Sovrin Network for Decentralized Digital Identity:
Analysing a Self-Sovereign Identity System Based
on Distributed Ledger Technology
2021 IEEE International Symposium on Systems Engineering (ISSE) | 978-1-6654-3168-2/21/$31.00 ©2021 IEEE | DOI: 10.1109/ISSE51541.2021.9582551
Nitin Naik1 and Paul Jenkins2
1
School of Informatics and Digital Engineering, Aston University, United Kingdom
2
Cardiff School of Technologies, Cardiff Metropolitan University, United Kingdom
Email: n.naik1@aston.ac.uk and pjenkins2@cardiffmet.ac.uk
Abstract—Digital identity is the key to the evolving digital
society and economy. Since the inception of digital identity,
numerous Identity Management (IDM) systems have been devel-
oped to manage digital identity depending on the requirements
of the individual and that of organisations. This evolution of
IDM systems has provided an incremental process leading to the
granting of control of identity ownership and personal data to
its user, thus producing an IDM which is more user-centric with
enhanced security and privacy. A recently promising IDM known
as Self-Sovereign Identity (SSI) has the potential to provide this
sovereignty to the identity owner. The Sovrin Network is an
emerging SSI service utility enabling self-sovereign identity for
all, therefore, its assessment has to be carefully considered with
reference to its architecture, working, functionality, strengths
and limitations. This paper presents an analysis of the Sovrin
Network based on aforementioned features. Firstly, it presents the
architecture and components of the Sovrin Network. Secondly,
it illustrates the working of the Sovrin Network and performs a
detailed analysis of its various functionalities and metrics. Finally,
based on the detailed analysis, it presents the strengths and
limitations of the Sovrin Network.
Index Terms—Self-Sovereign Identity; SSI; Identity Manage-
ment System; IDM; Decentralized Digital Identity; DDID; Sovrin
Network; Decentralized IDentifier; DID; Verifiable Credential;
VC; Distributed Ledger; Blockchain; Hyperledger Indy; User-
Centric Identity.
I. I NTRODUCTION
Digital identity is the gateway to the digital world for a
person, organization, or device. It is a set of attributes used
to identify a particular person, organization, or device in the
digital world. Since the inception of digital identity, numerous
Identity Management (IDM) systems have been proposed to
manage digital identity depending on the requirements of the
individual and that of organisations [1], [2]. This gradual
evolution of various IDM systems incrementally tended to-
wards granting the control of the ownership of the identity
and personal data to its user, making it more user-centric
with enhanced security and privacy [3]. The recently emerging
Self-Sovereign Identity (SSI) model of IDM has the potential
to provide this sovereignty to the identity owner [4]. Self-
sovereign identity is a sovereign, enduring and portable digital
identity for any person, organization, or device that does not
978-1-6654-3168-2/21/$31.00 ©2021
Authorized licensed use limited to: InstitutIEEE
Teknologi Sepuluh Nopember. Downloaded on April 03,2024 at 12:58:44 UTC from IEEE Xplore. Restrictions apply.
depend on any centralized authority (i.e., it is a decentralized
identity) and can never be taken away [5].
The Sovrin Network is the new SSI standard for digital iden-
tity, providing sovereign and Decentralized Digital Identity
(DDID) to users, organisations, and devices [6]. The Sovrin
Foundation provides the business, legal, and technical support
for the Sovrin Network and is responsible for ensuring the
Sovrin identity system is public and globally accessible [7].
The Sovrin Network provides the sovereign control of the
identity and personal data to the identity owner with robust
security through underlying blockchain technology and privacy
through the governance model [8]. It is built on the Hyper-
ledger Indy framework which is an open-source distributed
ledger, purpose-built for decentralized identity [9]. Sovrin is
a specific instantiation of Hyperledger Indy which is a public
permissioned distributed ledger. In the Sovrin Network, all
identity related operations are governed through the Sovrin
Governance Framework (SGF), which is developed by the
Sovrin Governance Framework Working Group (SGFWG)
[10]. Unlike public permissionless blockchain where anyone
can operate nodes, the Sovrin Network is based on public
permissioned ledger, therefore, not everyone can operate the
nodes and only trusted institutions called Stewards who abide
by the SGF can operate nodes while participating in the con-
sensus process [11]. Identity users can securely publish their
identity including transfer their credentials, sign transactions
and control their keys and data in a secure peer-to-peer model.
The Sovrin Network is an emerging public service utility
enabling self-sovereign identity for all; therefore, caution is
required when considering its assessment with reference to its
architecture, working, functionality, strengths and limitations.
This paper presents a detailed analysis of the Sovrin Network
based on these features. Firstly, it presents the architecture
and components of the Sovrin Network. Secondly, it illustrates
the working of the Sovrin Network and performs a detailed
analysis of its various functionalities and metrics. Finally,
based on the detailed analysis, it presents the strengths and
limitations of the Sovrin Network.
The rest of the paper is structured as follows: Section II
describes about self-sovereign identity. Section III describes
about the Sovrin Network. Section IV explains the architecture
and various components of the Sovrin Network. Section V
illustrates the working of the Sovrin Network and performs
a detailed analysis of its various functionalities and metrics.
Section VI presents strengths and limitations of the Sovrin
Network for digital identity. Section VII presents the summary
of the paper and related future work.
II. BACKGROUND : S ELF -S OVEREIGN I DENTITY (SSI)
Self-sovereign identity (SSI) is a standard framework used
in digital identity for providing sovereignty with respect to the
digital identity and personal data [12]. In other words, self-
sovereign identity is a sovereign, enduring, decentralized, and
portable digital identity for any real world entity, that enables
its owner to obtain various services in the digital world in a
secure, privacy-protected, trusted and self-governed way [5].
SSI is enhancing the internet ideology of greater sovereignty
in identity management and access control arenas, by offering
greater freedom and personal autonomy to identity owners.
This sovereignty includes all aspects and activities related to
their identity and personal data, wherein identity owners store
their personal data in digital wallets at their own devices. This
decentralization process is implemented through the use of
blockchain technology, which enables the SSI system to permit
users to perform operations independently through the use of
technology without requiring the need or approval from any
central authority or service provider. Every individual holding
an identity in the SSI system, is in complete control of this
identity, thus, it is named as self-sovereign identity [12].
SSI not only empowers identity owners, but also makes the
identity management process very efficient and less onerous
for organisations. It accomplishes this by permitting identity
owners to store personal data on their own device, allowing
organisations to minimise their various data management is-
sues related to storage, cost, security, privacy and bureaucracy
[13]. For example, any breach, loss or theft of personal data
may result in significant lawsuits and fines for an organisation
[13]. Therefore, minimising data management activities and
focusing on the essential identity management tasks, increases
the efficiency of overall processes of issuing and verifying
identity [14].
There are three key roles in the SSI ecosystem Issuer,
Holder and Verifier as shown in Fig. 1. An issuer is a trusted
entity who issues credentials to holders. A holder owns an
identity and obtains desired credentials from the issuer, holds
in their digital wallet and presents it to the verifier for its
verification as and when required. A verifier is normally a
service provider who requests credentials from a holder and
verifies this through a blockchain enabled trust relationship
between the issuer and verifier. There are three main pillars
of SSI: a blockchain, Decentralized IDentifier (DID) and
Verifiable Credential (VC).
A blockchain or distributed ledger is used to establish a
trust relationship in the identity management process without
requiring any trusted third party to establish the trust relation-
ship as was the case in previous identity management systems.
Authorized licensed use limited to: Institut Teknologi Sepuluh Nopember. Downloaded on April 03,2024 at 12:58:44 UTC from IEEE Xplore. Restrictions apply.
Fig. 1. Self-Sovereign Identity Ecosystem
A Decentralized IDentifier (DID) is the core component of the
SSI framework, which is a permanent, universally unique iden-
tifier linked to an identity that can be created independently of
any organisation or service provider with full control given to
its owner [15], [16]. A Verifiable Credential (VC) is a tamper-
evident and privacy-preserving credential made by an issuer
[13]. This verifiable credential is linked with the DID of an
identity owner [15]. The validity of the issuer can be verified
by their digital signature and the authenticity of the issuer’s
digital signature can further be verified through the issuer’s
public DID on the blockchain [13].
III. T HE S OVRIN N ETWORK
The Sovrin Network is an open-source framework for de-
livering a sovereign and decentralized digital identity to users,
which is managed by the Sovrin Foundation. The Sovrin Foun-
dation is a non-profit organisation that provides the business,
legal, and technical support for the Sovrin Network [7]. It is
built on Hyperledger Indy framework which has a complete set
of open-source specifications, terminology, and design patterns
that allow for the development of decentralized digital identity
solutions. [9]. The Sovrin Network is a specific instantiation of
Hyperledger Indy which is a public permissioned distributed
ledger. In addition to the core blockchain Hyperledger Indy,
some other Hyperledger libraries such as Aries and Ursa
are used for providing various functionalities. Hyperledger
Aries is used to provide verifiable digital credentials and
Hyperledger Ursa to provide a shared cryptographic library.
As it is a permissioned blockchain, only trusted institutions
called Stewards can operate nodes while participating in the
consensus process and abiding by the Sovrin Governance
Framework (SGF) [11]. Utilising this network, users can
securely publish their identity including transfer their creden-
tials, sign transactions and control their keys and data in a
secure peer-to-peer model. In the Sovrin Network, all identity
related operations are governed through the SGF, which is
developed by the Sovrin Governance Framework Working
Group (SGFWG) [10].
In the Sovrin Network, a digital identity is created util-
ising a standard called Decentralized IDentifier (DID) for
users, organisations, and other resources. It permits Verifiable
Credentials (VCs) associated with an identity to be privately
issued, controlled, managed, and shared using a security
standard called Zero Knowledge Proofs (ZKPs) [11]. The ZKP
is a cryptographic method for creating anonymous credentials

Fig. 2. Architecture of the Sovrin Network
to maintain user’s identity as anonymous [17]. The Sovrin
Network allows users to create several identities to maintain
contextual separation for privacy purposes, where each identity
has its own pair of private and public keys. A user determines
what type of attributes they want to associate with their
identity. These identity owners can prove information about
themselves to anyone through secure peer-to-peer communi-
cation, using data that the other party can automatically cryp-
tographically verify as being true. The identity is completely
owned by the owner of that identity and all identity related
personal and confidential data is held by the owner in their
digital wallet on the edge or cloud. The identity is managed
either by the user or by a user’s appointed guardian service.
The key distribution, verification, and recovery is based on
the Decentralized Key Management System (DKMS) standard,
which is an approach to cryptographic key management where
there is no central authority.
IV. A RCHITECTURE OF THE S OVRIN N ETWORK
The Sovrin Network architecture can be divided into four
layers explaining its various components and functionalities.
The layers are the: ledger layer, agent layer, credential ex-
change layer and governance layer [11].
A. Ledger Layer
This layer runs on a blockchain and the underlying dis-
tributed ledger is Hyperledger Indy, which is open-source and
particularly designed to support identity related transactions.
The Sovrin ledger is used to maintain the records of different
types of identity related transactions. This ledger is publicly
readable and writable so that anyone can access it without
an intermediary. However, the ledger is permissioned, all
the ledger operations are performed in accordance with the
Sovrin Governance Framework. The ledger is inexpensive to
operate as transaction validation on the ledger is performed by
known entities under proof-of-authority, making ledger access
Authorized licensed use limited to: Institut Teknologi Sepuluh Nopember. Downloaded on April 03,2024 at 12:58:44 UTC from IEEE Xplore. Restrictions apply.
sufficiently inexpensive to support the mission of establishing
Identity for All (I4A) [17].
The Sovrin Network does not require storage of any per-
sonal identifying information in any form on the ledger. The
ledger simply stores credential definitions, decentralized iden-
tifiers (DIDs) for issuers, schema definitions, and revocation
registries [18]. These critical objects are stored on the ledger
to avoid a single point of failure in the Sovrin Network and
offer the blockchain security for digital identity. Objects are
created by transaction authors and added to the ledger by
Stewards acting as transaction validators. The Sovrin Network
is public and anyone can be a transaction author; however, it is
permissioned and only organisations that function as Stewards
can validate the transactions by enabling proof-of-authority
consensus. Validation is done using a modified Redundant
Byzantine Fault Tolerance (RBFT) algorithm implemented as
Indy Plenum [19].
The Sovrin ledger consists of several subledgers: the config
ledger, node ledger, domain/main ledger, and payment ledger
[19]. Only the domain ledger and payment ledger accept
publicly available transaction types. The Sovrin Network con-
sists of server nodes located around the world hosted and
administered by a diverse group of trusted entities called
Stewards. Each node contains a copy of the ledger, a record
of publicly accessed information needed to verify the validity
of credentials issued within the network. A node can either be
a validator node or an observer node however, it can only act
one at a time.
B. Agent Layer
This layer is concerned with the peer-to-peer connection
between two entities or identity owners through the use of
agents. An agent is a program required for an identity owner
or any other participating entity to interact with each other
in the Sovrin Network. Agents work on the basis of a peer-
to-peer model and share DID and other credentials with
each other [18]. They do not require access to blockchain
and communicate thorough signed and encrypted DIDComm
messages. Agents utilise the DIDComm protocol as defined
in an open and public process inside the Hyperledger Aries
project [17]. Sovrin entities or identity owners normally have
at least two agents, one on their device and one in the
cloud [17]. If an entity or identity owner has more than one
device, then each device could have an agent installed on it.
Each agent accesses the wallet and performs cryptographic
functions for that entity. A wallet securely keeps and retrieves
cryptographic key material, private keys, link secrets, and other
personal and confidential data related to any entity.
There are two types of agents in the Sovrin Network: edge
agent and cloud agent. The edge agent is hosted on the user’s
device (edge of the network) such as mobiles, tablets or
laptops, and always operates locally. The cloud agent can be
hosted on the cloud directly by identity owners or hosted on
behalf of them by third parties known as Agencies. The edge
agent communicates with the cloud agent that runs perpetually
and offers a store and forward service to route requests to and
from the edge agent.
C. Credential Exchange Layer
This layer deals with an issuance, holding and verification
of credentials involving the three key roles an issuer, holder
and verifier. It determines how the issuer issues credentials
to the credential holder, how the credential verifier requests
information from the credential holder, and how the credential
holder presents a proof of information from their credentials
that the verifier can trust [17]. The credentials are defined
by their issuer using a credential definition, which links the
public DID of the issuer, the schema for the credential, and a
revocation registry for the credential. The credential definition,
public DID, schema, and revocation registry are all stored on
a distributed ledger that is used for decentralized discovery on
the Sovrin Network [17].
Each credential holder or identity owner has a digital wallet
holding credentials containing certain information about that
holder or identity owner, where the digital wallet is an app
running on a smartphone, tablet, desktop, or other local device.
The verifier verifies the holder’s credential by checking the
issuer’s public key from the Sovrin ledger and uses it to verify
the issuer’s digital signature on the credential. A credential
holder can share information from multiple credentials with
minimal disclosure about their identity using Zero Knowledge
Proofs (ZKPs) [11]. The ZKP is a cryptographic technique
that allows a holder to share minimum information from their
credentials to prove a statement from the holder to the verifier
without revealing their identity or any additional information
that is not required by the verifier [17]. A holder can hold the
credential of another natural person (e.g., when acting as a
Guardian) or of a business (e.g., when acting as a Credential
Registry). Holders or identity owners can exchange credentials
completely off-chain in peer-to-peer interactions through the
Sovrin Network without interacting directly with the Sovrin
ledger.
D. Governance Layer
The Sovrin Network is decentralized in the sense that no
central administrative authority or service provider completely
controls the network, however, it is governed through the
Sovrin Governance Framework (SGF) by the society com-
prising of trustworthy members [17]. This SGF is developed
and updated by the Sovrin Governance Framework Working
Group (SGFWG) [10]. This governance framework is required
to establish trust in the Sovrin Network as a global identity
network. Furthermore, the SGF is required to achieve the
identity related governmental and jurisdictional requirements
for data security, privacy, protection, and portability, while at
the same time preventing censorship and ensuring individual
sovereignty over the sharing of identity data [17].
V. W ORKING AND A NALYSIS OF THE S OVRIN N ETWORK
This section will present the working of the Sovrin Network
and perform a detailed analysis of its various functionalities
and metrics.
Authorized licensed use limited to: Institut Teknologi Sepuluh Nopember. Downloaded on April 03,2024 at 12:58:44 UTC from IEEE Xplore. Restrictions apply.
A. Working of the Sovrin Network
In the Sovrin Network, identity holders, credential issuers
and verifiers access various identity related services using
agents. The agents are generally a simple mobile app and
responsible for holding and processing credentials on the
Sovrin Network [20]. Furthermore, they can perform identity
transactions on behalf of the identity owner and exchange
information directly with other agents with secure encrypted
peer-to-peer connections. The edge agent accesses the edge
wallet for the required confidential information and keys to
process any identity related request. Here the identity holder’s
actual proof of their credential is privately transmitted to a val-
idator, and only public identifiers of an issuer are anchored on
the ledger [20]. The edge agent may not be a persistent agent
and does not have service endpoint information to manage
with other agents therefore, it communicates with the cloud
agent that is a persistent agent and holds service endpoint
information to manage other agents. The cloud agent accesses
its own cloud wallet for required confidential information and
keys to process the identity related request. It simply offers
a store and forward service to route requests to and from the
edge agent. The two cloud agents can securely communicate
with each other issuing and verifying distributed identity
without accessing the distributed ledger. Any developer can
develop an agent based on some specific instructions and code
provided by Sovrin [20].
The Sovrin Network consists of server nodes located around
the world, hosted and administered by a diverse group of
trusted entities called Stewards [20]. Each node contains a
copy of the ledger, a record of publicly accessed information
needed to verify the validity of credentials issued within the
network. Authorised users (e.g. Stewards) can write transac-
tions to the appropriate ledger based on the guidelines given in
the Sovrin Governance Framework. Stewards cross reference
each transaction to assure consistency in whatever information
is written on the ledger and in what order, by employing a
combination of cryptography and a Redundant Byzantine Fault
Tolerant consensus algorithm. [20]. The domain ledger is used
to write identity related transactions and the payment ledger
is used to write payment related transactions. This interaction
flow in the Sovrin Network is shown in Fig. 3.
B. Analysis of the Sovrin Network
This section presents a detailed analysis of the Sovrin
Network based on various functionalities and metrics to
demonstrate its effectiveness and limitations. Table I illustrates
the detailed analysis of the Sovrin Network based on several
important features related to identity management [4], [21],
[22], [23]. The Sovrin Network is an open-source iden-
tity management system offering decentralized self-sovereign
identity, which is built on public permissioned blockchain and
governed under the Sovrin Governance Framework (SGF).
It employs Indy Plenum consensus protocol which is an
improved version of the Redundant Byzantine Fault Tolerance
(RBFT) consensus algorithm that offers better security [19].
This analysis shows that the Sovrin Network offers several

Fig. 3. Interaction Flow in the Sovrin Network
important features related to identity and its management
such as sovereignty, access control, storage control, recovery
management, security, privacy, safeguarding, user-friendliness,
governance, and cost-effectiveness [4], [21]; however, it offers
only limited support for several important commercial features
such as availability, transparency, portability, and interoper-
ability, in establishing it as a global and successful SSI network
[23], [24].
As SSI is an emerging IDM model and the Sovrin Network
is an emerging identity network, therefore, the successful
implementation of these commercial and operational features
requires the development and adaptation of a set of common
protocols and standards [25]. It has already adopted several
protocols and standards such as DID, VC, DKMS and DID
Authentication provided by standard organisations such as
the World Wide Web Consortium (W3C), the Organisation
for the Advancement of Structured Information Standards
(OASIS) and the Decentralized Identity Foundation (DIF)
[24]. Presently, the scalability feature is one of the impor-
tant implementation issues for the Sovrin Network, which
is currently resolved by using two rings of nodes: a ring
of validator nodes to accept write transactions, and a much
bigger ring of observer nodes to run read-only copies of the
blockchain to process read requests. Additionally, it does not
allow everyone to operate nodes in the network and only
trusted institutions called Stewards can operate nodes while
participating in the consensus process which improves the
performance but increases the dependency.
VI. S TRENGTHS AND L IMITATIONS OF THE S OVRIN
N ETWORK
After the detailed analysis of the Sovrin Network based on
various functionalities and metrics, this section will discuss
Authorized licensed use limited to: Institut Teknologi Sepuluh Nopember. Downloaded on April 03,2024 at 12:58:44 UTC from IEEE Xplore. Restrictions apply.
some of the most common strengths and limitations of the
Sovrin Network for digital identity.
A. Strengths of the Sovrin Network
The Sovrin Network is one of the emerging user-centric and
open-source identity management systems for self-sovereign
identity, which offers several strengths:
• The joining process of the Sovrin network is easy and
frictionless and users can create multiple Sovrin identities
without any cost.
• It offers password-less authentication and single sign-on
functionality.
• It offers user-centric sovereign identity with fully con-
trolled by its owner.
• It offers easy-to-use data management and control func-
tionality, where user stores, controls, and shares identity
data.
• It mostly complies with General Data Protection Regula-
tion (GDPR) and privacy-preserving policy [8], [26].
• The Sovrin identity system is publicly available and
globally accessible. It is available and accessible to all
users through the use of smart-phones and a simple
mobile app to manage their identity.
• The Sovrin Network is based on open standards and open-
source projects, therefore, the code is open source for
anyone to use and contribute.
B. Limitations of the Sovrin Network
As the Sovrin Network offers greater control and access
to users for their identity on their mobile devices, however,
this comes with some complexities and governance rules.
Additionally, it is an evolving system therefore, the current
Sovrin Network has some early stage limitations which may
be overcome in future. Here are some of the limitations of the
current Sovrin Network are:
• An individual’s private key that is associated with a
Sovrin identity is one of the possible attack surfaces and
if it is compromised then the identity and its related
personal and confidential information could be compro-
mised.
• It is a decentralized network regulated through a gover-
nance model called the Sovrin Governance Framework
(SGF), therefore, the identity and its related services
are governed under this SGF by the society comprising
trustworthy members, which may lead to some additional
rules and constraints [10], [17].
• Any role with its obligations and privileges are deter-
mined based on the SGF [10].
• Unlike public permissionless blockchain where anyone
can operate nodes, the Sovrin Network is based on public
permissioned ledger, therefore, not everyone can operate
nodes and only trusted institutions called Stewards can
operate nodes while participating in the consensus pro-
cess.
• The design architecture of the Sovrin Network is complex
and cumbersome.
 TABLE I
A NALYSIS OF T HE S OVRIN N ETWORK BASED ON VARIOUS F UNCTIONALITIES AND M ETRICS

Criteria Sovrin Network

Identity Type It is an open-source identity management system for offering decentralized self-sovereign identity.
It is built on Hyperledger Indy framework which is an open-source distributed ledger, purpose-built
for decentralized identity. The Sovrin Network is a specific instantiation of Hyperledger Indy which
is a public permissioned distributed ledger. In addition to the core blockchain Hyperledger Indy,
Blockchain Type
some other Hyperledger libraries such as Aries and Ursa are also used in providing various
functionalities. Hyperledger Aries is used to provide verifiable digital credentials and Hyperledger
Ursa provides a shared cryptographic library.
It uses a modified Redundant Byzantine Fault Tolerance (RBFT) algorithm implemented as Indy
Consensus Algorithm
Plenum.
It allows user to store personally identifiable information related to identity on the storage owned or
Identity Data
controlled by the identity owner.
Access Control It offers full control of identity and identity related personally identifiable information to its owner.
Tokenisation Process It utilises Sovrin Tokens.
It offers a social recovery method, where, Recovery Key Trustees trusted by the identity owner store
Recovery Management
recovery data on behalf of the identity owner in the trustees own agent(s).
It is based on a public permissioned blockchain, therefore, only trusted institutions called Stewards
can operate nodes while participating in the consensus process. It uses Hyperledger Ursa, a shared
cryptographic library to provide secure and decentralized key management functionality. For users or
Security
identity owners, it requires credentials and biometry for controlling identity through blockchain.
Users can securely publish their identity including transfer their credentials, sign transactions and
control their keys and data in a secure peer-to-peer model.
It incorporates Privacy by Design and Privacy by Default practices such as pairwise-pseudonymous
DIDs, off-chain private data, selective disclosure of data, minimising correlation of an identity owner,
and Guardian and Delegate confidentiality. It uses anonymous credentials based on Zero-Knowledge
Privacy and Consent
Proofs (ZKPs), which allows users to share the information that maintain the anonymity of users.
Agents shall by default notify their identity owner of any conflict between the identity owner’s
privacy preferences and the Governance Framework’s privacy policies.
The Identity Owner Agreement expresses the obligations of the Sovrin Foundation to all identity
Safeguard owners on the Sovrin Network and vice versa. This Agreement is governed by the Dispute Resolution
provisions of the Sovrin Governance Framework. Each Party shall comply with all applicable laws.
It is based on the Hyperleder Indy framework, where the Indy node/server is built in Python, and the
Underlying Languages
Indy SDK is written in Rust.
Supported Development Programming It provides wrappers (e.g., Libindy and Libvcx) for developing Indy-based applications in the
Languages and Platforms following programming languages and platforms: Java, Python, Rust, NodeJS, iOS and .NET.
Users can manage their identity and its basic functions through a simple mobile app, however, its
User-Friendliness design and architecture is complex and some users might require a Guardian to manage the identity
on their behalf.
The Sovrin identity system is publicly available and globally accessible. It is available and accessible
Availability and Accessibility
to all users through the use of smart-phones and a simple mobile app to manage their identity.
It is limited, however, Sovrin is using several open standards to ensure its portability, for example,
Portability Verifiable Credential (VC), Decentralized IDentifier (DID), Decentralized Key Management System
(DKMS) and DID Authentication (DID Auth).
Presently it is evolving and using several open standards, yet it requires a further alignment with
Interoperability
other similar identity management systems.
Sovrin Entities shall by default disclose the Governance Framework under which a connection is
Transparency created, an interaction is performed, or a credential is exchanged, this offers functional transparency.
It is based on open standards and open-source projects which is aiming at technology transparency.
This is limited. It is currently resolving this by using two rings of nodes: a ring of validator nodes to
Scalability accept write transactions, and a much bigger ring of observer nodes to run read-only copies of the
blockchain to process read requests.
Cost-Effectiveness Presently an identity is free for users and no financial cost to identity related transactions.
It employs a governance model called the Sovrin Governance Framework (SGF), which is the legal
Governance
foundation of the Sovrin Network as a global public utility for self-sovereign identity.
CISCO, ABSA Group (Barclays Africa), Deutsche Telekom AG, DigiCert, TruU, Trust Science,
Prominent Stewards Swisscom Blockchain, Spherity, Evernym, esatus AG, DIDx, Danube Tech, Axuall, Anonyome Labs,
ARTiFACTS, Binaria, Convergence.Tech, Certizen.

Authorized licensed use limited to: Institut Teknologi Sepuluh Nopember. Downloaded on April 03,2024 at 12:58:44 UTC from IEEE Xplore. Restrictions apply.
 • Presently the Sovrin Network offers limited portability, [17] P. Windley. (2020) The Sovrin SSI Stack. [Online]. Available:
interoperability and scalability. https://www.windley.com/archives/2020/03/the sovrin ssi stack.shtml
[18] A. Tobin. (2018) Sovrin: What goes on the ledger?
• The number of public repositories for the Sovrin network [Online]. Available: https://www.evernym.com/wp-content/uploads/
are still limited. 2018/10/What-Goes-On-The-Ledger.pdf
[19] D. Reed, J. Law, and D. Hardman. (2016) The technical foundations of
VII. C ONCLUSION Sovrin. [Online]. Available: https://sovrin.org/wp-content/uploads/2018/
03/The-Technical-Foundations-of-Sovrin.pdf
This paper presented an analysis of the Sovrin Network for [20] Sovrin.org. (2018) How does Sovrin work? [Online]. Available:
sovereign and decentralised digital identity, which is an emerg- https://sovrin.org/faq/how-does-sovrin-work-2/
[21] N. Naik and P. Jenkins, “Governing principles of self-sovereign identity
ing public service utility enabling self-sovereign identity for applied to blockchain enabled privacy preserving identity management
all. It performed a detailed analysis of various features of the systems,” in 2020 IEEE International Symposium on Systems Engineer-
Sovrin Network: architecture, working, functionality, strengths ing (ISSE). IEEE, 2020.
[22] C. Allen. (2016) Self-sovereign identity principles. [Online].
and limitations. It demonstrated and evaluated the working and Available: https://github.com/ChristopherA/self-sovereign-identity/blob/
functionalities of the Sovrin Network. This analysis concluded master/self-sovereign-identity-principles.md
that the Sovrin network is an upcoming identity solution [23] N. Naik and P. Jenkins, “A secure mobile cloud identity: Criteria for
effective identity and access management standards,” in 2016 4th IEEE
which has potential to offer sovereign and decentralized digital International Conference on Mobile Cloud Computing, Services, and
identity to users supported by a governance model (SGF) Engineering (MobileCloud 2016). IEEE, 2016.
and regulation. In future, the security and privacy aspects of [24] M. Graglia, C. Mellon, and T. Robustelli. (2018) The nail finds a
hammer self-sovereign identity, design principles, and property rights
digital identity in the Sovrin Network would be analysed in in the developing world. [Online]. Available: https://www.newamerica.
detail. Furthermore, it is worthwhile performing a comparative org/future-property-rights/reports/nail-finds-hammer/
analysis of Sovrin identity system with some other emerging [25] N. Naik and P. Jenkins, “Securing digital identities in the cloud by se-
lecting an apposite federated identity management from SAML, OAuth
SSI systems. and OpenID Connect,” in 11th International Conference on Research
Challenges in Information Science (RCIS). IEEE, 2017, pp. 163–174.
R EFERENCES [26] ——, “Your identity is yours: Take back control of your identity
[1] T. Ruff. (2018) The three models of digital identity using GDPR compatible self-sovereign identity,” in 7th International
relationships. [Online]. Available: https://medium.com/evernym/ Conference on Behavioural and Social Computing (BESC2020). IEEE,
the-three-models-of-digital-identity-relationships-ca0727cb5186 2020.
[2] A. Palomares. (2019) The next identity management evolution:
Self sovereign identity. [Online]. Available: https://atos.net/en/blog/
the-next-identity-management-evolution-self-sovereign-identity
[3] A. Tobin and D. Reed, “The inevitable rise of self-sovereign identity,”
The Sovrin Foundation, vol. 29, 2016.
[4] N. Naik and P. Jenkins, “Self-Sovereign Identity Specifications: Govern
your identity through your digital wallet using blockchain technology,”
in 2020 8th IEEE International Conference on Mobile Cloud Computing,
Services, and Engineering (MobileCloud 2020). IEEE, 2020.
[5] ——, “uPort open-source identity management system: An assess-
ment of self-sovereign identity and user-centric data platform built
on blockchain,” in 2020 IEEE International Symposium on Systems
Engineering (ISSE). IEEE, 2020.
[6] ——, “Does Sovrin Network offer sovereign identity?” in 2021 IEEE
International Symposium on Systems Engineering (ISSE). IEEE, 2021.
[7] Sovrin.org. (2021) Sovrin: Control Your Digital Identity. [Online].
Available: https://sovrin.org
[8] ——. (2020, January 8) Innovation meets compliance data privacy
regulation and distributed ledger technology. [Online]. Available:
https://sovrin.org/wp-content/uploads/GDPR-Paper V1.pdf
[9] ——. (2021) What is Hyperledger Indy? [Online]. Available:
https://sovrin.org/faq/what-is-hyperledger-indy/
[10] ——. (2019) Sovrin Governance Framework V2. [Online]. Available:
https://sovrin.org/library/sovrin-governance-framework/
[11] P. Windley. (2019) Fidelity, Provenance, and Trust. [Online]. Avail-
able: https://www.windley.com/archives/2019/10/fidelity provenance
and trust.shtml
[12] Sovrin.org. (2018) What is Self-Sovereign Identity? [Online]. Available:
https://sovrin.org/faq/what-is-self-sovereign-identity/
[13] Tykn.tech. (2021) Self-Sovereign Identity: The ultimate beginners
guide! [Online]. Available: https://tykn.tech/self-sovereign-identity/
#The Benefits of Self-Sovereign Identity
[14] N. Naik and P. Jenkins, “An analysis of open standard identity protocols
in cloud computing security paradigm,” in 14th IEEE International
Conference on Dependable, Autonomic and Secure Computing (DASC
2016). IEEE, 2016.
[15] W3C. (2019) A primer for Decentralized Identifiers. [Online]. Available:
https://w3c-ccg.github.io/did-primer/
[16] Sovrin.org. (2018) Sovrin: A protocol and token for self-sovereign
identity and decentralized trust. [Online]. Available: https://sovrin.org/
wp-content/uploads/Sovrin-Protocol-and-Token-White-Paper.pdf

Authorized licensed use limited to: Institut Teknologi Sepuluh Nopember. Downloaded on April 03,2024 at 12:58:44 UTC from IEEE Xplore. Restrictions apply.