In the intoduction, you say that the problem is centralisation, but in the rest of the article the topic is only logging in and signing messages on still centralised services.
There already were attempts to decentralise social networks – Mastodon probably being the most successful, but by far not the only one. They did not need any blockchain at all for it. Nevertheless, they did not replace any of the existing networks. I’d say for social, more than for technological reasons: People just want to find a critical share of their peer groups on one, centralised platform.
(Ironically, the preferred platforms of most crypto projects – e.g., Telegram and Discord – are rather less open and very much centralised. The only “decentralised” thing about Telegram is – in an interpretation sacrificing all meaning – that it makes a pose out of not bowing to regulations and letting Nazis run rampant unblocked.)
Logging in and signing with cryptographic credentials is nothing new that would need a blockchain, let alone a cryptocurrency blockchain. TLS client certificates, S/MIME, and OpenPGP have been around for decades. Nobody using them was more of a usability issue. And maybe it would benefit the world more if wallets would be developed to finally use them without any coins and chains attached.
Does such a wallet – irrespective if shiny, new, hype blockchain or good, old Internet standards – protect users better against being hacked? Well, given the plethora of people scammed in crypto, the need to tell them on every welcome message, in blinking GIFs, and as first part of any support answer to not share their seed phrases, and they still do it, I’d make a question mark on that.
Does the blockchain magic in there give us some assurance about identities?
This paragraph does not describe how such an association is made reliable. The association is just stated here. Anybody could state to be me (and if they have access to it also include some of my – or maybe their? – biometrics to seem extra trustworthy). This has to be verified by someone.
In the classical cryptographic solutions, it was done – rather unsuccessful – by webs of trust and – rather successful – by certification authorities. To roll something like that out to the masses, it should probably be done by your local government office – or in countries without a trustworthy administration by the church or another widely respected authority. And if we need an authority, anyway, what do we need the blockchain for?
By the way 1: One of the companies seemingly being a bit further with their interpretation of “SSI” uses either the data of telecommunication companies or the machine-readable identities of governments for assuring that I am me: https://iamx.id/wp-content/uploads/2022/02/2022-02-IAMX-Factsheet.pdf There is no win. Please, let governments directly assure identities without wasting resources on blockchains!
By the way 2: Do you have sources that Atala Prism is production-ready? The website still is all marketing and mock-ups. I’d love to read some specs and documentation.
By the way 3: This is false!
https://academy.affinidi.com/do-you-need-blockchain-for-enabling-ssi-452d62b34890
https://weh.wtf/ssi.html
Or directly from the spec – https://www.w3.org/TR/did-core/:
“databases of any kind” … you don’t need to waste every full node’s disk space if a replicated database on government servers is enough.