Self-Sovereign Identity
Decentralized Digital Identity and Verifiable Credentials
Alex Preukschat and Drummond Reed
  • MEAP began December 2019
  • Publication in January 2021 (estimated)
  • ISBN 9781617296598
  • 300 pages (estimated)
  • printed in black & white

This is a very important book—it looks at the problems of digital identity just when we need to desperately solve them.

Milorad Imbra
In a world of changing privacy regulations, identity theft, and online anonymity, identity is a precious and complex concept. Self-Sovereign Identity (SSI) is a set of technologies that move control of digital identity from third party “identity providers” directly to individuals, and it promises to be one of the most important trends for the coming decades. Now in Self-Sovereign Identity, privacy and personal data experts Drummond Reed and Alex Preukschat lay out a roadmap for a future of personal sovereignty powered by the Blockchain and cryptography. Cutting through the technical jargon with dozens of practical use cases from experts across all major industries, it presents a clear and compelling argument for why SSI is a paradigm shift, and shows how you can be ready to be prepared for it.

About the Technology

What is our identity? It is everything we do in our daily life, but with the identity data records siloed in banks, big corporations, and governments. Currently, we rely on these third-party records to prove who we are and what we own—but we do not control them.

Self-Sovereign Identity changes everything.

Imagine selling a house, applying for a driver’s license, or checking an applicant’s credentials without evaluating a portfolio of papers gathered from various centralized institutions. Powered by secure Blockchain registries and cryptography, Self-Sovereign Identity is empowering people across the globe to take back control of their own data using digital credentials controlled by the users themselves. It eliminates the need for organizations to manage customer data directly, reducing costs, and massively increasing security. SSI is creating new, richer, and more trusted relationships online, and promises to be just as important as the emergence of the Internet.

About the book

Self-Sovereign Identity gives you a radical new perspective on how we represent ourselves in the world. This case study-driven book cuts through the jargon and hype to expose the amazing potential SSI offers for for security, privacy, identity, and even uprooting the way the global economy works. SSI experts Drummond Reed and Alex Preukschat present a vision of the future, examining how SSI protocols will impact industries from banking through to government. You’ll get a clear mental model for how SSI works as you tour SSI-enabled eCommerce and eHealth applications and their advantages over current technologies. While you learn the philosophical and sociological concepts that underpin SSI, you’ll reach the book’s lightbulb moment: what this radical technology really means for the shape of our lives, our businesses, and our futures.
Table of Contents detailed table of contents

Part 1 An Introduction to SSI

1 Why the Internet is missing an identity layer—​and why SSI can finally provide one

1.1 Internet Identity Workshop

1.2 How bad has the problem become?

1.3 The breakthrough: blockchain

1.4 The three models of digital identity

1.4.1 The centralized identity model

1.4.2 The federated identity model

1.4.3 The decentralized identity model

1.5 Why "`self-sovereign”?

1.6 Why is SSI so important?

1.7 Market drivers for SSI

1.7.1 Ecommerce

1.7.2 Banking and finance

1.7.3 Healthcare

1.7.4 Travel

1.8 Major challenges to SSI adoption

1.9 Exploring SSI with this book

2 The basic building blocks of SSI

2.1 Verifiable credentials

2.2 Issuers, holders, and verifiers

2.3 Digital wallets

2.4 Digital agents and hubs

2.5 Decentralized Identifiers (DIDs)

2.6 Blockchains

2.7 Governance frameworks

3 Example scenarios of how SSI works

3.1 A simple notation for SSI scenario diagrams

3.2 Scenario #1: Bob meets Alice at a conference

3.3 Scenario #2: Bob meets Alice through her online blog

3.4 Scenario #3: Bob logs into Alice’s blog to leave a comment

3.5 Scenario #4: Bob meets Alice through an online dating site

3.6 Scenario #5: Alice applies for a new bank account

3.7 Scenario #6: Alice buys a car

3.8 Scenario #7: Alice sells the car to Bob

3.9 Summary

4 SSI Scorecard: Major features and benefits of SSI

4.1 Feature/benefit category #1: bottom line

4.1.1 Fraud reduction

4.1.2 Reduced customer onboarding costs

4.1.3 Improved ecommerce sales

4.1.4 Reduced customer service costs

4.1.5 New credential issuer revenue

4.2 Feature/benefit category #2: business efficiencies

4.2.1 Auto-authentication

4.2.2 Auto-authorization

4.2.3 Workflow automation

4.2.4 Delegation and guardianship

4.2.5 Payment and value exchange

4.3 Feature/benefit category #3: user experience & convenience

4.3.1 Auto-authentication

4.3.2 Auto-authorization

4.3.3 Workflow automation

4.3.4 Delegation and guardianship

4.3.5 Payment and value exchange

4.4 Feature/benefit category #4: relationship management

4.4.1 Mutual authentication

4.4.2 Permanent connections

4.4.3 Premium private channels

4.4.4 Reputation management

4.4.5 Loyalty and rewards programs

4.5 Feature/benefit category #5: Regulatory compliance

4.5.1 Data security

4.5.2 Data privacy

4.5.3 Data protection

4.5.4 Data portability

4.5.5 RegTech (Regulation Technology)

4.6 Using the SSI Scorecard in Part Four

Part 2 SSI Technology

5 SSI architecture: the big picture

5.1 The SSI stack

5.2 Layer 1: Identifiers and public keys

5.2.1 Blockchains as DID registries

5.2.2 Adapting general purpose public blockchains to SSI

5.2.3 Special-purpose blockchains designed for SSI

5.2.4 Conventional databases as DID registries

5.2.5 Peer-to-peer protocols as DID registries

5.3 Layer 2: Secure communication and interfaces

5.3.1 Web-based protocol design using TLS

5.3.2 Message-based protocol design using DIDComm

5.3.3 Interface design options

5.3.4 API-oriented interface design using wallet dapps

5.3.5 Data-oriented interface design using hubs

5.3.6 Message-oriented interface design using agents

5.4 Layer 3: Credentials

5.4.1 JSON Web Token format

5.4.2 Blockcerts format

5.4.3 W3C verifiable credential formats

5.4.4 Credential exchange protocols

5.5 Layer 4: Governance frameworks

5.6 Summary

6 Basic cryptography techniques for SSI

6.1 Basic cryptographic building blocks

6.2 Hash Functions

6.2.1 What is a hash?

6.2.2 Types of hash functions

6.2.3 Hash function usage in SSI

6.3 Encryption

6.3.1 What is encryption?

6.3.2 Symmetric-key cryptography

6.3.3 Asymmetric-key cryptography

6.4 Digital signatures

6.5 Verifiable data structures

6.5.1 Merkle Trees

6.5.2 Building a Merkle tree

6.5.3 Searching a Merkle tree

6.5.4 Patricia Tries

6.5.5 Merkle-Patricia Trie - a hybrid approach

6.6 Proofs

6.6.1 Zero-Knowledge Proofs

6.6.2 ZKP applications for SSI

6.6.3 Proofs and SSI

6.7 Conclusion

7 Verifiable credentials

7.1 Example Usages of VCs

7.1.1 Opening a bank account

7.1.2 Receiving a free local access pass

7.1.3 Using an electronic prescription

7.2 The VC ecosystem

7.3 The VC trust model

7.3.1 Federated identity management vs. VCs

7.3.2 Specific trust relationships in the VC trust model

7.3.3 Bottom-up trust

7.4 W3C and the VC standardization process

7.5 Syntactic Representations

7.5.1 JSON

7.5.2 Beyond JSON - adding standardized properties

7.5.3 JSON-LD

7.5.4 JWT

7.6 Basic VC Properties

7.7 Verifiable presentations

7.8 More Advanced VC Properties

7.8.1 Refresh Service

7.8.2 Disputes

7.8.3 Terms of Use

7.8.4 Evidence

7.8.5 When the holder is not the subject

7.9 Extensibility and Schemas

7.10 Zero-knowledge proofs

7.11 Protocols and deployments

7.12 Security and Privacy Evaluation

7.13 Hurdles to adoption

7.14 Summary

8 Decentralized identifiers

8.1 The superficial level: what is a DID?

8.1.1 URIs

8.1.2 URLs

8.1.3 URNs

8.1.4 DIDs

8.2 The functional level: how DIDs work

8.2.1 DID documents

8.2.2 DID methods

8.2.3 DID resolution

8.2.4 DID URLs

8.2.5 Comparison with the Domain Name System (DNS)

8.2.6 Comparison with Uniform Resource Names (URNs) and other Persistent Identifiers

8.2.7 Types of DIDs

8.3 The architectural level: why DIDs work

8.3.1 The core problem of Public Key Infrastructure (PKI)

8.3.2 Solution #1: The conventional PKI model

8.3.3 Solution #2: The web-of-trust model

8.3.4 Solution #3: Self-certifying identifiers

8.3.5 Solution #4: DIDs

8.4 Four benefits of DIDs that go beyond PKI

8.4.1 Beyond PKI benefit #1: Guardianship and controllership

8.4.2 Beyond PKI benefit #2: Service endpoint discovery

8.4.3 Beyond PKI benefit #3: DID-to-DID connections

8.4.4 Beyond PKI benefit #4: Privacy by Design

8.5 The Semantic Level: What DIDs Mean

8.5.1 The meaning of an address

8.5.2 DID networks and trust networks

8.5.3 Why isn’t a DID human-meaningful?

8.5.4 What does a DID actually identify?

9 Digital wallets and digital agents

9.1 What is a digital wallet—and what does it typically contain?

9.2 What is a digital agent—and how does it typically work with a digital wallet?

9.3 An example scenario

9.4 Design principles for SSI digital wallets and agents

9.4.1 Portable and Open-By-Default

9.4.3 Privacy-by-Design

9.4.4 Security-by-Design

9.5 Basic anatomy of an SSI digital wallet and agent

9.6 Standard features of end-user digital wallets and agents

9.6.1 Notification and user experience

9.6.2 Connecting—establishing new digital trust relationships

9.6.3 Receiving, offering, and presenting digital credentials

9.6.4 Revoking and expiring digital credentials

9.6.5 Authenticating—”logging you in”

9.6.6 Applying digital signatures

9.7 Backup and recovery

9.7.1 Automatic encrypted backup

9.7.2 Offline recovery

9.7.3 Social recovery

9.7.4 Multi-device recovery

9.8 Advanced features of wallets and agents

9.8.1 Multiple device support and wallet synchronization

9.8.2 Offline operations

9.8.3 Verifying the verifier

9.8.4 Compliance and monitoring

9.8.5 Secure data storage (“vault “) support

9.8.6 Schemas and overlays

9.8.7 Emergencies

9.8.8 Insurance

9.9 Enterprise Wallets

9.9.1 Delegation (rights, roles, permissions)

9.9.2 Scale

9.9.3 Specialized wallets and agents

9.9.4 Credential revocation

9.9.5 Special security considerations

9.10 Guardianship and Delegation

9.10.1 Guardian wallets

9.10.2 Guardian delegates and guardian credentials

9.11 Certification & Accreditation

9.12 The Wallet Wars: the evolving digital wallet/agent marketplace

9.12.1 Who

9.12.2 What

9.12.3 How

9.13 Summary

10 Decentralized key management

11 SSI governance frameworks

11.1 Governance frameworks and trust frameworks: some background

11.2 The governance trust triangle

11.3 The Trust over IP governance stack

11.3.1 Layer 1: Utility governance frameworks

11.3.2 Layer 2: Provider governance frameworks

11.3.3 Layer 3: Credential governance frameworks

11.3.4 Layer 4: Ecosystem governance frameworks

11.4 The role of the governance authority

11.5 What specific problems can governance frameworks solve?

11.5.1 Discovery of authoritative issuers and verified members

11.5.2 Anti-coercion

11.5.3 Certification, accreditation, and trust assurance

11.5.4 Levels of assurance (LOA)

11.5.5 Business rules

11.5.6 Liability and insurance

11.6 What are the typical elements of a governance framework?

11.6.1 Master Document

11.6.2 Glossary

11.6.4 Governance Rules

11.6.5 Business rules

11.6.6 Policy modules

11.6.7 Trust assurance framework

11.7 Digital guardianship

11.9 Examples

11.10 Summary

Part 3 Decentralization as a model for life

12 How open source software helps you control your self-sovereign identity

12.1 The origin of free software

12.2 Wooing businesses with open source

12.3 How open source works in practice

12.4 Open source and digital identities

13 Cypherpunks: the origin of decentralization

14 Decentralized identity for a peaceful society

14.1 Technology and Society

14.2 A Global Civil Society

14.3 Identity as a Source of Conflict

14.4 Identity as a Source of Peace

15 Centralization vs decentralization believers

16 The origins of Self-Sovereign Identity

16.1 The birth of the internet

16.2 Losing control over our personal information

16.3 Pretty good privacy

16.4 International Planetwork Conference

16.5 Augmented Social Network and Identity Commons

16.6 The Laws of Identity

16.7 Internet Identity Workshop

16.8 Increasing support of user control

16.9 Rebooting the Web of Trust

16.10 Agenda for Sustainable Development and ID2020

16.11 Early state interest

16.12 MyData and Learning Machine

16.13 Verifiable Claims Working Group, Decentralized Identity Foundation, and Hyperledger Indy

16.13.1 Increasing state support for SSI

16.14 Ethereum identity

16.15 World Economic Forum Reports

16.16 First production government demo of SSI-supporting ledger

16.17 SSI Meetup

16.18 Official W3C Standards

16.19 Only the beginning

17 Identity is money

Part 4 How SSI Will Change Your Business

18 Explaining SSI value to business

18.1 How might we best explain SSI to people and organisations?

18.1.1 Failed Experiment #1: Leading with the technology

18.1.2 Failed Experiment #2: Leading with the philosophy

18.1.3 Failed experiment #3: Explaining by demonstrating the tech

18.1.4 Failed Experiment #4: Explaining the (world’s) problems

18.1.5 Learning from other domains

18.2 So how should we best explain the value of SSI?

18.3 The Power of Stories

18.4 Jackie’s SSI story

18.4.1 Part 1: The current physical world

18.4.2 Part 2: The SSI world—​like the current physical world, but better

18.4.3 Part 3: Introducing the Sparkly Ball—​or what’s wrong with many current digital identity models

18.5 SSI Scorecard for apartment leasing

19 The Internet of Things Opportunity

19.1 IoT - connecting everything safely

19.2 How does SSI Help IoT?

19.3 The Business Perspective for SSI and IoT

19.4 An SSI-based IoT architecture

19.5 Tragic story: Bob’s car hacked

19.6 The Austrian Power Grid

19.7 Summary

19.8 SSI Scorecard for IoT

20 Animal care, adoption, and accountability just became crystal clear

21 Open democracy, voting & SSI

21.1 The problems with postal voting

21.2 The problems with e-voting

21.3 Estonia: a case study

21.4 The three pillars of voting

21.5 The Advantages of SSI

21.6 Summary

22 Supply-chain management powered by SSI in Pharma

23 Canada: Enabling Self-Sovereign Identity

23.1 The Canadian context

23.2 The Canadian approach and policy framework

23.3 The Pan-Canadian Trust Framework

23.3.1 The Normative Core

23.3.2 Mutual Recognition

23.3.3 Digital Ecosystem Roles

23.3.4 Supporting Infrastructure

23.4 Mapping the SSI Stack to the PCTF Model

23.5 Using the Verifiable Credentials Model

23.6 Enabling Self-Sovereign Identity

23.7 SSI Scorecard for the Pan-Canadian Trust Framework

24 From eIDAS to SSI in the European Union


Appendix A: The Path to Self-Sovereign Identity

Appendix B: Design Principles for Self-Sovereign Identity

Appendix C: The Three Dimensions of SSI

Appendix D: Principles of an Identity Metasystem

Appendix E: Public Identities in the Ethereum Ecosystem

Appendix F: Meta-Platforms and Cooperative Network-of-Network Effects

What's inside

  • How SSI will affect your industry
  • The essential technical and legal concepts of SSI
  • The architecture of SSI software
  • Emerging standards for SSI

About the reader

Readers of this book need no special technical knowledge, only an openness to new ideas.

About the authors

Drummond Reed has spent over two decades in Internet identity, security, privacy, and trust frameworks. He is the Chief Trust Officer at Evernym, and co-author of the Respect Trust Framework, which was honored with the Privacy Award at the 2011 European Identity Conference. Drummond is a Trustee and Secretary of the Sovrin Foundation, where he serves as chair of the Sovrin Governance Framework Working Group, and has served as co-chair of the OASIS XDI Technical Committee since 2004.

Alex Preukschat is Global Head of Strategic Blockchain Projects with Evernym. Alex has been active in the Bitcoin space since 2013 and leads, a global SSI community to share knowledge in the identity space. He is a co-founder of Blockchain España and Alianza Blockchain Iberoamérica, and author of multiple reports and books about Blockchain and identity.

placing your order...

Don't refresh or navigate away from the page.
Manning Early Access Program (MEAP) Read chapters as they are written, get the finished eBook as soon as it’s ready, and receive the pBook long before it's in bookstores.
print book $23.99 $39.99 pBook + eBook + liveBook
Additional shipping charges may apply
Self-Sovereign Identity (print book) added to cart
continue shopping
go to cart

eBook $25.59 $31.99 3 formats + liveBook
Self-Sovereign Identity (eBook) added to cart
continue shopping
go to cart

Prices displayed in rupees will be charged in USD when you check out.
customers also reading

This book 1-hop 2-hops 3-hops

FREE domestic shipping on three or more pBooks