Self-sovereign identity (SSI) is the next step beyond user-centric identity. Both concepts are based on the idea that a user must be central to the administration of his/her digital identity, which requires not only a user’s ability to use an identity across multiple locations but also true control over that digital identity, creating user autonomy. To accomplish this, a self-sovereign identity must be transportable, and can’t be attached to a single central authority or silo.
A self-sovereign identity must also allow users to provide claims about themselves, which could include personal data or attributes, and can even contain information asserted by others.
From a technology perspective, this can be acomplished by using distributed ledgers/blockchains. They enable the use of decentralized identifiers (DIDs), which are the basis of this identity model. DIDs are just identifiers, they don’t provide any kind of information about their owner. This is what Verifiable Credentials do, as they contain claims made by an issuer about the credential holder, both identified in the credential by their respective DIDs.
By sharing Verifiable Credentials, users can prove claims about themselves, but how can the credentials verifier trust them, if the only thing it knows about the issuer is its DID? This is indeed the goal of this project and where the eIDAS regulation can help. eIDAS stands for electronic identification and trust services for electronic transactions in the internal market. It ensures legal validity of electronic documents and cross border trust services, such as electronic signatures and seals. To make eIDAS available as a trust framework in the SSI ecosystem, the European Commission developed under this project, the eIDAS bridge.
The eIDAS bridge assists the issuer in the process of signing a verifiable credential, and the verifier, in the credential verification process, to assist in identifying the issuer (a legal person in the scope of this project) behind an issuer’s DID. By “crossing” the eIDAS Bridge, a Verifiable Credential is proven trustworthy.
In the context of the Innovative Public Services action of the ISA2 programme, the European Commission experimented with this new identity model, that has the potential to enhance the way citizens manage their digital identity, as well as the ability to offer public administrations new ways of authenticate citizens and offer better public services. It is also an interesting concept that could help in the application of eGovernment's once-only principle, with a citizen-centric approach in contraposition to the traditional government-centric approach. This means that the citizen should request only once a credential to a public administration -or a trusted third-party-, store it, and share it with others under his own control; instead of providing information only once to a public administration and lose its control when it starts moving between different administrations.
This project is an early stage implementation of the eIDAS Bridge component that is being now developed in the context of the European Self-Sovereign Identity Framework (ESSIF), one of the use cases selected by the European Blockchain Partnership (EBP) and the European Commission which is developed under the European Blockchain Services Infrastructure, a Connecting Europe Facility Building Block. More information about EBSI and ESSIF is available in the EBSI CEF Digital site.