What Is Self-Sovereign Identity (SSI)?
Self-sovereign identity (SSI) is a model in which individuals and organizations own and control their own digital identity and credentials directly, rather than renting that control from platforms, identity providers, or governments. It is the guiding principle behind decentralized identity.
The idea
In today's systems your identity is scattered across accounts you do not really control. Each provider can lock you out, change terms, mine your data, or disappear. SSI flips the model: you hold cryptographically signed verifiable credentials in your own wallet and present them peer to peer, so no single party sits between you and the services you use.
Christopher Allen's ten principles
The modern framing comes from Christopher Allen's 2016 essay The Path to Self-Sovereign Identity, which proposed ten principles: existence, control, access, transparency, persistence, portability, interoperability, consent, minimalization, and protection. In practice these reduce to three demands: the user must control the identity, the identity must be portable across providers, and disclosure must be minimized to only what a transaction needs.
How SSI works in practice
SSI is realized through the same building blocks as decentralized identity:
- Decentralized Identifiers (DIDs) the subject controls, defined by W3C DID Core.
- Verifiable Credentials issued, held, and presented within the issuer, holder, verifier trust triangle.
- Selective disclosure and zero-knowledge proofs to satisfy the minimalization principle: prove you are eligible without oversharing.
- Governance and trust registries so verifiers know which issuers to trust. The Trust over IP framework organizes this into technical and governance layers.
Where SSI meets the real world
The principles are now colliding with regulation and rollout. The EU's eIDAS 2.0 and EUDI Wallet put a state-issued wallet in every citizen's hands, mobile driver's licenses are shipping in phone wallets, and reusable identity verification is turning SSI from theory into a KYC cost saver. Track national schemes in the digital IDs directory.
The honest tradeoffs
SSI is powerful but not free. Wallet recovery, issuer governance, revocation, and getting verifiers to actually accept credentials are hard, unfinished problems. Adoption depends on network effects that are still forming. For most enterprises the near-term reality is hybrid: federated identity for existing SSO, decentralized credentials for reusable verification and portable proofs, stitched together by an identity fabric.
Where to start
Read what is decentralized identity for the architecture, the Verifiable Credentials standard for the data model, and browse the decentralized identity vendor directory to see who is building it.
Frequently asked questions
- What is self-sovereign identity?
- Self-sovereign identity (SSI) is a model in which individuals own and control their own digital credentials directly, storing them in a wallet and presenting them without asking permission from a central provider or platform.
- What is the difference between self-sovereign and decentralized identity?
- The terms are used almost interchangeably. Decentralized identity describes the architecture (DIDs, verifiable credentials, no central broker), while self-sovereign identity emphasizes the principle that the individual, not a platform, is in control.
- Who invented self-sovereign identity?
- The term was popularized by Christopher Allen in his 2016 essay The Path to Self-Sovereign Identity, which set out ten guiding principles that still shape the field.
- Does self-sovereign identity require blockchain?
- No. Early SSI systems often used a ledger to anchor identifiers, but the core W3C standards do not require one, and many current deployments use ledgerless DID methods such as did:web and did:key.