Self-sovereign identities (SSI)
SSI overview
Self-Sovereign Identities (SSI) is the underlying standard for the new E-ID in Switzerland and the EUDI in the European Union. The legal base is expected to be put into force in 2026/2027 and the technical standards are being finalized until this time.
Nevertheless, the concept of Self-Sovereign Identities is a game changer in how citizens, customers, and employees share data with authorities and companies. To allow customers to explore these new opportunities, we have implemented a functionally rich yet still simple solution for Self-Sovereign Identities in Airlock IAM.
Self-Sovereign Identities is an incubating feature. It has been implemented to support the technical standards as they have been released in Switzerland and the EU at the time of publication of the software release.
The implementation uses the official beta-test platform of Switzerland and therefore cannot be used for production purposes. Should you have a project that requires a production-grade platform, please contact us.
How it works
Self-Sovereign Identities (SSI) or Decentralized Identities (DCI) represent a new paradigm in identity management, placing the end-user in control of all personal data.
- The end-user, called a holder in SSI terminology, operates a wallet app on their mobile device. This wallet stores personal data, called verifiable credentials in SSI terminology, and it also implements the SSI protocol to interact with issuers and verifiers.
- Issuers are actors in the SSI system that provide the holder with verifiable credentials. Issuers are meant to be the authoritative source of information and to provide personal data attributes, called claims in SSI terminology, in a verifiable format.
- Verifiers are actors in the SSI system that request claims from holders. It is the holder's decision whether to approve this request and to provide the verifier with a verifiable presentation. If the request is approved, the verifier obtains the data and irrefutable proof about the issuer of the data.
A simple SSI use case would be a motor vehicle authority issuing a driver's license as a verifiable credential into the holder's wallet.
A policeman could ask for the presentation of the driver's license. If the holder accepts this request, the police officer's system will automatically verify that the license is valid, has not been tampered with, and that the issuer is considered trustworthy.
Available SSI flow steps
Step | Purpose | Flow type |
---|---|---|
SSI Authentication Step | Requires the user to present a verifiable presentation and extract one claim to match against the username in the IAM user persister. | Authentication |
Passwordless SSI Authentication Step | Same as the SSI Authentication Step but can be used without an additional user identifying step. | Authentication |
SSI Issuance Step | Offers the user a verifiable credential and delivers it into the wallet application. | Authentication, |
SSI Verification Step | Requests the user to provide verifiable presentations from the wallet and verifies those presentations. | Authentication, |
SSI Technology
The underlying technology for the Swiss implementation of the E-ID and the required trust infrastructure is documented here: SWIYU technical documentation
Known limitations
The following are known limitations of the SSI implementation:
- It is not possible to manage or create credential schemas or credentials definitions with Airlock IAM. If you have a project that requires this capability, please contact us.
- The trust infrastructure used is the E-ID public beta infrastructure and it is not permitted to be used with production data due to data privacy limitations.