Few people want to hold personally identifying information if they don’t have to. But obviously the air transport industry wouldn’t work if we didn’t provide this information.
Think of the many touchpoints on the passenger’s journey, which are often controlled by different organizations. Airlines must collect passport data on behalf of governments, for instance, in advance of passengers crossing borders. Such information is vital to achieving seamless travel, which will become even more challenging as passenger numbers rise.
Air transport needs a proven way to handle personal data
As consumers, we all benefit from frictionless online ecommerce. If like me you’d like that same frictionless experience as you travel, then you’d be willing to provide more data in return. Trusted, verifiable data provided in advance reduces work on the day of travel at the airport.
But it also demands that the air transport industry has a proven, robust, open and consistent method for passengers to provide trusted personally identifying information in advance online.
In an ideal world, individuals would hold all their identity data digitally themselves, which they could assert to various entities. In travel that could be at every step of the journey, from booking, traveling through the airport, crossing borders and checking-in to hotels.
Will Self-Sovereign Identity be the way forward?
Self-Sovereign Identity has emerged as a potential solution to the digital identity challenge. It gives people sole ownership of their data. They can choose who to share data with and what to share. So a person may be willing to share some employment information with a border agency, for example, but not salary details.
Like my colleagues in the SITA Lab, I believe Sovrin will be able to provide a digital identity solution for all air transport stakeholders. It’s the most widely recognized, vendor-agnostic international non-profit organization for the advancement of Self-Sovereign Identity.
As a member of the Sovrin Alliance and a founding steward of the Sovrin Network, SITA has developed a Sovrin proof-of-concept for international air travel and we’re exploring how Sovrin could be applied to the air transport industry.
How it works in practise
Identity Owners are issued with Sovrin Verifiable Credentials; they store these credentials in their digital wallet. When required, they present proofs based on their credentials. Then the person or organization receiving the credentials can verify the information presented.
Imagine you’re the Identity Owner in the diagram. You want to apply for a bank loan. The bank needs to confirm you’re in full-time employment with a certain minimum salary. Your employer issues the relevant credential to you. It’s your information; it’s been signed by them and issued to you.
So for the bank, you can present a signed verifiable credential from your employer with just the data needed; without revealing your salary or other information in the credential.
How it works: the technical underpinnings
Now let me explain it from a technical perspective. The credential issued by your employer includes a reference to their well-known Decentralized Identifier on the Sovrin ledger. The credential you present to the bank is countersigned by you and references the Decentralized Identifier you’ve used to connect with the bank.
Sovrin is built on the principles of Privacy by Design. There’s no record of the credential on the Sovrin ledger; there’s just enough information on the ledger to cryptographically verify the presented credentials.
In addition, people use different identifiers when connecting to others on the network, preventing identification by correlation. Sovrin also supports zero knowledge proofs; this means that in some cases it’s not necessary to transfer the actual data.
Self-Sovereign Identity in the air transport industry
Now let’s consider the example in the context of air travel. Think about your passport. A government issues the passport to you. You present it when necessary to prove identity to a Verifier, which could be an airline employee, a security agent, a kiosk or some other machine that can read passports.
The Verifier, human or machine, inspects the passport; they can see who issued it, and they can verify it without contacting the government who issued it. Once they’re happy it’s genuine, they can trust the data, compare the person presenting the passport and make their decision.
The same pattern is repeated at different journey touchpoints right across the global air transport industry. An airline issues a boarding pass which the passenger presents at security or boarding. Visas are issued by governments. Sometimes a passenger requires a visa or even a letter of invitation from a business in a country to support a visa application. Airport staff are issued with photo ID cards, confirming their identity and access rights.
My point is that the current processes used during travel are clearly very similar to Self-Sovereign Identity.
We need a guarantee of trust and industry standards
As long as it’s sufficiently trusted to be actionable, digital identity information provided in advance of the day of travel results in a more efficient airport and a better travel experience.
But earning this trust requires more information. Who issued the credential? How do I know the issuer is a genuine government, airline or airport business? What process or standard does the credential comply with? What exactly is this credential certifying? Is this meeting my legal and regulatory requirements?
To address these concerns, we need two things: interoperable standards for credentials and an agreed Trust Framework. Sovrin provides the supporting infrastructure and technology for Verifiable Credentials; it does not impose standards for different industries.
Domain-specific Trust Framework
We believe an air travel domain-specific Trust Framework could be created. This could work on top of Sovrin and contain the technology, business processes, and legal agreements necessary to achieve trust.
Such an industry Trust Framework could specify credential schemas, standards for issuing, registries of accredited organizations issuing such credentials and suggested operating models. This is like today, where boarding passes, passports and so on are standardized and supported by a regulatory framework.
Making air travel easier, and giving passengers control
For the foreseeable future, passengers will probably still carry physical identity documents, such as passports and boarding passes. But with Self-Sovereign Identity, they can be issued with digital equivalents in the form of Verifiable Credentials, reducing the need to present physical documentation at every touchpoint.
That will give passengers a more seamless journey experience, as they can benefit from more certainty in advance of travel, while being in control of their personal information. There are potential benefits for the industry too. Better data privacy, for example, as well as decreased costs in storing and processing personal data, and more effective security. There’s also reduced industry liability, because passengers can provide more complete, certified and trusted data in advance of travel.
So there’s no doubt in my mind that we’re approaching a turning point in our use of data and identities in air transport. Self-Sovereign Identity may well make travel easier than ever, giving control back to passengers and taking us a step closer to the seamless journey.