Fourth Industrial Revolution

Self-sovereign identity: the future of personal data ownership?

Senior woman using her phone in a park

Over 60% of people in the US are concerned about how their data will be used by companies and governments. Image: Rawpixel.com

Satoru Hori
  • Despite the potential for online identities to unlock vast amounts of economic value, major concerns remain around privacy issues.
  • The two main types of digital identity – centralized and federated – place data control in the hands of service providers.
  • Self-sovereign identity takes back this control using blockchain technology but in order to succeed it needs a solid governance framework.

With the digitalization of various services in recent years, there are more and more opportunities for our personal identities to be utilized online in our daily lives – for instance, in e-commerce and social networking. In fact, it is predicted that the use of online identities could unlock the economic value equivalent of 6% of GDP in emerging countries and 3% of GDP in developed countries in 2030.

On the other hand, there is a growing concern about privacy issues in the use of identity information. For example, more than 60% of people in the US are concerned about how the collected information will be used by companies and governments.

Thus, balancing the utilization and protection of digital identity has become a global social issue. In this context, personal data management regulations, such as GDPR (General Data Protection Regulation) in the EU and CCPA (California Consumer Privacy Act) in California, are being strengthened in many countries.

Current identity models: centralized and federated

Until recently, the main methods of managing digital identity have been the centralized identity model and the federated identity model.

In the centralized identity model, each service provider manages users’ identity. Users access the service using authentication information, such as user identifier and password, that varies by services. The centralized identity model is widely used today. However, from the user's perspective, there are various disadvantages such as the need to manage authentication information for each service, fragmentation of identity for each service, and giving control of identity to the service operator.

Have you read?

In the federated identity model, several identity providers establish agreements between each other and operate under a common trust framework, or “federation”. Anyone who has an identity in an identity provider can access other identity providers. For example, logging into new services using a Google or Facebook account. However, most of the current federated identity services rely only on one service provider to serve as the trusted identity verifier.

Compared to centralized identity model, the federated identity model improves user convenience because less authentication information needs to be managed, but the sovereignty of the identity remains with the identity service providers. It also creates the risk that a piece of authentication information can be leaked, leading to unauthorized logins to multiple services.

New self-sovereign identity model

To address these problems, the concept of self-sovereign identity has been proposed. Although a universal definition of self-sovereign identity is difficult to find, the core notion is arguably that users are given control and autonomy over their identity data, how it is used and who it is used by.

In self-sovereign identity, the user has his or her identity information digitally signed by a trusted third party. When the user provides the identity information, he or she also digitally signs the information before providing it to the user of the identity information. The public keys of the user and the third-party organization for verifying the digital signature are recorded in a distributed ledger, and the user of the identity information verifies the provided information using them. In this way, users can control their own identity information without relying on a specific central administrator.

The three models of digital identity.
The three models of digital identity. Image: Self-Sovereign Identity.

Demonstrations of services using this technology are already underway. For example, Kiva is building an identity protocol based on self-sovereign identity for building credit history in Sierra Leone. Another example is the COVID Credentials Initiative (“CCI”). They are working on a digital certificate based on self-sovereign identity that lets individuals prove they have recovered from the COVID-19, have tested positive for antibodies or have received a vaccination.

The use of self-sovereign identity is being promoted in a variety of fields, but there are still various issues that need to be addressed. One of the challenges is to ensure interoperability. Self-sovereign identity will likely not replace existing all identity management systems but be used and coexist with them. It is also expected that various self-sovereign implementations will appear in the future. Therefore, interoperability with existing identity management systems and other self-sovereign identity systems is required.

Discover

What is the World Economic Forum doing about digital identity?

Key management is also an issue. In self-sovereign identity, identity information may be held in a wallet held by the user, which makes key management more important than ever. Therefore, a user-friendly solution is required so that users can properly manage their private keys. It is also expected that a certain number of users will lose their keys, so a key recovery mechanism is also essential. Although self-sovereign identity is a model where users manage their own identity information, there are cases where users such as children and the elderly cannot properly manage their identity information and keys on their own. For this reason, a mechanism to manage keys on behalf of the user is also important.

Self-sovereign identity is a promising technology to allow you to control your own data. However, to provide the true value of the technology, it is essential to establish governance framework for its operation.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Stay up to date:

Digital Identity

Related topics:
Fourth Industrial RevolutionEmerging Technologies
Share:
The Big Picture
Explore and monitor how Digital Identity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

We asked 5 tech strategy leaders about inclusive, ethical and responsible use of technology. Here's what they said

Daniel Dobrygowski and Bart Valkhof

November 21, 2024

Why is human-first design essential to the future of the internet?

About us

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum