Re: The "self-sovereign" problem (was: The SSI protocols challenge)

>
> On 3/21/21 11:57 PM, Adrian Gropper wrote:
> > Are we, as a community, being shy in using self-sovereign to describe
> our
> > perspective?
>

I consider Self-sovereign identity as a concept or initiative, not a
technology. I can leverage VCs and DIDs in ways that are wholly
incompatible with self-sovereignty (e.g., not letting the DID subject be a
controller, requiring disclosure of highly sensitive information in a VC).
DIDs and VCs are not SSI technology, they are technology that can be
leveraged by systems which are trying to make SSI a goal.

That said, there has always been blurry lines around the concept, partially
because there is no authoritative source for it and partially because it is
often described in terms of backing technology and not a long-term
initiative. More for that reason (than the political/cultural
interpretations of the term) I do not use self-sovereignty when describing
the benefits of the technology - I can't rely on SSI being a stable concept
and explain how VCs/DIDs can be leveraged to achieve (some of) those goals.

I would also argue that some of the facets associated with self-sovereign
identity are not technologically enforceable - instead, they require either
a culture change and/or a legal change underneath an existing sovereign
system! For instance, regulation and compliance can quickly become strong
use cases toward personal data control and reducing unconsented data
correlation.

-DW

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._