Building an operating network takes more than protocols or even code. It requires aligning the efforts of people to get a hard thing done. We created the Sovrin Foundation to foster a thriving ecosystem for an identity metasystem.
A few weeks ago Andy Tobin posted an excellent piece on the Three Pillars of Self-Sovereign Identity:
- Secure connections
- Digital data “watermarking”1
- A trusted, tamper-proof public key directory
I encourage you to pop over and read it to understand the technical underpinnings of SSI. The point Andy is making is that all of these are necessary for a functioning SSI system. I hear far too many people saying that decentralized identifiers (DIDs) are all you need. That's like saying the Web is all about HTML, ignoring HTTP and URLs.
But, a functional identity metasystem needs more than just technical standards. We often hear that the internet is a product of standards, and while that's true, it also only exists because people strung cable, wrote code, created rules, built organizations, and formed alliances. SSI has similar needs and meeting them won't happen just because we define nice protocols and write some open source code. I wrote about this earlier in a piece on Decentralization and Coherence.
Social systems that are enduring, scalable, and generative require coherence among participants. Coherence allows us to manage complexity. Coherence is necessary for any group of people to cooperate. The coherence necessary to create the Internet came in part from standards, but more from the actions of people who created organizations, established those standards, ran services, and set up exchange points.
A functioning network for an identity metasystem is a social system, and building it requires a means of building coherence to align the actions of people and organizations. We created the Sovrin Foundation to do that. Over time its role may change, but right now, there are important tasks that must be done to create coherence.
Building a functional SSI network requires that, in addition to the technical standards, we work on several core areas: governance, community, operations, and adoption.
In a blog post on recent revisions to the Sovrin Governance Framework, I wrote:
Others in the blockchain space might wonder why Sovrin spends so much time, energy, and money complying with regulations. It's not just about various actors in the system being risk averse. An identity system that you can't use everywhere is just a different technology implementation of what we have now with Login with Apple (or Amazon or Google or Facebook or...). Credential issuers and credential verifiers of all stripes, including banks, governments, educational institutions, etc, must be comfortable with using Sovrin for it to gain universal adoption as an identity metasystem. These institutions will avoid using any system that is perceived as rogue or otherwise non-compliant
If the Sovrin community is not aiming to build a universal, interoperable system, then we're just building another silo that perpetuates all the problems with the existing silos: inflexibility, insecurity, and inconvenience.
Governance is critical to universal interoperability in an identity metasystem because all participants must be able to make their own decisions about who and what to trust. Governance gives assurances by providing process and accountability. As this Hackernoon article from Agata Slater says:
The hard part [of bootstrapping SSI] is setting up the governance and collaboration model that will ensure that the federation is reliable, secure, and affords appropriate data protection.
In particular, trust, the reason for an identity metasystem, can't exist without credential fidelity and provenance. And those require governance.
The Sovrin community is the heart of what makes the identity metasystem work and is composed of identity owners, developers, Stewards, businesses, and other organizations, all acting in multiple roles, such as credential issuers, holders, and verifiers, and with varied interests, business models, compliance requirements, and geographic representation.
Developer involvement is one of the keys to a thriving identity metasystem. As I said earlier, standards are essential, but you need code to bring them to life. Interoperability requires more than standards. It needs a strong community of developers collaborating to ensure their solutions work together. Developer communities, like any other social system need coherence. Look at successful open source projects like the Linux Kernel, React, or Homebrew and you'll find a tribe, institution, market, or network, depending on scope and scale who served as the backbone of its global adoption.
Sovrin Foundation supports developers around the world in the Hyperledger Aries, Indy, and Ursa projects. This support includes project coordination and organization, training on the code bases so developers can come up to speed quickly, and bringing together the various groups as we did in the recent Aries Connectathon.
Another important community is comprised of the organizations who use Sovrin to build identity systems for their specific needs. While using a verifiable credential within a single industry vertical is a significant step forward, we believe the real benefit of an identity metasystem is when you can present a credential from your bank to a car dealership. Sovrin-based identity systems will open a world of possibilities that are only dreams today. The Foundation works to bring participants together in community-lead meetings, and through working groups where participants can solve problems together. The Sovrin Alliance is an important part of this effort.
The foundational layer of the Sovrin Network is a ledger for storing DIDs, credential definitions, and other important artifacts, that everyone needs for making trust decisions. Validation on the Sovrin ledger is based on a known set of nodes run by the Stewards. To operate the nodes on the Sovrin Network, the Sovrin Stewards use the open source code housed in the Hyperledger Indy project. They run code produced by the Hyperledger Indy project.
Some of the key operational functions of the Sovrin Foundation are coordinating code releases and supporting Stewards. The Foundation Ops Team monitors the nodes which run the Sovrin Network to ensure they operate in accordance with the Governance Framework and the network meets important requirements, like censorship resistance.
Sovrin Stewards are organizations approved by the Trustees to operate a node to maintain the Sovrin Ledger. The ledger is permissioned, meaning that the nodes are run by organizations known to the Foundation and in accordance with the Governance Framework. Stewards must contractually agree to the Sovrin Steward Agreement and Steward Data Processing Agreement with the Sovrin Foundation. These agreements commit them to terms and conditions relating to confidentiality, intellectual property, and data privacy, among others. The nodes run an RBFT consensus algorithm called Plenum to come to agreement on the content of the ledger. Stewards can include for-profit and not-for-profit entities as well as governments or anyone else who abides by the Sovrin Governance Transaction Author and Transaction Endorser agreements who wants to write transactions to the Sovrin Ledger.
Three ledgers are in operation now: the
mainnet for production use, a
buildernet for testing, and the
stagingnet for non-production use that requires more performance stability than the
buildernet offers. Depending on the needs of the Sovrin community, there could be other ledgers in the future.
Because Sovrin is a permissioned network, validator nodes are chosen for each of these ledgers according to a node selection algorithm defined by Sovrin's Technical Governance Board. The Foundation provides staff to monitor node selection, coordinate communications with Stewards, Transaction Endorsers, and Transaction Authors, and ensure the network is technically strong and operating in accordance with Sovrin governance agreements.
Advocacy, Evangelism, and Adoption
The fourth key function of the Sovrin Foundation is evangelizing self-sovereign identity and bringing people and organizations together to spur adoption. The Foundation achieves this using a three-pronged approach.
- First, we focus on building awareness of and affinity for self-sovereign identity. Sovrin Foundation is a non-profit, open-source project formed to advance the development and adoption of tools, products, and services that are aligned with the Sovrin Governance Framework. We believe having a trusted leader in decentralized identity space sets the Sovrin ecosystem apart from other SSI community efforts.
- As many organizations actively contribute and participate in the Sovrin ecosystem, we also channel marketing efforts around the individual projects and their own respective value propositions, bringing awareness to specific features and communities.
- Finally, Sovrin Foundation works to highlight, promote and bring awareness to individual use cases and what they are providing their customers. Our aim is to connect all parts of this new evolving ecosystem to grow the adoption, and widespread use of self-sovereign identity and the Sovrin Network.
Our efforts include:
Advocacy: The are numerous organizations, groups, and efforts around the world working on SSI. Some of these are formal standards bodies, policy, and advocacy organizations. Some are community organizations with specific purposes. Sovrin Foundation facilitates the participation of staff and volunteers in these efforts to guide SSI developments in ways that are consistent with the principles that are part of the Governance Framework.
Sovrin Blog: The Sovrin Foundation blog is read by thousands and provides an opportunity to broadcast the latest news and views to a wide audience beyond the core ecosystem participants. Selected content may include summaries of important updates, both Governance and Technical, but it may also include stories about events, use cases, industry insights, and other topics that may be of interest to the community.
Community Events: In 2019, the Sovrin Foundation participated in nearly 60 events around the world. Employees, volunteers, and active members of the Sovrin Ecosystem traveled great distances at great expense to promote, educate, and participate in conferences, workshops, working groups, meetings, and speaking engagements.
Marketing & PR Channels: The monthly Sovrin Newsletter will celebrate its two year anniversary in 2020, never missing an issue. The newsletter provides a regular recap of news, events, profiles, and announcements from around the Sovrin Community. Along with the social media channels, Rocket.chat, and forums, Sovrin works diligently to keep the lines of communication open between the employees, volunteers, and community.
Analyst Relations: Industry reports from third parties is a vital part of the Sovrin Foundation community engagement strategy. In 2019, Sovrin communicated with industry analysts (also known as research analysts) from six of the top independent research and consulting firms. These inquiries resulted in multiple mentions and positive attention in key industry reports on self-sovereign identity, decentralized identity, and blockchain.
Trademark & Brand: Adhering to the strong brand guidelines of the Sovrin Foundation offers an important as a trust signal to people using the Sovrin Network. A strong brand also helps avoid market confusion and serves to align the fast-growing community to reap optimal benefits when discussing association with Sovrin. The Sovrin Foundation has registered Sovrin® as a trademark in the United States and other countries to help with this effort.
Membership: There are many ways to be part of the Sovrin community. As more organizations find their way to Sovrin and self-sovereign identity, Sovrin Foundation makes every effort to onboard these groups to participate in the Sovrin Foundation as members of the Sovrin Alliance, Stewards, volunteers, and as open source contributors. Stay tuned in 2020 for more information spotlighting each of these important groups and how you too can be “Sovrin.”
In the Coherence and Decentralization post I referenced earlier, I talk about the four ways humans build consensus: tribes, institutions, markets, and networks. Sovrin Network's tribal days are past, but we still employ each of the other three methods in bringing people together and building a successful and functioning network.
Over time, the Foundation's role will moderate as more and more of the coherence is created through markets and the network itself. However, we must not underestimate the value of community leadership, guidance, and administration of network governance policies, especially as we bootstrap a thriving community. Without the Foundation as an objective and independent entity, there is much greater potential for mis-use, abuse, and strong-arm tactics that can remove the democratization of the underlying technology. There are no shortage of examples in the recent history of the digital economy that point to the need for objective governance that can ensure access to resources that can truly move self-sovereign identity to the world on a one-to-one basis so that is not controlled by a few large-scale players. There will always be a role for the Foundation that has the mission of ensuring that this technology truly provides “Identity for All” with equal and affordable access and opportunity for everyone.
- By "watermarking", Andy is referring to the verifiable credentials standard and Hyperledger Aries credential exchange protocol.
Photo Credit: The restored Stoa of Attalos in Athens from Adam Carr (CC0)