Dangling SSI over those who need it

The picture is from an Ethiopian man in the capital Addis Ababa. (The translation below) And this is why Africa is ready for SSI. Not at the government level but the people, if some one figures out how to make it accessible to all. For several years now all the tech world done is dangling SSI over the head of those who actually need it. Will Cardano change that?

“All this to renew an ID Gulele Sub-City is in Woreda 8. The challenge of renewing an ID is extraordinary. Each kebele renew IDs only one day a week. You get up at 5am and line up. When you think you it might be your turn today, you will be told that there has been a transfer from last week. You register and go home and you come in a week without failing. The official tells you the registration paper is lost. All this is to renew your identity.”

I don’t see, how these SSI/DID ideas should help in such situations.

We still need a source of truth, there. Someone, who attests an identity for the first time, before it is then maybe managed on a blockchain.

And that would probably still have to be that same government that is now failing at doing so in this example.

(I also don’t see, what good blockchain and/or decentralisation do in this scenario. If I want an attestation of an identity or some aspects of it – educational certificates, driver’s licenses, … – I want to know, who certified it. But, then, a classical public key infrastructure does the job perfectly well without any blockchain stuff. The hard part is implementing it, so that University X really gives out digitally signed certificates. Why put it on an effing chain?)

I think you need to start somewhere. This is why IOG are starting with creating the DIDs for school and university students. Thus, leveraging the teaching institution’s trust as a starting point and immortalising those records. Moving forward, you can build upon these DIDs by connecting records from other sources of trust. This makes the DIDs even more solid and immortal. Similar to how a bank may require multiple ID record proofs currently.

Eventually, if the original institutions get blown up by war and records destroyed, the community now trusts the blockchain records more because they have their own proofs and have multiple components.

To leverage the trust, there has to be a signature by a known identity of the institution. And education certificates can’t be stored on the blockchain itself (and even if the block size would be increased so they could, it would be madness to store the certificates of millions or billions of people on every full node).

So what good does the blockchain do at all in this scenario? They could just publish the public keys of the institutions with loads of redundancy and give the digitally signed certificates to me, so that I can put them in as much clouds and backups as I want (far more reliable than IPFS). No need for a blockchain in any way.

The “community” trusting blockchains is tiny. And if they trust it for this, they are also deeply mislead.

Trusting the ledger of coin and token transactions does only work, because they live completely on the chain. Trusting some information about things outside the chain, just because they are on the chain is foolish.

Looking for a source of truth to the government or banks is the western world issue. Where your existence is attested by your birth certificate from the hospital you are born from or something similar. And where that is the only acceptable attestation.

In most developing countries and certainly in Ethiopia it is the community, your neighbors, your family that is the source of truth.

In those countries the governments themselves do not trust their own data, as it can easily be corrupted.

Today the mobile phone penetration in most developing countries has reached 50% coverage. If we assume half of this is smart phones then we have enough infrastructure to onboard a quarter of the population.

If individuals are provided with an easy way to onboard themselves and those close to them it will not take long for things to snowball forcing the government to accept it as a de facto ID.

That is the easiest and the most appropriate way of delivering self sovereign identity.

In Ethiopia churches give their congregation identity cards. This identity cards are more trusted as a first point of entry than any other identities. If you provide the churches with a cheaper SSI based solution that can easily be authenticated from any where then half the population would be on-boarded. The infrastructure is there. what is missing is a user friendly on-boarding and recovery system. the tech community have done much more complicated things than that.

@HeptaSean I don’t think the data has to be that big. For example, the proof that you got a particular degree at a university can be small. But I do agree that there is a data storage problem in general which is a problem still to be solved.

Currently, but it is building fast. With the recent actions I see this developing faster than I initially thought it would.

Some recent sign posts:

• Canada de-banks protesting truckers. Canada changes the law making donations to the truckers retroactively illegal and then proceeds to de-bank these people too.
• Major nations have announced that treasury reserves held by foreign banks are only “money good” if they say so.
• people are starting to look for assets without counter-party risk and then realising that gold is pretty dysfunctional in the digital world where value needs to be transacted across borders quickly.
• Major exchanges like the LME can decide to roll-back time and retroactively cancel legitimate trades if particular broking houses or banks get financially threatened. See the recent Nickel trading fiasco. It doesn’t matter if you were on the other side with a winning trade - you still lose to the big banks. Just like the gamestop episode but worse because they didn’t just stop trading, they reversed thousands of trades.

I just can’t wait to see if the FED is going to tighten and destroy demand to “fix” the “inflation” caused by de-globalisation, lock-downs, supply chain disruption, rising energy costs, war, etc. It will be interesting to see how governments and central banks manipulate things from here. Maybe we will see price controls next?

I think you might find that trust in blockchains won’t be “tiny” soon.

IOGs solution (at least at the moment) is not appropriate for individuals and small institutions to onboard themselves. And through the government system hell will freeze before it reaches those who need it. Even those who received the DIDs thorough IOGs work can not benefit from it as long as the larger community is not using it.

I was not aware that IOG offered any solutions for anyone except the elementary schools. They did say they will expand it to universities when this test concludes.

The only thing IOG is doing is a test run with 5 million students and 700k teachers. All of them were provided with tablets and dedicated internet access, so there is no ‘line-up’ issues. Also, this is the only mass test of utility of DIDs in real life where private data control is passed from institution to individual. Looking forward to see how this all works out in a few years.
https://iohk.io/en/blog/posts/2021/04/27/blockchain-finally-comes-of-age-with-worlds-biggest-blockchain-deployment/

This seems to be just a bureaucratic quagmire. There is no need to wait for blockchain to exponentially improve this. This can be done by redesigning workflow to alleviate bottlenecks, add resources and retrain staff.

…or sometimes governments manufacture bottlenecks on purpose due to lack of resources. Open 1 day a week is a choice they made and it’s obviously not a choice of efficiency. Blockchain also can’t help here. That’s just a leadership decision.

Self-Sovereign Identity will not solve issue in this case anyways (unless the government suddenly starts accepting SSI instead of their own IDs which at this point is very unlikely).
SSI may be useful to prove that it was you that completed some online course or that you were involved in some project. I can’t see governments ever just accepting SSI to issue citizen ID that will let you vote or get financial/education/health benefits of that state. Nor would they ever be used for cross border travel. I don’t think SSIs will be that solution in our life time.

DIDs on the other hand are a natural progression for governments of the world. They can slowly shift IDs from plastic cards to digital format. I don’t think having a DID on a phone will be too different from showing a plastic ID card in 10 years from now.

@Neo_Spank I agree with all your arguments about governments not using and accepting SSIs/DIDs.

However, I think the game changer is when individuals are able to leverage their DIDs in a P2P manner for business transactions.

Say I need some engineering design work: I might be prepared to contract with someone from Ethiopia if I can verify they have the requisite engineering credentials. I might find that blockchain allows me to more quickly, easily and accurately verify such credentials than by trying to contact the Ethiopian university and somehow validate the records they supply. People can then further leverage their DIDs by linking their work history. I might then be prepared to provide an uncollateralised loan to this person.

I really like IOGs approach by starting with school and university records. I think trust can be built from that and it will snowball.

How does “the blockchain” help here?

Who safeguards that only legitimate education credentials are put on “the blockchain” how?

And why – if that works at all – does it need a distributed ledger technology and cannot be done by classical PKI certificate chains?

Oh, you mean with cryptocurrencies, we have no possibility to cut anti-vaxx nutheads terrorising a city from their cryptobro funding? What a brave new world …

I guess it comes back to the fact that I understand and trust the Cardano blockchain. When the DIDs are put on the Cardano blockchain I imagine there will be online articles further explaining them and how they operate. I think all this will build awareness and trust.

I sense that many people are currently losing trust in traditional institutions and blockchain is gaining trust.

You might be more cynical than me. I am not suggesting we move to a lawless society without the need for governments and rule of law. However, I do think there will be some more checks on their power.

I think we are moving to a world where trust has been severely degraded. In this new world what assets can you think of that don’t have counter-party risk? What assets (and records) can be relied upon which don’t require trust in some human controlled institution?

I trust the Cardano blockchain in telling me, where ADA and native tokens are currently located and that a specific private key is allowed to spend them. That’s the problem consensus algorithms are designed for.

There is no meaningful notion of forming a decentralised consensus on the question if some specific person has a specific degree, if some private key is allowed to testify that, if some school is a legitimate higher education institution or if it is Trump “university”, …

Choose the right tool for the job!

I just have no sympathies whatsoever for these trucker “protests”.

In both cases: None. And that’s as unavoidable as it is good.

Assets “without counter-party risk” in essence mean that the wealth is parked somewhere non-productively. As soon as you invest it in the economic circle, there is always a risk of losing it. But a world of holders is not sustainable. And “without counter-party risk” does not mean “without risk“. Gold and crypto prices sometimes plummet. You might not have the time to wait for the next ATH. Or the world might find out about gold’s very limited utility in reality. Or the crypto you have invested in of all the cryptos is the one that plummets terminally.

As for the records without human control: Except for very limited use cases, it’s nigh impossible. For reasons. Credentials for education have to be given by teachers, professors or the institutions they work in or they are just worthless. The fact that these people are teachers or professors has to be certified by someone “higher up”. Etc. pp.

If the official government is unreliable, you can replace it by the church. But that’s just another institution trusted by the people. In personal contact, you can replace it by neighbours, family, community. But that is hardly transferrable to the digital world. And it’s also trust in people in the first place.

You seem to use SSI and DID as opposing concepts, here. All presentations I have seen up to now imply that DIDs are something like a building block for SSI.

All these terms are fuzzy at best, mostly undefined at worst, but if you look at the W3C Proposed Recommendation https://www.w3.org/TR/did-core/, Microsoft’s marketing brochure https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2DjfY or this blog post at IBM https://www.ibm.com/blogs/blockchain/2018/06/self-sovereign-identity-why-blockchain/, a couple of things become clear:

The use of blockchains in these concepts is totally non-essential. They “just” use it as a kind of public whiteboard for publishing the relationship between identifiers and keys, not for storing the verifiable credentials themselves. They all speak about other possibilities such as distributed filesystems or even just traditional databases for this task. And it surely does not have to be a cryptocurrency blockchain. Why should it be important that strange assets are gambled on the same platform? It’s still the same if you use https://ec.europa.eu/digital-building-blocks/wikis/display/ebsi, for example.

And they all evade the question, how the traditional PKI tree structure is specifically avoided. How can we verify that this person and not anybody pretending to be this person recorded a DID on the chain? The IBM blog post even summons the decade old Web of Trust concept (which was a total failure for a reason), but somehow manages to totally omit any specifics of how it will be replaced. The blockchain is if at all a replacement for the key servers (which are quite functional), but not for the Web of Trust (failed) or CA infrastructure (moderately functional).

If the vision in cryptocurrency world is fundamentally different than the little that is available from big tech and all these (immature) concepts should be forgotten, then there has to be a more mature write-up somewhere. Just dropping the “SSI”, “DID” and “blockchain” buzzwords is definitely not enough.

You are looking the problem from western perspective.

The citizens of Ethiopia problem is not about proving they have completed an online course. Their problem is proving that they exist, they belong to a community and live at a certain place. That is done at the Kebele level (a neighborhood administration)

Each Kebele issues its own identity (Ethiopia has no national register or identity system yet) and that is the basis of all other services in the country. A school identity doesn’t work without a Kebele identity.

And every citizen has to go through that process every two years standing in a queue for weeks, and by producing witnesses. The witness can be an official of the kebele (the local administrator) or a neighbor.

The local population authenticates each other. But this authentication is done with physical presence and pen and paper. Add to that some lousy local official who may want a bribe then the problem multiplies.

This is about tracking relationships.

This is not a human problem but a systems problem. Which blockchain and SSI are well suited to solve. Kebele officials or the community can authenticate the existence of a person in seconds instead of weeks, without waiting for two years.

If we have a system that automatically tracks relationships we in fact have no need of authenticating every two years.

Though kebele officials can be corrupt they can not refuse to accept a solution that would solve one of the biggest problems in the country that is coming from enough citizens who on boarded themselves on an SSI.

We need to be clear about what risks we are talking about here. Literally everything has some risk. Even self custody gold has the risk of being stolen. When referring to counter-party risk, I am talking about the risk that the centralised entity maintaining the ledger can just invalidate your assets at their discretion.

You can hold your blockchain assets and still have them working as an investment. You can borrow against them for example and you can earn yield through staking etc. Of course, there is investment risks. However, the counter-party risk of trusting a human controlled institution to not cheat through inflation or manipulation of the ledger, has now been transferred to the “counter-party” risk of the laws of mathematics within the design of the blockchain. People are now being asked: Which do they trust more?

Government records and IDs can be faked too. Fake passports, fake documents, fake signatures, fake university degrees, are common in the official government record system world. Most people do not have the capacity to properly check so they trust in the systems because there is no alternative. But now there is an alternative in blockchain and it is easier to verify and it is proving to be more reliable and immutable. More trustworthy.

Of course. What we are discussing here is what happens after so that people have proof they own their credentials. The old way is to write the records on a ledger housed in an ivory tower. So long as the ivory tower still exists and the people working there haven’t re-written the ledger or destroyed it then we can ask for a copy to be faxed. We trust that the official sounding person on the phone faxed us a true copy of the original. The new way is to record such records using blockchain technology where we can verify the digital signature. Teachers, professors and institutions can all disappear along with their memories and their records. We always need to trust in some record system.

The question is: Which system is more trustworthy? In the western world this might be a more close competition. In Ethiopia, I think a blockchain like Cardano can be more trustworthy than the “official” records especially when there is war, political upheaval, and government corruption.

I wish you guys could discuss how to provide a proof of existence solution first. Which is the immediate problem for most Africans.

Not opposing, just different. I can also see how DIDs would be a subset of SSI.
I use DID as they seem to use it in ATALA Prism. It’s just an app that has credential published to blockchain by authority of that app. It is basically leveraging blockchain to imply association of a credential to authority(as you mentioned, lika a whiteboard). Similar to what you see in protocol summary in this video:

However, this would make DIDs transferable (since technically they are digital assets) so you couldn’t tie their ownership to one specific individual (in real life, not just data) and in some cases you may not want to. For example DID that shows you hold a world record for something should be transferable if someone beats that record. This, with current technology is possible and may be useful.

SSI on the other hand is supposed to be a digital representation of particular individual with all of their credentials on blockchain verified by one or many authorities (at least this is my understanding of it). Unlike DIDs which just verify that one thing/app/document is true copy, SSI is supposed to verify that human interacting is a true copy of what is represented in that SSI. This means that you can’t just publish a credential token, but full verified credentials. On top of this, they are fully controlled by individual and 100% private. I do not see a way for a digital transaction to ever ‘guaranty’ that human described by SSI is the human that is using that SSI. This is why I’m skeptical about it’s success.

@T_Tefera
Back OP specific topic…

So, you have an issuing authority (Kebele) and verification authority (community). The process seems to be that community has to show up as witness for all individuals. Seem to me that is not very efficient.

Example: Instead of EVERYONE having to go to Kebele administration every two years, why don’t they send Kebele administrators to each community on set dates/place and issue IDs there on the spot. This way you will move just a few administrators around instead of trying to coordinate full population once a week. (No need for blockchain for this part.)

You can add DIDs to this process to make it faster (if technology is available to most).
Example: Every person with valid ID gets a DID that allows them to FaceTime/Zoom/text/talk to administrators. When administrator shows up and individual comes up and claims they are Mr. A, then administrator can go on an app and contact witnesses that can vouch for MR A, thus they don’t need to show up.

Alternative idea would be to make it a voting app.

For example: First DID anyone ever gets is from Kebele, after that every two years their ID is up for verification. When that happens DIDs of all named witnesses are contacted for a vote. They all vote and if it passes ID is renewed.

Your suggestion is for those on power to solve the problem probably they created. That is unhelpful.
If all authorities could do that we do not need blockchain technology in the first place.

The point of blockchain, cryotocurrency and SSI is for the individual to take the power of decision on their own hand, whether financial or identity.