Digital Identity refers to the various usernames and log-on procedures we use to interact with web sites and other digital services. The Scottish Government has defined it to be essential to their goals of building a World Class Digital Government, with key goals including:
Develop a common, single sign-in and authentication process for businesses seeking access to online support services and information;
Work with stakeholders, privacy interests and members of the public to develop a robust, secure and trustworthy mechanism by which an individual member of the public can demonstrate their identity online.
Adopting a ‘Self-Sovereign Identity’ system offers the potential for Scotland to not only meet these technical goals, but to pioneer an entirely new model of 21st century Digital Democracy.
Self-Sovereign Digital Identity
Michael Gorriz explains how Identity is a universal function, one that spans across government, banking and every other online service that we use.
Government identity programs, such as Gov.UK Verify, seek to leverage this interconnectedness through linking their authentication systems with others like banks to streamline the procedure from a users perspective, an approach known as ‘federated identity’.
As the diagram from this Tieto article describes it can be seen as the first step in a maturity journey, an improvement on from centralized model which means a duplicated identity procedure for each and every web site.
The article introduces ‘Self-Sovereign Identity’ and positions it as the ultimate conclusion to this maturity journey.
Described in detail in this ID2020 white paper as the name suggests the primary feature is an identity mechanism owned and controlled by the user themselves. Martin Kuppinger writes for Computer Weekly how the blockchain can be utilized to provide the required integrous system and how legal requirements like GPDR provide one context for its value, meeting the user controlled data obligations.
Introduced in this short presentation the fundamental principles are described as:
- Every individual human being is the original source of their own Identity.
- Identity is not an administrative mechanism for others to control.
- Each individual is the root of their own identity, and central to its adminstration.
- The role of names, citizenship, licences and other credentials should be distinct.
In short it places control and ownership of identity in the hands of the users themselves, not a third party like banks or the government, setting in place the keystone foundation for an entirely citizen-centric Digital Democracy.
Via his blog tech industry luminary Phil Windley describes the launch of the Sovrin Network, the world’s first self-sovereign identity (SSI) network, intended to implement the technologies and these principles, and the scope of potential for its implementation in Scotland is quite profound.