Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Editorials on intro introduction, removed SSI #373

Merged
merged 1 commit into from
Jul 31, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 12 additions & 23 deletions docs/en/ssi-introduction.rst
Original file line number Diff line number Diff line change
Expand Up @@ -2,40 +2,29 @@

.. _ssi-introduction.rst:

Self Sovereign Identity
+++++++++++++++++++++++
The Digital Identity Wallet Paradigm
++++++++++++++++++++++++++++++++++++

Introduction to SSI
-------------------

**Definition**

Self-Sovereign Identity (SSI) refers to a new paradigm in Identity and Access Management (IAM) that improves the privacy and grants complete control and ownership over the personal data by their owner, the citizens.
The Digital Identity Wallet Paradigm refers to a new architecture in Identity and Access Management (IAM) that improves the privacy and grants complete control and ownership over the personal data by their owner, the Users.
Users possess their digital documents and determine to which actors they present these documents, with the ability to revoke the use of said documents, all while maintaining a history of their activities.

The main difference between this new approach and the traditional IAM infrastructure is that during the presentation phase there are no intermediates between the Wallet (Holder of the credentials) and the Relying Party, while in the SAML2 or OIDC based infrastructure an Identity Provider is always involved, knowing which services a citizen is accessing to.
The main difference between this new approach and the traditional IAM infrastructure is that during the presentation phase there are no intermediaries between the Wallet and the Relying Party, while in the SAML2 or OIDC based infrastructure an Identity Provider is always involved, knowing which services a citizen is accessing to.

SSI is also significant in the field of data exchange and data governance. This is relevant at both national and European levels, including the new eIDAS Regulation. In fact, it envisions a login option designed for European Users - be they citizens, public administrations, or companies - who want to access another Member State's services using their national authentication systems.

The main roles in an SSI ecosystem are are listed as follow:
The main roles in an Wallet ecosystem are are listed as follow:

- Issuers: parties who can issue digital credentials about a person;
- verifiers: parties who request Holders' digital credentials for authentication and authorization purposes;
- Verifiers: parties who request Holders' digital credentials for authentication and authorization purposes;
- Holders: individuals who own a Wallet and have control over the digital credentials they can request, acquire, store, and present to verifiers;
- Verifiable Data Registries: Authorities that publish certificates, attestations, metadata, and schemes needed for allowing the trust establishment between the parties.

In the SSI model, the data source (e.g., an educational institution) provides digital credentials to the User, who can store them in their digital Wallet.
A secure Self-Sovereign Identity Wallet is crucial, as it allows people to carry their credentials on their personal digital devices. The Wallet typically comes in the form of an application on the User's mobile phone. Portability is, therefore, one of the principles of SSI.
In this model, the credential Issuer (e.g., an educational institution) provides digital credentials to the User, who can store them in their digital Wallet.
The Wallet typically comes in the form of an application on the User's mobile phone.

Other key elements that characterize an SSI system include:

- **Privacy and control**: SSI enables individuals to maintain control over their personal data. They can choose what information to release, to whom, and for what purpose;
- **Security**: SSI leverages advanced cryptographic techniques to ensure the integrity and security of identity information. It avoids the risk of identity theft, fraud, and unauthorized access since the data remains under the individual's control;
- **Interoperability**: SSI promotes interoperability by enabling different systems and organizations to recognize and verify identities without relying on a central authority. This allows for seamless and trusted interactions between individuals, organizations, and even across borders;
- **Efficiency and cost reduction**: individuals can manage their own identities with SSI, eliminating the need for multiple identity credentials and repetitive identity verification processes. This can streamline administrative procedures, reduce costs, and enhance the user experience.

**Example**

When a User wants to purchase a good or access to a service, the service provider asks the User for authentication or for a specific proof. Instead of presenting physical identification documents or disclosing their full data, the individual can use their SSI system if supported by the service provider.
An example of SSI in action could be a scenario where an individual needs to prove their age to access a restricted service, such as purchasing age-restricted items. They would release only the necessary information, such as a digitally signed proof of being above the legal age, without revealing any other personal details. The verifier can then cryptographically validate the proof.

- **Privacy and control**: Wallets enable individuals to maintain control over their personal data. They can choose what information to release, to whom, and for what purpose;
- **Security**: Wallets leverage cryptographic mechanism to ensure the integrity and security of identity information. It avoids the risk of identity theft, fraud, and unauthorized access since the data remains under the individual's control;
- **Interoperability**: Wallets promote interoperability by enabling different systems and organizations to recognize and verify identities without relying on a central authority. This allows for seamless and trusted interactions between individuals, organizations, and even across borders;
- **Efficiency and cost reduction**: individuals can manage their own identities, eliminating the need for multiple identity credentials and repetitive identity verification processes. This can streamline administrative procedures, reduce costs, and enhance the user experience.
Loading