Can LESS be more?


My ideal is for each to do what he knows and what he can ~ Apollonius of Tyana

Self-Sovereign Identity (SSI) is a term that invokes a variety of emotions. Is it a technology, a standard or a movement? Or does the term not matter?

I am writing this as the whole world is at a standstill due to the Coronavirus COVID-19 pandemic, and the Johns Hopkins University Coronavirus COVID-19 Global Cases Map is currently showing the horrifying global number of 1,754,457 confirmed cases and 107,520 deaths.

I choose to believe that we will get thru this, but also that our future will be shaped profoundly by our globally shared experience of physical distancing combined with the increased comfort with and expectations of entirely digital person-to-person, person-to-group, person-to-organization and organization-to-person interactions. This is a place where the ideals of SSI need to inform the implementation and delivery of pragmatic solutions for the common good.

First, in reading the discussions regarding the concepts and foundations of SSI and depending on who you are speaking with, there appears to be a desire to bucket them into two tracks - LESS (Legally Enabled Self-Sovereign) Identity and Trustless Identity.

LESS IdentityTrustless Identity
  • Minimum Disclosure
  • Full Control
  • Necessary Proofs
  • Legally-Enabled
  • Anonymity
  • Web of Trust
  • Censorship Resistance
  • Defend Human Rights vs. Powerful Actors

This naturally supports the human desire for creating pro-and-con listings, but because it is framed as a choice, it makes you miss options. I would urge you to reject this narrow framing by thinking “AND not OR” i.e. It is entirely possible to ensure that the ideals of Trustless Identity be implemented using the pragmatism of LESS Identity by combining thoughtful, careful design and architecture with technologies that are open, standards based and community driven.

Second, the implementation of SSI/LESS/Trustless solutions are based on a core set of standards and specifications, the most important of them being the “Verifiable Credentials (VC) Data Model” and “Decentralized Identifiers (DIDs)”. Both are managed by the World Wide Web Consortium (W3C), the global standards development organization led by the inventor of the web, Sir Tim Berners-Lee.

Finally, this is where the rubber needs to meet the road as we get to the other side of this pandemic. In our lives right now, we are seeing a variety of situations playing out that may continue post-pandemic where digital credentials are going to play an increasingly critical role.

  • Education moving entirely online with teachers and students needing to be credentialed
  • Increased use of tele-medicine with the need to verify the credentials of doctors and their ability to “write” digital prescriptions
  • Employers seeking global work from home talent where potential employees need to provide digital credentials of their qualifications and job experiences
  • Essential travel certification of those who are part of critical supply chains

The traditional technical and usability pain point here has been around ‘consent based attribute aggregation’. For those who understand whereof I speak, I would urge you to look in depth into how the combination of a digital wallet under the control of a Holder with open APIs that can store multiple credentials can use the Verifiable Credential Presentation mechanism to provide a relatively straight forward solution to this traditionally hard problem.

I will close by noting that in this new era, humans being human, there will continue to be those who try to take advantage of the situation to their benefit, whether that be entrenched global technology platforms who use the pandemic as an opportunity to launder their reputation while seeking to increase their market share, or other state or non-state actors pursuing more nefarious ends.

"Your papers, please" (or "Papers, please") is an expression or trope associated with police state functionaries, as popularized in Hollywood movies featuring Nazi Party officials demanding identification from citizens during random stops or at checkpoints. It is a cultural metaphor for life in a police state.


What is important to realize is that, there exists at this time a clear opportunity to use this secure and privacy-respecting technology to address challenges in a manner that is viable from a business perspective, while serving the common good. Are you ready?

cyberforge: random and relevant

 Tweet  Share  Email

Get the best cybersecurity research, resources and insights to help secure and safeguard the digital world.
No Charge. No Spam. Unsubscribe Anytime.