Facebook will be punished for enabling identity theft, but the takeaway is this: no government or business can guarantee it won’t spill our data across the internet. Enter self-sovereign identity where individuals control access to their personal information. IBM announcing it is a founding Steward of the Sovrin Network will give self-sovereign identity and the Sovrin Network a huge boost:
“The Sovrin Foundation, a private-sector international non-profit, and IBM (NYSE: IBM) today announced the addition of IBM as a founding Steward of the Sovrin Network. As a Steward, IBM will collaborate with other Sovrin Stewards to create, operate and maintain the foundation’s decentralized digital identity network.
The foundation operates as a global public utility designed to provide permanent, private and trustworthy identity for every entity on the Internet. Along with other Stewards, IBM will dedicate hardware, security and network capacity to assist in the operation of this self-sovereign identity network which uses distributed ledger technology, or blockchain, to enable the secure exchange of cryptographically-signed credentials to prove the digital identity information in the identity owner’s possession.
In a digital economy, individuals and businesses need to establish secure, private and trusted transactions. However, the current centralized identity system is flawed. In 2017, more than 2.9 billion records were compromised from various security incidents across industries.* These damaging and costly security breaches are a consequence of the Internet being developed without a true identity layer. To address this infrastructure flaw, the Sovrin Network was purpose-built to add the missing identity layer to the Internet and provides a complete approach to identity from the distributed ledger to device, making secure and private self-sovereign digital identity possible for the first time in history.
“The Sovrin technology is poised to change the nature of identity interactions for untold millions of people, organizations and connected devices,” said Dr. Phil Windley, chair of the Sovrin Foundation. “IBM’s position as a leader in blockchain technology and their commitment to supporting and solving the problem of identity for all makes them a natural partner in this effort.”
“We believe that the adoption of blockchain is an opportunity for a new trust model to take hold where individuals and organizations can securely share private information and credentials without an intermediary. This new model gives control back to the individual, who defines how personal information is shared and with whom,” said Marie Wieck, General Manager, IBM Blockchain, “Through our partnership with Sovrin, IBM can help individuals and organizations accelerate adoption of self-sovereign identity standards as a critical component for responsible data stewardship.”
IBM and the Sovrin Foundation share a common vision that every individual, organization, and connected device have its own truly independent digital identity, in order to form more trusting interactions. To help achieve this vision and ensure these digital identities are interoperable at a global scale, Sovrin Foundation Stewards run open source distributed ledger technology administered by the Hyperledger Foundation, as Project Indy.
The journey toward global decentralized self-sovereign identity begins with a strong commitment to standards and interoperability. This first of its kind self-sovereign identity network was created by an international team of experts, including IBM, across a diverse group of organizations. It is based on emerging standards from the World Wide Web Consortium (W3C) that standardize the format of digitally-signed credentials. These verifiable credentials enable the cryptographically secure, peer-to-peer exchange of identity information in a manner that mimics the way identity attributes are exchanged in the physical world. The use of public blockchains provides decentralized registration and discovery of the public keys needed to verify digital signatures. These two capabilities enable a new way to establish a global public utility for self-sovereign identity—lifetime portable digital identity that does not depend on any central authority and protects privacy at the levels required by regulators around the world. In addition, self-sovereign identity solutions such as Sovrin can be used with enterprise fraud protection and authentication solutions like IBM Security Trusteer and IBM Security Cloud Identity.”
So what is self-sovereign identity? Perhaps the first description for a self-sovereign identity as the only acceptable approach based on the principles of human rights was written by Devon Loffreto, who wrote “What is ‘Sovereign Source Authority’?” in his blog on February 15, 2012. The concept is that the individual should control access to credentials that support her identity. So for example, if a bank wants to know how old I am and what my income is, I can control their access to my government certified birth record and my employers record of employment. The Sovrin solution supports Zero-Knowledge Proofs, so that instead of releasing my entire birth certificate, the system will certify that I am over the age of 21, without releasing my birthdate or actual age.
Mercator has written about the technology that was developed by Evernym and the Sovrin Foundation in several documents including “Biometrics: A New Wrinkle Changes the Authentication Landscape” published January 2017 which included a chapter on self-sovereign solutions that included Evernym. The technology was also evaluated in a project we conducted for CO-OP. Our analysis was this:
“The Evernym use case is groundbreaking. Enabling validators to provide consumers their own data to confirm their identity without divulging facts is a beautiful idea that stretches our imagination.”
Now IBM has bought into the idea which should help speed adoption.
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group
Read the quoted story here