Trusted Third Parties vs Self-Sovereign Identity
All of us have multiple identities at any point. We are sons, daughters, brothers, sisters, parents, partners, friends, colleagues, and more to different people.
Sometimes, we may want to keep our identities separate from one another. For example, we may not want our colleagues to know our personal identities or we may not want our personal information to get mixed with our online identity.
How can we do this?
One option may be Trusted Third Parties, where a third-party entity facilitates interactions between two parties, where both trust this third-party. In our above example, it can be your boss who knows your personal information, but will not disclose the same to your co-workers. But since your co-workers trust your boss, they may accept anything that he/she says about you.
In the real world though, a Trusted Third Party (TTP) is a term that is often associated with online security. Here, a domain or a third-party acts as a facilitator between the owner of an information and the verifier of that information, such that the TTP vouches the identity of the party and this is accepted by the verifier.
The big question here is — can these TTPs be trusted in a digital world?
Are TTPs a Viable Solution?
TTPs, in today’s world, are organizations or entities that store and handle your data.
Let’s understand this with an example. Facebook is a company that stores your information, and authenticates you on other sites. The other sites, in turn, trust Facebook and since your data comes from it, they trust your data. Here, you are the owner and the other sites are the verifiers, and Facebook is the TTP.
While TTP may seem like the perfect solution to create online trust, it is unfortunately ridden with many problems.
Security and Privacy Loopholes
What happens when your TTP’s database is hacked? All the data stored in it gets stolen and used by hackers. Recent hacking incidents show that such centralized databases are not secure enough to keep your data from falling into the wrong hands.
Further, this centralized storage is a privacy loophole as well because anyone who has access to the database knows about you! Also, TTPs determine who can access your data and how it must be used. Some of them even monetize your data by targeting you with relevant advertisements.
So, from both a security and privacy standpoint, TTPs are a loophole.
Creates data silos
TTPs store data in silos, and this makes the data a lot less effective, both in terms of utility and leverage.
Data leverage is the degree to which we can use data. A prominent aspect that determines the usability and leverage of a data is its trust. In other words, when verifiers trust a data, it can have greater utility and leverage.
When a piece of information about an individual comes from a government organization, it is trusted implicitly, and this is an example of trusted data. Some examples of trusted data are passports, Adhar cards, Social Security Numbers, and more.
Utility follows leverage because when the data is trusted, it is widely accepted and can be used extensively for authentication and authorization. In the current business world, most of the data do not come from the government, and hence are not trusted.
Let’s take a practical scenario here.
Let’s say you go to a supermarket close to your house twice a week to buy groceries. One day, you forget to take your wallet and phone, so they are unable to sell their products to you on credit. Though you have a loyalty card with the supermarket, the data they have about you is not trustworthy enough to give you credit.
Likewise, a blue collar worker does many part time jobs. When he applies for a new job, he doesn’t have any trusted proof of the part time jobs he has done so far, and hence his potential employer has no way to verify his data.
In both the above scenarios, the available data is not considered trustworthy, hence it has little leverage and utility. The same can be extended to cross-border rentals, credit history, etc because the data that is generated is not trusted and hence is of little value to its holders.
Thus, online trust is a major issue and to overcome that, TTP has been in vogue. But this TTP comes with privacy and security issues, and also, it creates data silos that have little utility for its holders.
Much of this lack of utility stems from the fact that the data is not portable or interoperable and hence cannot be used in all scenarios.
Now comes the big question. What is the alternative to TTP and the data silos they create?
Self-Sovereign Identity
One option that can overcome the privacy and security problems of TTP and make the data more usable for its holders is Self-Sovereign Identity, or SSI in short.
Let’s see how this framework overcomes the issues related to TTP.
Decentralized or Custodial Storage
In this identity framework, every individual stores his or her own data and is responsible for its security. This may make it difficult for a hacker to steal data, and more importantly, there is little financial incentive for hackers as they would spend too much resources to steal a single record.
Ensures Privacy
Self-Sovereign Identity gives complete control to users, so they can decide how their data is used and with whom it is shared. Such granular control reduces the possibility for unauthorized people to peek into an individual’s data.
Data Leverage
The trust associated with data is greatly enhanced when it is in the form of a Verifiable Credential. This is a tamper-proof credential that can capture even the smallest of details such as volunteering experience, rental history, and more. These small pieces of information can add a ton of value and give you an edge in securing the services you need.
Since these credentials can’t be changed by anyone, it is more acceptable as a trusted form of data, and hence, has a higher utility value.
As you can see, SSI can be a good alternative to TTP as it preserves privacy, enhances security, and creates trusted data that in turn can have wide-reaching leverage.
Do these sound interesting to you?
Visit Affinidi’s Dev Portal to learn more about SSI and VCs and how you can leverage them to do more with your data in a safe and secure way.
You can also join our mailing list, reach out to us on Discord, and follow us on LinkedIn, Twitter, and Facebook.
