I had a very interesting email conversation with a chap in Australia about Sovrin and the whole idea of self-sovereign identity. There was a particular element of the discussion which I thought worthwhile sharing.
His view was as follows:
Hmmm, interesting idea. But you still need other out of band systems to
link the DID to the licence then. You also will need a way to assert
someone has one and only one licence. For example, I go to the
Goverment TMR department. “Hi I want my licence”. Well, how do they now
assert if I already have one or not? They can not compel me to "provide"
the existing DID, so they would make me a new one, and I get another
licence. We need that out of band proof to create the identity such as
birth certificate, passport etc. This can then confirm I posses only a
single licence. But the point of this system is they wouldn’t keep a
copy of these, so no longer can they make such an assertion.
My response follows. I always find it useful to relate these sort of discussions to real world examples. In this case I used the common root of trust that is a driving licence issuer. While digging into this I found out how difficult it is to get a full licence in Australia, but that’s a different topic.
You are correct that you need a way to link the actual person to the DID. This is no different to current practices.
Think of how it works at the moment.
You go to the TMR to get your first ever license. In NSW, when you go to the test centre they ask you to take proof of identity such as your birth certificate or passport. This is the very first time anyone sees a real person during the licence application process. Lets say you don’t have a digital version of these at this point, just the physcial versions.
Someone there will look at your birth cert or passport and do some relatively rudimentary checks that it is you. It is obviously simple enough to cheat this process with a suitably well forged birth cert or passport, and that risk is generally accepted by anyone who relies just on a driving licence as proof of ID.
Once you’ve got your P1, and are ready to do your P2 test, you need to visit the test centre and this time you take your licence you obtained above, plus “proof of identity” which is the same birth cert or passport.
After 24 months, of having your P2 you can get your full licence. You do this by booking a test, and turning up with the licence as above, plus proof of identity in the form of the same birth cert or passport. If you pass, your licence is upgraded to a full licence.
So, your driving licence, which is then a root of trust for so many other identity transactions like opening a bank account etc etc, is based on the provision of a piece of paper at a driving test centre.
Obviously this approach is not infallible, but it serves as state of the art at the moment.
So lets say in a Sovrin scenario, you’d be doing exactly the same thing. You provide a paper passport/birth cert at each stage of the process. But in addition, once you do the first verification at the test centre they write a claim to your Sovrin persona using a DID you’ve provided to TMR for this purpose. This is a pairwise DID between you and the TMR. The claim says “William has applied for a P1 and I’ve seen and verified his birth cert/passport” or suchlike. The level of “certainty” that you are you has not changed. What has changed is that you have a new digital way of presenting that P1 licence to someone else, rather than just having the physical version of it.
The TMR still retain records of your progress - nothing changes as they are the “master” record holder.
When you return for your P2, you could present your Sovrin claim (which only you can present, that can only have been issued by them, and only to you) as the driving licence proof, plus you can present your paper passport and birth cert if they really need it (but you have proof they verified it previously). When you pass your P2, they can issue you with the updated physical driving licence and also an electronic version as an additional Sovrin claim to your DID that you have shared with them. You’d use the same DID as first time here as you’ve presented your P1 proof which was written to that DID.
And when you get your full licence, they give you a physical version of that plus an electronic version as another claim for that DID.
So now you’ve got 3 digital claims (P1, P2 and full), written by the TMR, who have had to go through certain checks in meatspace that you are you.
Assuming a relying party trusts TMR, you can now use any of those claims to prove digitally who you are to that relying party. This is no different to you providing a physical driving licence - the relying party trusts the TMR as the issuer so accepts it.
So Sovrin does not replace the need for a meatspace identity check. What it does is enable digital representations of identity proofs to be accumulated and used. In more complex ID checks where multiple issuers are required (e.g. driving licence, 2 proofs of address from different utility companies), being able to provide those proofs digitally, with the relying party able to verify them digitally, will be much more effective, cheap and simple than the paper-based approaches currently used.
Ideally in the driving licence example above, you’d go along with a digital version of your passport/birth cert as well, which would make things much easier.
On cost savings, some banks use document verification processes to verify (though not perfect degrees of accuracy) a photo of a driving licence in an effort to digitise the application process. These checks can cost upwards of £2/time here in the UK. It’s a sticking plaster covering the problem of having no way to present a digital version of your driving licence and have it verified digitally. My reference to “near zero cost” referred to the potential to do away with such 3rd party checks because the bank can carry out the validity check on the digital proof themselves in real time with very little effort (it’s just a Sovrin lookup).
So nobody is saying that the driving licence authority no longer needs to keep a record of who has a driving licence. Sovrin simply enables them to provide drivers with a digital version which can then be used elsewhere for digital interactions, allowing any relying party to confirm its authenticity.
It also allows that relying party to throw away that data once they have checked it, as they can always ask for it again from the identity owner at any time (and the identity owner’s agent will most likely provide it as long as the link contract between both parties is still in force). In this way the relying party can minimise their internal data storage while being highly confident that the identity owner is presenting valid credentials.