The real world is messy and unpredictable. Creating an identity system that is flexible enough to support the various ad hoc scenarios that the world presents us with can only be done using a decentralized system like Sovrin that allows multiple credentials from various authorities to be shared in the ways the scenario demands.
Earlier I wrote about the idea of multi-source identity that allows multiple authorities to make assertions about people, organizations, and things that can be verified. Multi-source identity becomes self-sovereign identity when the individual is able to control those assertions and use them in a privacy-preserving manner whenever and where ever they want.
Recently Joe Andrieu gave a presentation about the role of multiple assertions in a real-life situation—an automobile accident. As I listened, I thought it was an excellent example because it showed clearly the power of being able to bring multiple, independent credentials to bear in a situation that is complex and involves a number of parties.
Hopefully, you've never been in an automobile accident, but if you have you recognize that there are a number of credentials that play a role in a scenario that plays out over days or even weeks. The following diagram shows some of the credentials that would be used in the initial investigation following the accident.
In this scenario, two drivers, Alice and Bob, have had an accident. Fortunately, no one was hurt, but the highway patrol has come to the scene to make an accident report. Both Alice and Bob have a number of credentials in their digital wallets that they control that will be important in creating the report:
- Proof of insurance issued by their respective insurance companies
- Vehicle origination document issued by their vehicle's manufacturer
- Vehicle registration issued by the Department of Motor Vehicles (DMV)
- Driver's license issued by the Department of Public Safety (DPS) in Alice's case and the DMV in Bob's
In addition, the police officer has a badge from the Highway Patrol. Alice and Bob would make and sign statements. The police officer would create an accident report.
Typically each of these documents are paper, or at best PDFs, and they are exchanged, copied, and filed away. The thought of doing it all digitally conjures visions of complex, special-purpose software systems with uneven acceptance by the various players and jurisdictions.
Sovrin changes that by providing an open, decentralized system that supports the flexible exchange of standards-based verifiable credentials. Each of the credentials mentioned previously can be independently created by the appropriate issuer, held by Alice, Bob, and the Police Officer, and presented to any party who the holder desires. Alice would control her credentials and Bob his.
After the accident, Alice and Bob would use the Sovrin wallets on their phones to create a relationship. When the officer arrives on the scene, they will both also create a relationship with him. They can use these relationships to exchange information based on the credentials they each hold. Alice and Bob create statements about what happened. The Police Officer creates an accident report. These are also credentials that can be shared between the parties.
Later, Alice and Bob will share the accident report and information about the other driver with their respective inurance comopanies. The may enlist the services of mechanics and auto-body shops who will need to get information from the accident report and provide attestable statements about repair quotes and completion of repairs to the insurance companies.
The decentralized nature of the Sovrin Network allows all this information to be exchanged regardless of the fact that Alice and Bob are from different states that have different government organizations and structure. The exchange works regardless of the fact that Alice and Bob use different insurance companies. The exchange works regardless of whether they're in or out of their own state.
Because of the structure of Sovrin, the receiver of each credential can verify it hasn't been altered, that it is about the party who presented it, and was issued by a particular party. Standards ensure that each party can can issue their own credential and that others can understand it. Standards allow the exchange to happen without appeal to special-purpose software systems. Rather than building a special purpose "vehicle accident reporting system" and convincing all the players to participate in a closed ecosystem, the standards that enable self-sovereign identity allow each participant to work through an ad hoc scenario with finesse and sophistication.
This scenario gets even more interesting if the cars are connected and have an identity of their own. There may be data from the connected car that is relevant to the accident. For example, an accelerometer could have measured be data points before and during the accident that might be included in either Alice or Bob's statements or the Police Officer's accident report. In a Sovrin world, the vehicles can have agents and consume, hold, or generate verifiable credentials. But the vehicles' identity is owned and controlled by their owner (who might not be the driver involved in the accident). This adds a new dimension to the data that would be shared, but Sovrin's flexible structure makes it easy to include these new players in the scenario.
Real life is complicated and messy. The only hope we have of enabling digital interactions that mirrors activities in the physical world is with decentralized systems that allow each person, organization, or thing to act independently and autonomously. While multi-source identity can't repair you car for you, an open system that supports it like Sovrin can significantly reduce the friction in handling the many credential and data exchanges that follow any accident.
Photo Credit: Car crash scene cleanup effort, with police present from Tomwsulcer (CC0 1.0)