Principles of Self-Sovereign Identity


Summary

Self-sovereign identities are increasingly necessary in a world where large portions of our lives are intermediated by software systems. This post references ten principles that self-sovereign identities should have to be effecting at protecting human freedom.

Christopher Allen has a nice slide deck online, Identity on the Blockchain: Perils and Promise from his talk at Consensus 2016 Identity Workshop.

His discussion of self-sovereign identity and the principles he believe identity systems ought to possess start on slide 6:

There's tremendous power in the simple declaration that every human being is the original source of their identity. Think about your online identities. Chances are you don't control any of them. Someone else controls them and could, without recourse or appeal, take them from you.

This is, of course, untenable. As software intermediates more and more of our lives we must either gain control of our online identities or be prepared to surrender key rights and freedoms that we have taken for granted in the physical world.

In the principles, Chris lays out necessary attributes that a self-sovereign identity system must have to protect human freedom1:

  1. Existence People have an independent existence — they are never wholly digital
  2. Control People must control their identities, celebrity, or privacy as they prefer
  3. Access People must have access to their own data — no gatekeepers, nothing hidden
  4. Transparency Systems and algorithms must be open and transparent
  5. Persistence Identities must be long-lived — for as long as the user wishes
  6. Portability Information and services about identity must be transportable by the user
  7. Interoperability Identities should be as widely usable as possible; e.g. cross borders
  8. Consent People must freely agree to how their identity information will be used
  9. Minimization Disclosure of claims about an identity must be as few as possible
  10. Protection The rights of individual people must be protected against the powerful

I could quibble with some of the wording, but I think this is a pretty good list. Identity systems that support these principles are possible. And they would not just work with existing administrative systems (which no one is proposing would go away), but enhance them.

I know there are some people reading this and thinking of all the reasons it will never work. If you've got specific comments, questions, or critiques, feel free to use the annotation system on the right of the page to post them. Let's have a discussion.


  1. I've changed "user" to "people" in this list because Doc Searls long ago conditioned me associate it with "drug user" and I've never recovered.