Introducing Self-Sovereign Student ID

Timothy Ruff
13 min readAug 15, 2020

--

Part 2 of 2: ID Is Only the Beginning.

Achievements, Skills, & Competencies

For many working with SSI and VCs, exchanging achievements is the top-of-mind use case. By achievements, I mean any kind: diplomas, degrees, certificates, skills, skill shapes, competencies, badges, milestones, grades, awards, commendations, micro-credentials, incremental achievements, and others.

Students will eventually share their achievements in pursuit of a job, but they also may want to transfer between schools, or reverse transfer credits from their current school to a former one. SSI and VCs are the ideal means of receiving achievements in a form where they can be readily shared again, and instantly trustable without a manual verification process.

But unlike student ID, broadly useful achievements exchange among schools and employers not only requires them to become capable of issuing, holding, and verifying VCs, it also requires them to come to agreement about how the data payload should be arranged. This will happen, but it’s gonna take awhile. Thankfully, there is significant and growing momentum toward precisely that.

For example, serious efforts are underway at the T3 Innovation Network, within the U.S. Chamber of Commerce, in developing Learning and Employment Records, or LERs. LERs are powered by the same VC standards and technologies that enable self-sovereign student ID, with the same issue, hold, verify model to/from an SSI wallet, which they call a “learner wallet” for simplicity. A learner wallet is the same as an SSI wallet, with one important addition: a learner wallet includes in its scope the capability for a student to store some VCs in a cloud-based container with a custodian, in place of or in addition to a personally held wallet, and retain self-sovereign control over them. This is useful with large data sets, infrequently used credentials, and as a backup, and is offered by the likes of ASU’s Trusted Learner Network and the Velocity Network Foundation.

An impressive piece was recently released that everyone interested in interoperable achievements should read, whether in the U.S. or abroad: Applying Self-sovereign Identity Principles To Interoperable Learning Records. The lead author of that piece, Kim Hamilton Duffy, also leads a group called the Digital Credentials Consortium (DCC). DCC includes 14 intrepid schools, including the likes of MIT and Harvard, developing interoperability of achievements that are literally carried by the achievers. They also see VCs as the basis for this interoperability, and are making exciting progress.

My conclusion: VCs are where “the puck is headed” for broad, even global academic interoperability, they are the containers referred to in these documents that can securely transport the achievement or LER “payload” between issuers and verifiers, via the achiever herself.

By using this same VC technology for student ID, a school does three critical things to lay the foundation for later exchanging achievements:

  1. It puts the tools necessary for exchanging achievements into schools’ and students’ hands.
  2. It gets schools familiar with working with VCs: issuing, verifying, and managing.
  3. It gets students familiar with using an SSI wallet: making connections, receiving VCs, sharing VCs, communicating, giving consent, etc.

After self-sovereign student ID is in place, issuing an achievement or LER to a student means simply clicking a different button (or two).

The “Digital Experience”

Education is increasingly engaged in digital transformation, from enrollment to instruction to achievement and employment. Through all the schools, programs and other experiences you might have, there is one thing that’s constant: you. You are the ideal courier of your own data whenever it’s useful to prove or qualify for something, if only you could receive your data, have a way to hold it and present it, and it was verifiable when presented. That is precisely what this technology does.

When you realize that self-sovereign student ID is simply a school-issued digital VC held inside a secure wallet capable of also storing verifiable achievements, and that wallet ideally belongs to the student and not the school, it becomes clear how it can become foundational to a lifetime digital learning experience for that learner. In this context, the “Digital Student ID” becomes a part of the digital experience rather than the whole of it.

This also ties into the future of work, where lifelong achievements can be accumulated by the student and later used to prove skills and competencies to prospective employers at a granular level, with the power of selective disclosure enabling strong privacy to avoid oversharing.

Taken together, this is direct application of the “Internet of Education” from the Learning Economy Foundation, a vision that is now feasible and with which self-sovereign student ID is aligned.

Privileges, Perks, & Freebies

Unlike typical digital credentials or even digital student ID, with self-sovereign student ID students can prove their ID and status anywhere, not just in school-approved or school-connected systems. This independence opens up the entire internet and the world itself, to embrace your school’s students as verifiably what they claim to be, and give them whatever benefits and privileges that status might conceivably afford. This could mean, at any non-school organization, online or off:

  • Formless onboarding & passwordless authentication at websites
  • Freebies, discounts and special deals anywhere
  • Access to students-only facilities and events from multiple schools
  • Access to special loans, grants, scholarships and more

Intuitively, the more benefits you can arrange for your students, the more they will want to become your students; with self-sovereign student ID, you can unlock more benefits than ever before.

Communication & Interaction

This category of capabilities is often overlooked in SSI, but I believe it could become the most used and beneficial class of capabilities that self-sovereign student ID enables. If you think about how much time we spend communicating versus how much time we spend authenticating, you’ll get where I’m coming from.

Before issuing a VC to a student, a direct connection must be established between the student’s chosen wallet and the school. This connection is unlike other connections the school may have with the student, and unlike the connections people have with each other; it is peer-to-peer, private, and encrypted end-to-end.

This connection between school and student isn’t ephemeral; it persists until either side breaks it, even for alumni who’ve long since left the school (useful for helping keep track of grads for annual IPEDS and other accreditation reporting), It is a new, private, digital relationship between school and student that enables interactions of many forms: messages, phone calls, video calls, file exchange, playing games, taking polls, voting, gathering permission or consent (digitally signed by the student), granting the school’s consent (digitally signed by the school), and more.

A bit like email, both your school and the student can use different services to help with your/their end of the connection. And these services are substitutable; there is no single vendor in the middle that is connecting both sides, as there is with popular messaging services today. If there were, then self-sovereign independence is lost and most of the benefits listed in this article along with it, replaced with dependence on that intermediary.

Using this capability, schools could do away with proprietary messaging systems they’ve installed to ensure FERPA-protected data, for example, is not shared incorrectly, and instead use a standards-based system that comes for free with self-sovereign student ID.

This communication channel must be respected and not overused, because either side can choose to break it; it’s not like email or a phone number where the other party can simply resume sending messages from another address or device. Reconnection can happen at any time, but both parties must opt in. I particularly love this aspect of SSI, because it is the beginning of the end to spam and phishing, and encourages considerate communications behavior on all sides.

Preventing Fraud & Phishing

Once issued to the student by the school, self-sovereign student ID helps prevent student-related fraud, including with student AID programs the student may apply for with outside organizations, such as government, scholarship programs, and others. Once these organizations realize they can receive cryptographic proof directly from the student, they can lessen their reliance on passwords, social security numbers, and other personal information, bringing us closer to a world devoid of identity theft, where having someone’s personal information — even their passwords — is no longer sufficient to impersonate them.

When a student applies and presents their VCs for verification, the benefits offeror, such as FAFSA in the U.S., can instantly and digitally verify, either remotely or in person, the student’s ID and status as a student, even when the organization isn’t connected to the school’s systems. Eventually, as VCs become more prevalent and the student acquires more VCs as they progress in their learner journey, they’ll be able to prove things like their citizenship or visitor status, high school diploma, GED, academic progress, and more, further preventing fraud and accelerating the process of applying for student aid.

Of course this use case requires the benefits offeror to gain the ability to verify VCs, which they could do tomorrow, but in reality may take awhile.

Phishing attempts to impersonate the school in communications with the student can also be detected and prevented, by sending school communications through the private SSI connection or by using it to validate communications sent via other means. And the school isn’t the only one fraudsters may try to impersonate: faculty, staff, tutors, proctors, authorized partners, service providers and more can be strongly and mutually authenticated by using this same capability.

Why Not Embed An SSI Wallet Into Your School’s Existing App?

We hear questions about “embedded wallets” a lot, and for good reason: your school has worked hard to get your official app into as many hands as possible, so adding functionality to it makes sense, whereas asking students to get another ‘app’ — even though an SSI wallet isn’t really an app — seems almost a non-starter.

Well, if a self-sovereign ‘wallet’ were just another app, and intended solely for interacting with your school, this sentiment would make perfect sense. But it isn’t, so it doesn’t, at least in the longer term. But it might in the short term.

We should unpack that a bit.

‘Wallet’ is a woefully inadequate term for what SSI is and does for a person; it is useful because it is an easy to understand metaphor for the most basic building blocks of SSI, but it is ultimately misleading, like mistaking the trunk of an elephant for a snake. SSI is more like a self-sovereign cockpit for consolidating all your relationships, not just your academic ones, and certainly not just one school. SSI consolidates, under your ultimate control, your connections, communications, interactions, agreements, preferences and data, even data not in your physical possession like medical data, which might be best physically stored with a healthcare provider or other custodian. Leaving all that in bespoke, embedded wallets from each provider brings you right back to the status quo, with your relationships, interactions, and data spread out and under the ultimate control of third parties, with all that entails: vendor lock-in; privacy, security, and compliance issues; ID theft; surveillance capitalism; duplicate relationships and data; etc.

Microsoft, Mastercard, IBM, Samsung, the US Credit Union industry and hundreds of others globally are now developing SSI/VC tech for use in many industries, so your school will soon not be the only entity offering SSI-powered benefits to your students, faculty and staff. Imagine if every organization embedded wallets into their own apps rather than working with an external one, or if every payment, ID, and loyalty card you carried required its own separate physical wallet… people would begin to get annoyed, to say the least, and prefer schools and organizations that made life easier, not harder.

All that said, an embedded wallet could be a reasonable tradeoff early on, when SSI is new and its first uses for your students may be limited to your school. So if you jump on self-sovereign student ID quickly as an early adopter, you could embed SSI/VC/wallet tech into your existing app, foregoing self-sovereignty for now without too much of a tradeoff, and still gain several of the key benefits mentioned. Then, as students, faculty, and staff begin to receive SSI connection requests and VC offers from their other relationships in life, and they start wanting to consolidate things, you can make moves toward greater self-sovereignty with less of a dilemma, counting on SSI’s standards-enabled portability.

What’s Ready Now?

What’s Ready

  • Code, Products, & Services — Open source code; VC-oriented products from Microsoft, Workday, IBM, and dozens of startups.
  • Compatibility With Existing Federated ID — CAS, Okta, Ping, ForgeRock, etc. for connecting with SAML, OAuth, OIDC and other federation protocols for passwordless login, KBA-free call-in, and cardless walk-in authentication.
  • Standards Work — W3C, Trust over IP Foundation, DIF
  • Custodial SolutionsTrusted Learner Network, Velocity Network Foundation
  • Broad Consensus About VCs — The Verifiable Credential is the only container I’m consistently seeing under consideration for transporting verifiable data between trust domains, which self-sovereign control and trust require, from academia to healthcare to finance and beyond.
  • Broad Consensus About Individual Control of Data — From academia to healthcare to Europe’s GDPR and the current disdain for big tech and surveillance capitalism, I see broad consensus that control over data must move more and more into the hands of individuals, even data not in their physical possession.
  • Momentum — Years of global open-source development and standards work for SSI; orgs large and small in many industries are actively participating in developing VC code, standards, use cases and business models; strong support from the T3 Innovation Network in the U.S. Chamber of Commerce.

What’s Not Ready (Yet)

  • User Experience — The SSI space knows the basics — issue, hold, and verify VCs — but does not yet have the UX figured out. Honestly, the existing SSI wallets I’ve seen are all still a bit clunky and confusing (even though it’s still a much better experience than passwords or answering personal questions), but they do work. Usability must be smoothed and complexity hidden, and access for the disabled, older devices, and more, has yet to be addressed.
  • Interoperability — Today, standards are ahead of implementations. All the players know the importance of interop but haven’t gotten there yet, though there are serious multi-org testing and development efforts underway to get it resolved. I like the alignment of incentives here: any vendor not interoperable with others will be left on its own technology island.
  • Communications — While these private, peer-to-peer connections can support any kind of communication, so far I’ve not seen anything other than simple messaging.
  • Passive Authentication — I look forward to the day when I can be authenticated by those I know and trust passively, by policy, by automatically sharing the appropriate proofs when prompted, without touching my device. As far as I know, only active authentication is now offered.
  • Embedded Agents in Door Access Readers — Another missing element is embedded SSI agents into NFC (or other tap technology) readers, to make door access compatible and performant.
  • Ancillary & Rainy Day Use Cases — Most new tech must first nail sunny day scenarios before tackling the rainy day ones. For example, VCs could be used for guardian relationships, children, pets, things, and complex organizational hierarchies, but those haven’t been done anywhere that I’m aware of. VCs could work off-line or from a QR code on a card or piece of paper, but no one has gone there yet either, to my knowledge.

Considering what’s ready today, what’s not ready, the long list of benefits for both schools and students, the fraud with existing credentials, and the possibility of eliminating existing costs (see next section), I think it adds up to a compelling case that self-sovereign student ID is ready for piloting.

That said, the pieces that enable self-sovereign student ID are nascent and only recently available; it is a new application of SSI that itself has only been around for about four years, and mostly in the lab and not much in production, though that is changing. Schools considering this in 2020 would be the first, which for those that prefer to lead rather than follow makes for a wonderful opportunity, especially during a pandemic.

Cue the Technology Adoption Lifecycle… welcome, Innovators!

Where to Begin

To get started with self-sovereign student ID, a school needs capabilities to issue and verify VCs, and students need wallets to hold them.

Code for simple issuance tools is available open source, more advanced tools are offered by various SSI service providers, and standards-compliant SSI wallets are available for free in both Apple and Google app stores. Verification is the tricky part, as it requires existing school systems to be adapted to accept VCs for authentication, and later for other purposes¹. Thankfully, some IAM systems commonly found in higher ed are adaptable now:

For schools running CAS, Okta, or any IAM system that facilitates an external Identity Provider, self-sovereign student ID can be integrated relatively painlessly, enabling students to immediately use it in place of passwords, and potentially eliminating the need for a dedicated 2FA provider. For contact centers running Salesforce Service Cloud, the StudentPass product that Credential Master is developing will integrate natively, enabling students to use their VCs to authenticate when calling in, without answering personal questions.

Of course, integrations can be made with any existing system. Better to start a new identity project with self-sovereign student ID, which can begin to consolidate systems and reduce complexity, than build another layer that may well add to it.

In Conclusion

For those interested primarily in achievements, ID is an “and” and not an “or,” and it should come first, as it lays a technical and familiarity foundation for achievements to be issued and quickly useful. Communications could come soon after ID, because it becomes available as soon as the first connection with a student is created.

Achievements will come later, after the necessary consensus among schools and employers has been sorted to establish semantic meaning and interoperability for exchanged data payloads. Then this model — of people receiving, controlling, and sharing their achievements in a digital, verifiable form — will become the norm, and the future of work will become the present.

Until that day, schools can leap right past proprietary digital ID solutions and go straight to self-sovereign, and reap all its benefits without having to wait for anyone else to agree to anything, giving students a modern digital experience they’ll love.

¹ Down the road, VCs could also be used for authorization, where granular-level permissions and entitlements are carried and presented by individuals, simplifying the administration of centralized policy-based access control and moving enforcement to the edge.

Special thanks to several helpful reviewers, editors, and contributors: John Phillips, Dr. Phil Windley, Phil Long, Scott Perry, Dr. Samuel Smith, Alan Davies, Taylor Kendal, and Matthew Hailstone.

--

--