I once talked a lot with people who don’t have a feeling of affiliation with the state they are living in. This sometimes went so far, that they want to get rid of the passport and nationality for whatever reasons.

Luckily, you can’t get rid of your nationality passport if this would make you stateless as given by the UN. But there are people who are refugees who are not accepted by their state of nationality. For them, it is possible to get travel documents as of 1951 convention which are issued by a different country than the one of your nationality.

If there would not be some authority that issues trust in your documents, it would be the same as using self-signed certificates for your website. No one would trust you with your age and co.

The comparison holds in many ways, as can be seen with the travel documents. For the web, we have different Certificate Authorities, which provide trust in the system. There are only 9 CAs needed for >83% of web pages but the list of accepted root cas (included in ca-certificates) is quite long. But if you are in Germany, you don’t need a German CA, just any which is trusted works.

Basically, what is needed is to have an identity that is signed by a source of trust, which allows you to sign messages/contracts, makes sure that your identity is known and contains further parameters like your birthdate. It also makes sense to show only partial data, e.g. only the birthdate without the birthplace - having each property signed by the CA individually would make that possible.

Technically this is possible without blockchain. Just certificates and asymmetric cryptography. A decentralized approach to that happened before LetsEncrypts success with CaCert.org where you can get a S/MIME cert or browser certs by validation through other members, they are not trusted by major browsers and are very niche.

Self-sovereign Identity?

Yet all fancy people have a demand for SSI which somehow includes blockchain. But why should anyone trust this value. Anyone can write other data into the blockchain about you. A system where certificates are issued without a global storage of all identites seems much better for humanity than a global blockchain to store identities without any benefit. Of course, one can tie the financial identity, your wallet address, to your personal identity - but what for? Adding signed data by myself would be possible if the

Proofing that your age > x without showing the real age or other parameters is something where current cryptographic developments are needed, but for now, the whole concept of digital identities seems to go in a whole different way then inteded.

Digital Passport in Germany

The better approach to digital identities, comes when the government finally sees the demand and issues a digital identity for all citizens. This will be the case in Germany in a few years, as the new passport can be used as a smartcard or through NFC/RFID by the AusweisApp2. It can even be used to create qualified signatures on documents. Yet the support for this functionality is missing as most peoples in public service have not much experience with digital services and implementations are still missing.

Let’s see what the state of digital identites will be in 10 years and see if DID and SSI has helped somehow.