Self-Sovereign Identity (SSI)
What is Self-Sovereign Identity (SSI)?
Self-Sovereign Identity (SSI)An identity model in which individuals or organizations hold and present their own credentials directly, without relying on a central identity provider.
Self-Sovereign Identity, or SSI, is an approach to digital identity in which the subject controls their identifiers, keys, and credentials directly, typically through a personal wallet on a phone or device. Trust is established through cryptographically verifiable claims issued by recognized authorities and presented to relying parties without revealing more than necessary. SSI is built on open standards such as W3C Decentralized Identifiers (DIDs), W3C Verifiable Credentials, and selective-disclosure proofs, often using BBS+ signatures or zero-knowledge proofs. Real-world deployments include the EU Digital Identity Wallet, the LF Decentralized Trust ecosystem, and government-issued mobile driving licences, all aiming to reduce reliance on centralized identity silos.
● Examples
- 01
A citizen presenting a digitally signed driving licence from their phone wallet to rent a car, revealing only age and licence class.
- 02
A graduate sharing a W3C Verifiable Credential of their degree with an employer's verifier portal.
● Frequently asked questions
What is Self-Sovereign Identity (SSI)?
An identity model in which individuals or organizations hold and present their own credentials directly, without relying on a central identity provider. It belongs to the Identity & Access category of cybersecurity.
What does Self-Sovereign Identity (SSI) mean?
An identity model in which individuals or organizations hold and present their own credentials directly, without relying on a central identity provider.
How does Self-Sovereign Identity (SSI) work?
Self-Sovereign Identity, or SSI, is an approach to digital identity in which the subject controls their identifiers, keys, and credentials directly, typically through a personal wallet on a phone or device. Trust is established through cryptographically verifiable claims issued by recognized authorities and presented to relying parties without revealing more than necessary. SSI is built on open standards such as W3C Decentralized Identifiers (DIDs), W3C Verifiable Credentials, and selective-disclosure proofs, often using BBS+ signatures or zero-knowledge proofs. Real-world deployments include the EU Digital Identity Wallet, the LF Decentralized Trust ecosystem, and government-issued mobile driving licences, all aiming to reduce reliance on centralized identity silos.
How do you defend against Self-Sovereign Identity (SSI)?
Defences for Self-Sovereign Identity (SSI) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Self-Sovereign Identity (SSI)?
Common alternative names include: SSI, User-controlled identity.
● Related terms
- identity-access№ 292
Decentralized Identifier (DID)
A W3C-standard identifier that a subject controls directly, independent of any centralized registry, and that resolves to a cryptographic key material document.
- identity-access№ 1200
Verifiable Credential
A tamper-evident, cryptographically signed statement issued by one party about a subject, expressed in the W3C Verifiable Credentials Data Model.
- identity-access№ 320
Digital Identity
The combination of identifiers, credentials, and attributes that represents a person, organization, or device in online systems.
- cryptography№ 1265
Zero-Knowledge Proof (ZKP)
A cryptographic protocol in which a prover convinces a verifier that a statement is true without revealing anything beyond the validity of the statement itself.
- identity-access№ 793
Passkey
A phishing-resistant FIDO2/WebAuthn credential — a device-bound or syncable asymmetric key pair that replaces passwords with a cryptographic challenge-response.