Introducing Self-Sovereign Student ID
Part 1 of 2: Strong, flexible, digital student ID that’s not bound to your campus, network, or vendor.
Full Disclosure: The benefits discussed here apply to self-sovereign student ID generally and are not specific to any vendor or product, and do not result in vendor lock-in; any standards-compliant SSI tools for issuance, holding, and verification could deliver these results. I am the co-founder and CEO of Credential Master, and co-creator of the first self-sovereign student ID product, StudentPass.
TL;DR:
- Digital student ID: doesn’t exist yet for most students.
- Self-sovereign student ID is a breakthrough: students independently store verifiable data and strongly prove things about themselves anywhere, online or off.
- Many uses: strong, passwordless login, KBA-free call in, and cardless walk in authentication of students; granular, provable skills, competencies and achievements; secure peer-to-peer communication and interaction; fraud prevention; student-controlled privacy; digitally signed consent; more.
- Open standards: not tied to a specific vendor, usable outside the school’s network.
- Schools can start with self-sovereign student ID today, without waiting for collaboration with or agreement from other institutions.
- Part 2: ID is Only the Beginning
Note: This article assumes a basic understanding of the concepts of self-sovereign identity (SSI), especially W3C Verifiable Credentials (VCs). The technical specifics of how VCs are issued, revoked, held, verified, and trustworthy are covered extensively across the SSI industry. Basic VC mechanics can be found in my other post: How Verifiable Credentials Bridge Trust Domains.
Digital Student ID
For most students, digital student ID still doesn’t exist.
I’ve been asking experts in academia what comes to mind when I say “digital student ID,” and here is what I learned: other than login credentials for a student portal or a QR code on a card for elementary school students— which don’t count — a digital student ID still doesn’t exist, at least not for most students in most schools.
The first, still obscure attempts at what I would call real digital student ID have cropped up fairly recently, enabling students to prove their identity in multiple environments and granting them access to electronic systems, software, and even physical facilities. Apple has introduced their version of digital student ID that works exclusively with Apple software and devices, and various smaller companies have launched similarly proprietary software platforms with corresponding apps. Search “student ID” in the Apple or Google app stores and you’ll find dozens of similar offerings.
So why hasn’t digital student ID caught on? Because available offerings are tied to a single vendor, usable only in systems and facilities where that vendor is installed, and verifiable only by that vendor’s app. In Apple’s case it’s tied to their hardware, too. Even a homegrown digital student ID solution can be verified only by an associated homegrown app. It is vendor lock-in to the extreme, even if that ‘vendor’ is the school itself.
For a school to confidently roll out a more broadly useful digital student ID, it must be with technology that can traverse boundaries between vendors, both within the school’s network and external to it, such as when a student applies for aid. Such technology now exists, and it can do a heckuva lot more than ID.
Introducing a powerful new model for student ID: “self-sovereign” student ID.
Self-Sovereign Student ID
You may have heard of self-sovereign identity, or SSI¹. In this article I’ll explore how self-sovereign student ID can apply SSI capabilities and principles for students, faculty, and staff in an educational environment, primarily higher education.
I recognize that the term “self-sovereign” may not resonate as well with some in academia, which is often dominated by institutions preferring to expand their scope of control and influence, and likely perceiving self-sovereignty as a threat. However, it is the very act of giving greater control and independence to students that yields most of the benefits listed in this article, and counter intuitively, a closer, richer relationship between a school and its students.
What Is It?
The term “self-sovereign” is unfortunately not self-explanatory, but when properly understood should feel like a familiar analog to physical identity and credentials, which we already use in a self-sovereign manner well beyond the bounds of the organization that issued them to us.
In short, self-sovereign student ID gives students the ability to independently and securely store tamper-resistant, verifiable data related to themselves, and to prove things by privately sharing cryptographic (mathematical) proofs from that data, online or off. Importantly, it also enables students to securely, directly, and privately communicate and interact with the school.
Technically, the student has self-sovereign control over three² things:
- A standardized digital container, for holding verifiable data;
- Peer-to-peer connections between that container and the containers of other people, organizations, and things³;
- Verifiable Credentials (VCs) that the student accepts into their wallet and shares proofs of with others, when desired.
Today, that above-mentioned self-sovereign container is typically a standardized digital SSI “wallet”⁴ within a compliant app that the student can see and interact with on a smart device; eventually, wallets will be found anywhere digital things are stored and become part of the everyday life of people, organizations, and things, hidden and integrated into our devices and experiences in a way where we no longer notice or think of them.
One important point that will help readers better understand VCs, both in this document and generally: I believe VCs are misnamed, they are not always “credentials”; they are verifiable containers capable of transporting any data payload, which may or may not be typically considered a “credential.” This means that VCs held in a wallet are containers within a larger container, but this is a feature, not a bug; it is how physical goods are transported in meatspace and is very useful. (I’ve written about these points in greater detail here.)
Why Self-Sovereign?
Self-sovereignty implies giving students control over their data and how it’s shared. That may seem counter intuitive to the traditional academic notion of in loco parentis, but the truth is that it not only mirrors how physical student IDs work, it simplifies the IT integration work while expanding the possible use cases.
Importantly, an SSI-based student ID binds the school-issued (and verifiable) information in the ID to a student’s right to use it. Through this binding, students can prove, at their own discretion, that they are enrolled, taking classes, receiving or received grades (and what they are), earned a degree or other achievement, and so on. Giving these facts to students in digital form can make their lives easier, reducing friction and fraud for both students and the school. ID is only one of many VCs that will be issued to the student by the school for various uses.
And once the student has an SSI wallet, it’s not just the school that can now exchange VCs with them. The student might want to connect and exchange VCs with multiple schools, their church, their gym club, their favorite sandwich shop or other entities they interact with. You might think that sounds like an Apple or Samsung wallet, and it kinda does, except:
- SSI wallets are portable between vendors, devices, and device types (ie, move from an iPhone to an Android device and back again)
- VCs are portable between wallets
- VCs can hold any kind of data (ie, identity, location, degree, favorite pizza)
- VCs are cryptographically end-verifiable
- Holders can share only part of a VC, metadata about a VC, or just proof that they have one, without revealing anything else
- The protocols that make wallets and VCs portable and interoperable are open and standardized, not proprietary
And of course, Apple and Android wallets don’t enable persistent, encrypted connections with other people, organizations and things for secure peer-to-peer communication and interaction, but I’m getting ahead of myself…
A Thousand Uses
Self-sovereign student ID has many, many uses. I’ll attempt to organize the most obvious ones into six categories:
- Identity & Access
- Achievements, Skills, & Competencies
- The “Digital Experience”
- Privileges, Perks & Freebies
- Communication & Interaction
- Preventing Fraud & Phishing
The first category, Identity & Access, will be covered within Part 1 (this post) and is where I’ll delve the most deeply. I’ll cover the other five categories in Part 2.
Note: As mentioned above, it is outside the scope of this article to explain the basic mechanics of SSI and VC exchange, such as how the initial encrypted connections are offered and accepted, how VCs are offered and accepted using those connections, how VC proofs and verification occurs, or how those verifications can be trustworthy. Those subjects are covered amply by many other documents, papers, and websites throughout the SSI industry, and are the reason for the industry’s abundant standards activity. Refer to links at the beginning of this article for more information.
Identity & Access
The initial and primary use of self-sovereign student ID — and the gateway to limitless other uses — is as a strong, digital version of a student ID card, enabling students to instantly and strongly prove their identity and status as a student, online or off, without passwords, personal questions, or physical cards.
Password Replacement
Perhaps the simplest starting point for self-sovereign student ID is to replace passwords. Passwords have many known problems with both security and UX, and can be replaced with a quick ping to a student’s smartphone. The student responds with a tap, which cryptographically shares their school-issued ID, which is instantly verifiable by the school.
This is a big step-up in both security and user experience over passwords and can replace the hassle and expense of 2FA (2nd-factor authentication). See more about multi-factor authentication below.
For schools running CAS, Okta, or any ID system supportive of a “custom IDP” or “external authentication handler,” password replacement can be implemented quickly and without replacing or fundamentally altering the existing identity system.
Identity+
Self-sovereign student ID starts with a student-controlled wallet into which the school can issue VCs containing any kind of data, not just identity information. So typical student ID data — name, photo, ID number, etc. — can be supplemented with other information: classes registered for or taken, status and authority as a student leader, entitlements, permissions, preferences, allergies, relationships to other students, contact information, emergency contacts, family information, achievements (more on that below), and on and on.
Multi-Factor Authentication+ (MFA+)
The plus in MFA+ means the ability to exchange more factors than is feasible with current tech, while not impairing the user experience, and likely improving it.
Because shared secrets (something the student knows, like a username or password) are replaced with cryptographically secure, digitally signed VCs (something the student has, like a unique key), you can exchange much stronger credentials than passwords. Because they’re digital and easily shared, you can exchange more of them, even dozens. Biometrics and location can also be incorporated, either as payloads within VCs or in conjunction with them.
Because VCs can be exchanged actively or passively behind the scenes, they are useful within Zero Trust Architecture (ZTA). For higher-risk applications, multiple signatures can be required from multiple devices and/or multiple individuals. Combining MFA+, ZTA, and multi-device and multi-signature capabilities results in a formidable approach to protecting sensitive systems and facilities.
Vendor Independence
SSI is based on standards that enable tools from different vendors to be interoperable. This means that a school isn’t locked into a vendor and can replace them without reissuing IDs (try that with a traditional ID system). Students, faculty, and staff can choose from multiple wallets to store their credentials, which are portable if they later decide to switch. You might use one vendor to help issue student IDs, another to integrate with the student information system for registration and transcript data, and a third to verify student or staff status at the campus bookstore POS.
Use of student ID is no longer constrained digitally or physically by the boundaries of the school’s trust domain, or the presence of any particular vendor, removing what I believe is the #1 barrier for digital student ID adoption today.
Digital First, Then Physical
Self-sovereign student ID is digital first, but not digital only. With self-sovereign student ID you can have both digital and physical forms in several varieties.
A ‘smart’/chipped student ID card could hold an SSI wallet — note the irony of a physical card containing a wallet — with some of a student’s VCs. This greatly expands the types of credentials, entitlements, tickets or other items a student can carry and benefit from, and makes it harder for fraudsters to swap out names, photos, ID numbers, etc.
A student could also present a card or simply a paper with a QR code on it. Scanning the QR code could pull up a verified student ID, including a photo, either from a school-controlled database or from student-controlled storage. QR code-based verification could be restricted to authorized personnel, who could also be required to digitally prove their ID before gaining access.
Combining these capabilities, a school could issue a physical ID card with only three elements: a photo, a QR code, and an embedded chip— no name, no ID number, nothing else. If the chip and QR code worked as described above, even this extreme approach could be more useful than existing student ID cards while being more private for students and more difficult to hack for fraudsters.
Access+
Whether for accessing digital systems, physical facilities or events, self-sovereign student ID can begin to support digital versions of key cards, vouchers, receipts and more, all uniquely associated with the student. A VC can also be issued as a bearer instrument not associated with any individual, like a movie ticket or a coupon. Using geofencing, students could be passively authenticated when entering a secure area, of course subject to their consent to the practice.
Mutual Authentication
Because it enables a bi-directional exchange of VCs, self-sovereign student ID may be the first technology that enables students to authenticate schools as strongly as schools authenticate students, preventing impersonation and phishing.
User Experience
With self-sovereign student ID, the student can digitally present their ID and other entitlements and be authenticated more strongly, safely, and quickly than with usernames and passwords. This reduces the incidence of fraud, account take-over, and password reset requests, and removes the UX-killing friction of dealing with passwords.
Because the school maintains a secure, peer-to-peer connection with the student, it can use this connection to prompt the student for ID when the student calls in or walks in⁵. When calling in, this eliminates the need for knowledge-based authentication (KBA) questions (birthday, mother’s maiden name, etc.) and speeds up the call. When walking in, this eliminates the need to pull out a physical student ID (useful during a pandemic).
Whether calling in, walking in, or logging in, a student can feel recognized by the school rather than treated as a stranger at each interaction.
Privacy & Compliance
Today, when presenting a physical student ID card, the student divulges everything on it; there’s no way to present only part of it. With selective disclosure enabled by self-sovereign student ID, a student can share only the data required and nothing more, or prove something about their credentials without disclosing any of the data, or just prove that they have the required thing. Some examples are helpful:
- Prove status as a currently enrolled student, without revealing name, ID number, or other personal info
- Prove age is over a threshold, without revealing actual age or birthday
- Prove address on file is within a certain area, city, or building, without revealing the exact location
Selective disclosure is useful for many things, including voting, and can be used online or off. It affords whatever level of privacy the student desires, and satisfies both the spirit and the letter of aggressive privacy regulations such as GDPR and CCPA while remaining auditable for all interactions between students and the school. By minimizing the presentation of identity to only the attributes needed, selective disclosure curtails the unchecked growth in the ‘grey market’ of personal data, worth billions of dollars and growing.
And when data is shared, it is shared directly by the student with digitally signed evidence, a veritable get-out-of-jail free card in today’s PII-sensitive privacy climate.
Consolidation & Simplification
As it scales, federated ID has a tendency to grow into a complex, tangled web of identities, identifiers, vendors, integrations, synchronizations, and registries. Self-sovereign student ID can begin a process of consolidation around a coherent identity meta system, with a reduction in vendors (while reducing vendor lock-in), a reduction in identifiers, and an overall reduction in complexity, without consolidating around a single vendor.
That said, I’m taking the advice of my business partner, SSI pioneer Dr. Sam Smith, and avoiding diving into details about this topic within this piece. He is the better author for it anyway, as it quickly gets into a technical discussion about self-certifying identifiers, which SSI uses, versus administrative identifiers, which federated ID uses, which is his area of study and expertise. So, Sam can write a separate piece if there is sufficient interest. For readers having a pressing need related to this topic, please get in touch.
ID Is the Low-Hanging Fruit
For schools, ID may be the best place to start with VCs. There’s far less complexity than something like achievements, and no other entities need to be consulted before adopting a particular approach; a school catches what it pitches. Plus, the benefits can be broadly and quickly felt, and readily integrated into most IAM systems. And ID is a prerequisite for most other SSI or VC-based use cases; even if those feel more important or urgent, you usually need to begin by ensuring that you know with whom you are dealing.
If you read no further, this should already be apparent: though ID and Access may be only the beginning of what self-sovereign student ID can do, it is more than enough to justify serious consideration. For achievements and several other cool and interesting use cases, read Part 2.
If you’re not planning to read Part 2 and are wondering how to operationalize self-sovereign student ID, open Part 2 and skip down to “Where to Begin.”
¹ One of the earliest/best pieces about SSI, from Christopher Allen: http://www.lifewithalacrity.com/2016/04/the-path-to-self-soverereign-identity.html
² Technically there is a fourth thing a student controls: self-certifying identifiers provide the root of trust, the crypto magic that makes it possible to traverse trust domain boundaries, but they’re “deeper under the hood” and out of scope for this piece. You can learn more about self-certifying identifiers here, here, and here.
³ It’s technically agents that connect, not wallets.
⁴ In the context of student ID, a wallet in the student’s possession is the container that makes the most sense; for large data sets such as entire transcripts or medical data, or infrequently used data, or simply for backup, a student may employ a custodial storage solution in a blockchain or traditional database, while still retaining self-sovereign control over the stored data.
⁵ The Credit Union industry is beginning to deploy MemberPass, which uses this means to streamline incoming calls into service centers.
Special thanks to several helpful reviewers, editors, and contributors: John Phillips, Dr. Phil Windley, Phil Long, Scott Perry, Dr. Samuel Smith, Alan Davies, Taylor Kendal, and Matthew Hailstone.
