Compared to previous identity management systems (centralized, based in PKI, federated and user-centric), Self-Sovereign Identity Management Systems (SSI) introduces key benefits: 1) As identity information, and especially credentials, are not stored by a central Identity Provider, SSI reduces the risk of massive identity theft; 2) The SSI “Identity Provider” (the claim/credential issuer) does not intervene in the authentication process, and therefore has no information about the online user activity, reducing the “big brother” risk and GDPR compliance costs; 3)  SSI allows the user to decide which identity data to share, with whom, and with which limits and constraints for third parties, even using zero-knowledge proofs; and 4) even if SSI allows revocation of credentials, the base identity (the Decentralized ID or ID) cannot be suspended nor revoked except by the user, ending with “digital feudalism” business models, aligning identity management with GDPR principles. But we still need to identify the “real identity” of a DID subject, in a trustworthy manner, both to issue credentials and to consume them. Thus, we need to define governance frameworks for the usage of SSI in legally binding transactions, where social trust frameworks may not be acceptable in terms of liability or regulatory compliance (e.g. in KYC/AML environments), including the level of the verifiable credential, the DID level, the key management level and the DLT (Blockchain) level. In this discussion, trust anchors, well defined in identity trust frameworks, may be really helpful. Especially when based in a well-defined and tech-neutral Law… such as eIDAS Regulation.

Main goals of this speech:

• The role of trust frameworks and trust anchors in Self-Sovereign Identity systems.

• Using eIDAS identification means and qualified certificates to create verifiable claims.

• Using SSI VC as an eIDAS identification means.