We're excited to announce that Innosuisse has approved funding for our SACI Framework, supporting our new partnership with Bern University of Applied Sciences, Institute for Data Applications and Security. This collaboration will boost our digital identity management projects. Stay tuned for more innovations!
The Self-Asserted Certified Identity (SACI) framework represents a groundbreaking approach to digital identity management. It empowers individuals to generate and manage their own digital identities, with the added credibility of certification from trusted entities. SACI addresses the need for a more secure, private, and user-controlled identity ecosystem, challenging traditional, centralized identity management systems.
SACI is built on several core principles: user autonomy, allowing individuals full control over their identity; privacy, ensuring personal data is protected and shared only with consent; flexibility, supporting multiple identities and aliases for different contexts; and trust, facilitated through the certification of identities by recognized authorities, trusted organizations, or individuals.
Users create their self-asserted identities, which can be either self-certified or submitted for external certification to trusted Certificate Authorities (CAs), such as governmental bodies, private organizations, or individuals. This flexible dual-path certification approach ensures that identities are verified and accepted in various contexts. Once certified, these identities can be utilized across numerous platforms and services. Regardless of the chosen certification path, users maintain complete control over their identity, deciding what information to disclose and with whom it is shared.
To further enhance privacy and control, the SACI framework introduces the concept of an "Identity Alias." This feature allows Identity Owners to create an alias of their certified identity, which can be shared with Identity Processors. Using Zero-Knowledge Proofs (ZKP), Identity Processors can validate that the alias is linked to a certified identity without revealing the actual identity. This process ensures that the Identity Processor can trust the Alias Identity as much as they would the real identity.
Adding to this, the framework includes the role of Access Regulation Makers, who develop access regulations regarding the right to access certain types of information by Identity Processors. Depending on these regulations, Identity Owners might be advised against sharing specific types of information or may opt to share regardless. These access regulations are then incorporated into the Identity Owner's wallet, safeguarding their credentials.
Credential Escrow offers a solution for Identity Processors to store information in a location where the credentials will be accessible for a time, based on specific needs defined and agreed upon by the Identity Owner. This arrangement facilitates secure and time-bound access to credentials. Conversely, Identity Processors may also directly access the identity credentials stored in the Identity Owner's wallet, with access persisting until the Identity Owner revokes it.
The Identity Processor is an entity requiring access to identity credentials to provide services to the Identity Owner. They can access these credentials through Credential Escrow or directly from the Identity Owner's wallet, depending on the agreed terms.
Furthermore, the framework incorporates a Decentralized Authenticity Registry, where CAs can record their validation of an identity. This registry enables Identity Processors to verify the authenticity of credentials and the authorities that certified them. Depending on the needs of the Identity Processor, specific types of certification, such as those from government certification authorities, may be required.
This comprehensive approach not only ensures the secure and regulated sharing of identity credentials but also enhances the flexibility and control users have over their digital identities. It aligns with the evolving needs of digital interaction, providing a robust foundation for trust and authenticity in the digital realm.
The conceptual foundation of the Self-Asserted Certified Identity (SACI) framework draws significant inspiration from the Secure Sockets Layer (SSL) certification model, a cornerstone of secure internet communication. Much like SSL certificates enhance the trust and security of websites by verifying their authenticity through trusted Certificate Authorities (CAs), SACI reimagines this principle for the realm of digital identity management. This adaptation extends the SSL model's trust mechanism to the certification of personal and organizational identities, enabling users to assert their identities confidently in the digital space.
Crucially, SACI evolves beyond the SSL model by offering the flexibility of certification by one or multiple CAs. This multi-CA approach significantly reinforces trustability by allowing identities to be verified and certified according to the specific needs and standards of different contexts and jurisdictions. Whether for a single, specialized use case or for broad, cross-platform applications, SACI's adaptable certification process ensures that digital identities are robust, credible, and tailored to meet diverse requirements of trust and verification across the digital ecosystem.
Moreover, SACI introduces a revolutionary shift towards enhancing individual autonomy in digital identity management. Unlike traditional models that rely solely on external issuers for the establishment of trust, SACI empowers individuals with the option to self-certify their identities or choose among a variety of CAs for external certification. This approach significantly increases the freedom of the identity owner, aligning more closely with the original ethos of the Internet and its pioneers who envisioned a digital realm predicated on freedom, decentralization, and user empowerment. By embodying these principles, SACI offers a framework where individuals can navigate the digital world with greater autonomy, security, and confidence.
Implementation of the SACI framework involves the participation of various stakeholders, including technology providers for infrastructure support, Certificate Authorities for identity certification, and regulatory bodies for legal oversight. Together, these entities create a robust, secure, and flexible identity ecosystem.
The SACI framework is poised for evolution, with ongoing developments in blockchain technology, encryption standards, and regulatory practices shaping its trajectory. As digital identity becomes increasingly crucial in our online lives, SACI aims to offer a sustainable, user-centric solution to identity management challenges.