The great boom of social networks has created an entire economy based on the exploitation of personal data to identify and map users to “accounts”, stored in central databases that concentrate not only the information power, but also the risk, the responsibility related to Privacy compliance.
This privacy requirement forces us to consider a new technology, promoted by the EU, called Self Sovereign Identity (SSI). SSI has the great advantage of transferring control of data into the hands of the data owner, specifically the citizen, preventing the possibility of data being shared without authorization.
The world of identity based on the paradigm of self sovereign identity (SSI) has matured today, the first international standards have been established: W3C DID and VC.
The decetntalized blockchain technology of commercio.network is a perfect match for SSI as it allows for immutable, decentralized and distributed tracking and proof of all exchanges between counterparties in an unmediated manner. Compared to a centralized solution, the advantage of a blockchain-based network is to prevent the ownership of information (and therefore its integrity) by a single party. Blockchain and SSI are the technologies that, at the state of the art, not only allow citizens to regain control of their information, but also prevent misuse or build correlation mechanisms.
The philosophy of SSI
The concept of decentralized identity is based on some elements such as:
- Decentralized identifiers (Decentralized identifier aka DID)
- Attributes related to the entities represented by DID (people or things) expressed in the form of credentials that, if signed, are verifiable
- Protocols, which allow communication between entities and/or things; in particular, of particular importance is the protocol for issuing verifiable credentials and presentation of evidence, obtained from such credentials (derived evidence called Proofs)
The categories of actors that interact in a decentralized identity system are the following:
Issuers, or Public Issuers or private entities that issue credentials in favor of a subject, following appropriate verifications (organizational, technical, etc.)
Subjects or Holders of such information (technically representative in the form of verifiable credentials), who control it through an agent (e.g. an identity wallet)
Verifiers or Verifiers, i.e., subjects that require holders to produce verifiable information (in the form of shared credentials or proofs).
Among the most important objectives of the paradigm of the SSI we emphasize the possibility of selective and independent dissemination of their data by a holder against a verifier, the minimum possibility of correlation of data (said, “linking”), the maximum barrier to collusion between verifiers, the maximum privacy achievable for all parties involved.
SSI adopts the principle of Privacy by Design: adopting privacy starting from the design of a process to its IT implementations.
This philosophy makes the marriage of SSI and the Blockchain a particularly suitable solution for the creation of an app to manage Vaccinal Passport data that is secure, verifiable, and geared toward preserving the privacy of citizens.