Self-Sovereign Identity (SSI) Patterns

Self-Sovereign Identity (SSI) patterns focus on the design of blockchain-based SSI applications. As can be seen from the following figure, we present the patterns in 3 groups: key management, DID (Decentralised Identifier Documents) management, and credential design. The patterns aim to make better use of 3 main objects in self-sovereign identity – key, DID, and identity credential, by understanding their use in different stages of the lifecycles. Figure 1 shows an overview of the patterns. Figure 2 gives a glimpse of the relations between the patterns.

 

Lifecycles of self-sovereign identity patterns

Figure 1: Lifecycles of self-sovereign identity patterns

 

Self-sovereign identity pattern relation overview

Figure 2: Self-sovereign identity pattern relation overview

 

  • Key management patterns
    • Master and Sub Key Generation – Each party has a master key for managing a set of sub-keys that are used for signing transactions for different identity accounts
    • Hot and Cold Wallet Storage – A party maintains keys in 2 wallets, one to store frequently used keys and another to store infrequently used keys.
    • Key Shards – Split a key into several different pieces and restored using enough pieces
  • Decentralised Identifier Documents management patterns
    • Identifier Registry – Use a registry to maintain bindings between an identifier and the address of an identity attribute (e.g., name and profile picture of a party)
    • Multiple Registration – A party registers a unique identifier for each relationship (i.e., every identity) it has.
    • Blockchain and Social Media Account Pair – Establish a bidirectional binding between social media profile and blockchain-based identity
    • Dual Resolution – Parties engaged in a mutual interaction acquire each other’s decentralised identifier documents to access information necessary for verification and communication
    • Delegate List – Each party maintains a list of delegates that can help him/her to recover an identity
  • Credential design patterns
    • Selective Content Generation – Generates a customised credential according to the holder’s specific requirement for credential attributes/contents
    • Time-Constrained Access – A credential holder can share a link to the verifier that is used to access the credential only within the specified time window
    • One-Off Access – A credential holder can share a link to the verifier that is used to access the credential only once
    • Blockchain Anchor – Instead of storing everything on-chain, one can periodically record the hash value of off-chain data on the blockchain