RE: The "self-sovereign" problem (was: The SSI protocols challenge)


Heather, I think this is another example of the SSI Unconcious Contractions problem (

When I read it (and I read things quite literally), the opening phrase “is a decentralized identity layer” makes the definition sound like it’s a definition related to a layer in an SSI Model, an SSI Stack, or an SSI Architecture.  As I read through the rest of the paragraph, it begins to sound like a definition for an SSI Ecosystem.

To me, it’s not a precise definition of Self-Sovereign Identity …perhaps acceptable to a much broader audience but then they too lose sight of SSI’s true meaning.

Best wishes,
Michael Herman
Far Left Self-Sovereignist

From: Heather Vescent <>
Sent: March 23, 2021 12:01 PM
To: W3C Credentials CG (Public List) <>
Subject: Re: The "self-sovereign" problem (was: The SSI protocols challenge)

I will throw this definition into the arena (from The Comprehensive Guide to SSI, released in 2018!) with several caveats:
- This was the first report then converted into a book written/released about SSI. It's practically free now<>. Did I mention it's from 2018?
- It was primarily written by myself & Kaliya Young, and we had it technically reviewed by Kim Hamilton Duffy and Marcus Sabadello. Others contributed & reviewed.
- It was written as an introduction to non-insiders to this space, the audience was/is not this community.
- While technology was included, it was not privileged in order to understand the broader possibilities.
- Of course parts are outdated, and equally, parts are still relevant.
- It built upon the work of many people in this space, who have deep technical expertise.
- I'd like to remind everyone of the unconscious bias in tech communities, which tends to marginalize non-other perspectives.

This community has lamented that our work is not accessible to outsiders, yet little work has been done to make it so and practically no funding has been offered - even by the largest organizations who have the most to gain - to create it. The comprehensive guide to SSI was 100% self funded and bootstrapped by the principles.

With those caveats, and also remember this was my baby, so I have strong protective tendencies toward it, I'll share the description we used in it. Your understanding may vary.


On Tue, Mar 23, 2021 at 10:12 AM Michael Herman (Trusted Digital Web) <<>> wrote:
Same issues Drummond. Sorry.

From: Drummond Reed <<>>
Sent: March 23, 2021 10:57 AM
To: Michael Herman (Trusted Digital Web) <<>>
Cc: sankarshan <<>>; W3C Credentials CG (Public List) <<>>
Subject: Re: The "self-sovereign" problem (was: The SSI protocols challenge)

Michael, the definition is in the first sentence of Chapter 1:

Self-sovereign identity—commonly abbreviated SSI—is a new model for digital identity on the internet: i.e., how we prove who we are to the websites, services, and apps with which we need to establish trusted relationships to access or protect pri- vate information.

That broad definition was a deliberate choice on behalf of Alex Preukschat and I as co-authors of the book. SSI is a digital identity model (not just an architectural model, but also a governance model) that is significantly different than in the digital identity models of the previous two eras of Internet trust infrastructure, per this diagram that I now show at the start of all my talks on SSI and ToIP to establish the overall context.


On Tue, Mar 23, 2021 at 9:27 AM Michael Herman (Trusted Digital Web) <<>> wrote:
Hi Drummond, I’ve read through Chapter 1 of the Manning book just now ( and couldn’t a succinct nor operational definition for the term/concept of Self-Sovereign Identity.

The chapter talks “all around” the topic of Self-Sovereign Identity but didn’t seem to conclude with an actual definition.  Did I miss it?

Michael Herman
Far Left Self-Sovereignist

From: Drummond Reed <<>>
Sent: March 23, 2021 10:02 AM
To: sankarshan <<>>
Cc: W3C Credentials CG (Public List) <<>>
Subject: Re: The "self-sovereign" problem (was: The SSI protocols challenge)

+1 to Adrian Doerk's definition in his thesis (which I highly recommend, BTW—Adrian's work is very comprehensive and thorough).

FWIW, even though the forthcoming Manning book<> of which I'm a co-author (along with 54 contributing authors) is titled "Self-Sovereign Identity: Decentralized Digital Identity and Verifiable Credentials", in the opening chapter we explain the origin of the term and then recommend (and enforce throughout the rest of the book) simply calling it "SSI"—which is also what I see happening in the market. I predict that within the next 2-3 years, many who have become comfortable with the term "SSI" won't even know that it is an acronym or what it stands for (just as many today don't know what "IBM" or "ATM" stand for).

As a final point, I was a speaker this morning on a webinar hosted by Condatis called "Scaling Digital Trust in Healthcare" where Charlie Walton, VP Digital Identity at Mastercard, shared the following slide, which is the first time I've seen the term "Commercial SSI".


On Tue, Mar 23, 2021 at 6:54 AM sankarshan <<>> wrote:
On Tue, 23 Mar 2021 at 18:40, Michael Herman (Trusted Digital Web) <<>> wrote:
RE: "Decentralized identity" is a *better* choice. Others use "self-asserted," I think this has some of the same socio-cultural issues that "Self-sovereign" has.

  1.  QUESTION: Why is there this pervasive (pandemic?) of thinking spreading across so many of our communities (CCG, SF, ToIP, etc.) about giving in to this type of authoritarian, centralizationist thinking?
Why are people giving up on self-sovereignty in such large numbers?

The representation such as the above often create an all-or-nothing inference on the topic of SSI. It feels appropriate to cite a recently published work Doerk, Adrian. (2020). The growth factors of self-sovereign identity solutions in Europe. 10.6084/m9.figshare.14182586. and especially

We use the terminology of self-sovereign identity for describing a concept of giving individuals or organizations control over their digital identity. The identity resides with the identity subject in question, who is central to its administration. Sovereignty implies that individuals are equal among peers and are not administered by a central authority. This doesn't mean that individuals can suddenly issue themselves a new passport. Instead it means that individuals have control over how their personal data is shared and used. Moreover, individuals can now choose whether they would like to reveal their personal data and also which kind of data they would like to share in the event of a transaction or interaction. Through the use of cryptographic proofs SSI enables verifiability for all involved parties.

Heather Vescent<>
Co-Chair, Credentials Community Group @W3C<>
President, The Purple Tornado, Inc<>
Author, The Secret of Spies<> (Available Oct 2020)
Author, The Cyber Attack Survival Manual<> (revised, Dec 2020)
Author, A Comprehensive Guide to Self Sovereign Identity<>

@heathervescent<> | Film Futures<> | Medium<> | LinkedIn<> | Future of Security Updates<>

Received on Tuesday, 23 March 2021 21:53:50 UTC