Whilst buzzwords such as Self-Sovereign Identity (SSI), blockchain and digital identity capture imaginations; in reality, decentralised technology will need to comply with legal regulation in order to be taken seriously.
In order to comply with the GDPR, no personal data can be stored on a blockchain. This is potentially a hurdle for companies building on public blockchains in which public write access is enabled. The EU Blockchain Observatory states that “private, permissioned blockchain networks operated by consortiums of companies or government agencies, will find it easier to apply the letter of the GDPR.”
Corda is a highly scalable, point-to-point enterprise DLT which has a core group of enterprise companies already using the platform. Corda is currently creating its own DID method and is preparing the foundation for SSI natively on decentralised ledgers. This development will bring the benefits of SSI to an already solidified consortium of companies with similar pain points and data management issues.
For this reason, the development of SSI on Corda will be widely trusted by enterprise entities and will complement the ecosystem on Hyperledger Indy and Ethereum.
The use of verifiable credentials is part of the fabric of all SSI models. Yet, the standards used for verifiable credentials are not yet confirmed or established. This has led to multiple different builds of verifiable credentials which do not necessarily interoperate. Going forward in 2020, we would hope that a lot of the asymmetries in the development of verifiable credentials can be ironed out.
Increasingly, governments are beginning to take note of SSI. This can be demonstrated clearly by the Pan-Canadian Trust Framework which launched a working SSI ecosystem. However, it looks like 2020 will see the government progression of SSI in Spain the Netherlands and Germany. Catalonia, for example, have announced IdentiCAT which is an SSI model, aiming to make Catalonia the first province in which citizens are the owner, manager and exclusive custodian of their own personal data and digital identity. Similarly, the Netherlands and Germany are engaging in PoCs with companies such as IBM, TNO & Jolocom.
The ESSIF is something which was initiated in 2019 and is beginning to properly coordinate events in 2020. The most recent stakeholder meeting was held 15th January where the creation of a European-wide ledger called EBSI was discussed, in which each Member State would run a node.
The ESSIF aims to act as a regulatory body and governance framework, ensuring the private sector implementations of SSI are interoperable and compliant with regulations such as eIDAS and the GDPR.
SSI is a technology which has made many claims about what it can do, but little practical use cases have come to fruition. 2020 is a year where we predict we will see SSI truly in action in various use cases.
a. Higher education
One of the most commonly cited use cases for SSI is being able to verify and reuse a digital University degree. Today, Blockcerts, an application for issuing verified higher education records is up and running and used by 69% of graduates in a few Universities in the USA & India. This is a small step towards widespread adoption of digitally verified academic achievements.
b. Know your doctor
Truu is a company working directly with the NHS in the UK to give doctors specific self-sovereign IDs. The premise of this technology is to prevent the potential for fraudulent doctors. Over the next year, we expect to see this use case go live.
c. Verifiable credit scores
CULedger is a technology which uses a combination of SSI, powered by Evernym (MyCUID) and R3’s Corda ledger for blockchain-based settlement (CUPay). What this technology does is add a trusted identity layer to transactions, greatly increasing trust in the transactions and reducing the likelihood of fraud.