open standards for user-owned identity and claims.
This paper first outlines what has already been achieved in the path toward user-owned identity and claims and then looks toward the path ahead. We begin by describing the development of Blockcerts and its synchronization with the OBI standard; we then present case studies of some of the first Blockcerts-compliant blockchain credential issuance events. Next, we chart the initiatives that are still underway: the progress toward a truly decentralized identity management structure and the obstacles it faces, primarily from actors intent on capitalizing on the centralized control of identity. We discuss how the security imperatives of governments and other institutions can be fulfilled without compromising individual control of their own data. We discuss the amenability of Blockcerts toward self-sovereign identity solutions.
Finally, we conclude by stressing the urgency of digital self-sovereignty. Inasmuch as the blockchain affords, for the first time in history, the possibility of true individual ownership of their own data, it is a double-edged sword: it also opens the door for powerful actors to monitor and control the actions of human beings with unprecedented precision, at an unprecedented scale. If we want to avoid a future in which individuals are enslaved by smart contracts and decentralized autonomous organizations, we must build alternative possibilities now. Conservatism and inaction, including relying on legacy policy-based approaches to regulate technological development, are not options; the momentum is already in place, and innovation will respond to the incentives that are already at work.
The time for self-sovereign identity is now. This paper is a call for good-faith actors across the world to join in this initiative.