According to a September 18 press release, digital security firm Gemalto and blockchain solutions firm R3 have combined forces to create a self-sovereign digital ID called the Trust ID Network, to be stored on the R3 Corda blockchain. The Trust ID Network will reportedly make it so that personal data stored by the user will only be accessible to those that hold a personal key directly related to an individual's digital identity. The companies plan to launch a pilot of the Trust ID Network sometime this year.
The press release states that users will be given control of their own digital identity through a secure mobile application on which they can add, certify, and consent to share data with chosen service providers.
Participating service providers are not mentioned in the press release. However, Gemalto feels that strict authentication requirements, like KYC (know your customer), make the financial industry "ideally positioned to lead the self-sovereign Digital ID revolution." It also mentions the technology's potential for enrolling in eCommerce and eGovernment services.
Protecting one's digital information has been a hot topic as of late. Companies such as Facebook and Google have turned personal data into a commodity. Although many people either do not care or are not aware that mega-corporations are making huge profits from data related to their personal identity, there are others who wish to decide for themselves when and with whom their personal data is shared.
There have been many attempts to give internet users control over their digital identities and personal information. One relatively early example was Microsoft Passport, which launched in 1999 and gave internet users the option of utilizing the same identity across multiple websites. However, users' digital identities were managed by Microsoft and stored on its servers.
As the internet has grown, the need for data privacy has increased. In December 2016, Yahoo announced that one billion user accounts had been hacked, compromising sensitive information such as users' names, telephone numbers, dates of birth, encrypted passwords, and unencrypted security questions.
In April of this year, Congress questioned Facebook CEO Mark Zuckerberg about his role in allowing Cambridge Analytica – a UK-based political data firm hired by Donald Trump's presidential election campaign – improper access to the personal data of millions of users.
"Rather than just advocating that users be at the center of the identity process, self-sovereign identity requires that users be the rulers of their own identity."
Allen writes that self-sovereign identity is the evolution of self-centric identity in that "the user must be central to the administration of identity." This means that self-sovereign identity requires that a user's digital identity be accepted across various websites, and at the same time allows the user to have total control of information linked to their digital ID. To accomplish this, a user's self-sovereign identity must be "transportable" and not stored in one central location.
In addition to the transportable aspect of self-sovereign identity, Allen outlines other characteristics that are vital to giving internet users complete and total control over their personal data. He states that a true self-sovereign identity must reflect some "self" that exists offline, and that self must have "ultimate authority" over and access to their digital identity at all times.
Allen emphasizes that a true self-sovereign identity gives the user complete control over the sharing of data. Moreover, the user's consent must be "deliberate and well-understood." Perhaps most importantly, Allen states that the rights of the user must take precedence over the needs of the identity network, and that the algorithms that ensure authentication must be free of censorship and run in a decentralized manner.
Although they have yet to be perfected, self-sovereign identity platforms do already exist. In August 2017, ETHNews reported that the Brazilian Ministry of Planning, Budget and Management used the uPort self-sovereign identity platform to produce a successful pilot program to verify documents and identity. That same year, Ethereum developer Fabian Vogelsteller began developing the ERC725 self-sovereignty identity standard for the Ethereum platform.