Sovrin aims to provide digital identity tools that could have fundamental implications for the business models of cybersecurity, RegTech, data integration, and identity and access management industries. A digital identity solution akin to Sovrin’s will enable users to choose which elements of their identifying information are made public, in addition to improving user experience.
Two recent developments help motivate and position Sovrin; namely the standardization of digital signature formats by W3C, an organization led by Tim Berners-Lee promoting standards for the World Wide Web; and the recently proved ability to register and verify public keys decentrally. Blockchains enable decentralized registration and verification of public keys associated to digital signatures and can be used to establish Distributed Identifiers (DIDs), a standard driven by the W3C, essentially allowing the creation and maintenance of unique identity references in the absence of a centralized authority. Sovrin believes that these developments together will enable a publicly available self-sovereign identity system, enhancing confidence in identity records and finally establishing a secure, private and functional means of determining identity online. The open-source Sovrin network was launched in July 2017 and operates with publicly available access and permissioned validation. The Sovrin network was originally developed by Evernym before the code base was donated to the Linux Foundation to become the Hyperledger Indy Project.
An individual’s identity on Sovrin includes Sovrin identifiers, claims, disclosures and proofs. The Sovrin Identity Network (SIDN) consists of nodes run by ‘stewards’ approved by the Sovrin Foundation. Sovrin verifies IDs via a standardized digital format which reduces variance relative to a variety of ID formats being assessed. Sovrin issues a unique identifier for each of a user’s relationships with various institutions and businesses, this preserves privacy by mitigating the risk that service providers accrue significant data on an individual user by correlating their single (conventional) identifier across multiple use cases. Publicly verifiable claims made about oneself or by others about the person in question (such as age/gender and a driver’s license, respectively) are digitally signed.Selective disclosures can be made against a claim, across multiple sources, through zero-knowledge proofs and the user’s possession of a master secret (a key). Again, these identifiers are not correlatable, so one issuing agency does not hold information from the disclosure proof that could be used to look up the individual to whom they refer in another issuing bodies systems. Accountability in a consent-based identity data market will be facilitated by consent receipts stored on Sovrin, which specify the terms under which a business can use someone’s data.
The Sovrin token will be used to transfer value whenever verifiable claims are exchanged on the network such as in the event of transfer of one’s accrued credentials on the network to another verifier. The Sovrin token will allow issuers of varying forms of credentials to offer services to verifiers and owners, for instance one’s mobile phone carrier could offer a credential around a users location, with their consent. Sovrin hopes to benefit from a long-tail of verifiable claims that are not presently economically viable due to an insufficient gain in confidence given the difficulty of verifying many claims, such as in the use case of a small business wanting to reduce risk from dealing with certain types of customer but lacking the resources for a professional KYC procedure. Sovrin also envision a change in attitude towards identity claims whereby they become viewed as risks that one should insure against, with the Sovrin token being the natural medium of exchange for such transactions. More immediately, Sovrin intends to facilitate the emergence of a market for explicitly permissioned identity information where owners can delegate specifically which items of their information they wish to make available; it is envisioned that certain items of private information might be quite valuable to the appropriate verifier and Sovrin will allow users to decide for themselves to exchange. The Sovrin token distribution event is expected to happen in mid to late 2018.