Skip to main content
banner image
venafi logo

Capitalizing on Self-Sovereign Identity for Machines [Part One]

Capitalizing on Self-Sovereign Identity for Machines [Part One]

January 5, 2021 | Markus Soppa, filancore

Imagine you are the registrar of a university, and you have graduating students wanting access to their diplomas. Manually fulfilling and authenticating those requests is time-consuming—and in situations where physical presence is required, impossible. Here’s one way you might be able to provide that access digitally: for students who have finished their bachelor’s degrees, you sign a bachelor certificate using your Self-Sovereign Identity (SSI). The students can take their signed certificates and show it to anyone else, and everyone can verify that the diploma is valid without having to contact the university.

That is a hypothetical example of Self Sovereign Identity. SSI is a term used to describe the digital movement that recognizes an individual should own and control their identity without the need to involve administrative authorities. SSI allows people to interact in the digital world with the same freedom and capacity for trust as they do in the offline world.

But if it is one thing we know about identity in the age of digital transformation, it’s that people aren’t the only ones with identities. Machines have identities too.

SSI Origins

SSI is essentially a new way of thinking about identities. The intent of SSI is to make identities versatile for basically every setting one can imagine. Right now, identity is basically a digital certificate, which you can use to authenticate yourself or a machine. The SSI idea goes a bit further.  It starts with a base identity (called decentralized identifier) and then goes to the next step, by enabling us to sign arbitrary claims and prove those claims towards third parties. These claims are called verifiable credentials and can be used to identify and sign any declarative statement whatsoever. That's a really powerful concept because the applications are so broad.

SSI is not really a new concept. It's been around for quite a while, but the reason SSI could not be adopted is that the missing piece of the puzzle, distributed ledger technology (also known as blockchain), has not existed up until a few years ago. That is changing and the SSI ecosystem is growing. 

Verifiable Credentials Meets Machine Identity Management

At filancore, our goal is to establish a secure basis for future networking by making decentralized identities suitable for the Industrial Internet of Things.  We were excited to join the Machine Identity Management Development Fund and build a bridge between the SSI ecosystem and Venafi as leaders in Machine Identity Management.

Since an identity would be under the full control of the subject of the identity (that's why it's self-sovereign!), you can not only apply SSI to humans—like I have my identity, which is reflected in a digital identity on my phone.  You can apply SSI to machines too.  Think about a machine. It has its own decentralized identity and can use that in combination with verifiable credentials to authenticate and authorize itself against third parties.

In the example above, a bachelor certificate is just one instance of a verifiable credential. Just as the graduates above have their digital identities, machines can have digital identities as well—and they too can be the subject of verifiable credentials. If I'm a machine producer, and I want to create machines that are unforgeable, I can issue the credential to the identity of my machine that establishes, "Hey, I made this machine." And then the machine itself could prove to anyone asking about it that “yes, I was manufactured by this producer.” Whereas a third-party unauthorized copy of the machine cannot do that since it doesn't have the proof.

We have created an integration that enables organizations to start exploring the SSI ecosystem by creating their own base identities and registering them with a state-of-the-art distributed ledger technology called IOTA. On top of that, anyone can create verifiable credentials about these identities based on Venafi x.509 certificates—the software requests a certificate from Venafi, and then convert that certificate into a verifiable credential. 

What does this mean for our machine manufacturer?  Using SSI, they can not only provide their machines with a decentralized and secure identity but also cover authentication and authorization through verifiable credentials issued on top of these identities. With this solution we built with Venafi, we can communicate or authenticate, authorize these devices, and prevent them from vulnerability to attack or counterfeit.

By providing a means to globally define an indisputable link between a machine and its machine identity across different sites, networks and businesses, we can secure IoT like never before.

The filancore integration for Verifiable Credentials is available now. You can learn more from the Venafi Marketplace. And stay tuned for part 2 of this series, where we explore the SSI and crypto-agility.


This blog features solutions from the ever-growing Venafi Ecosystem, where industry leaders are building and collaborating to protect more machine identities across organizations like yours. Learn more about how the Venafi Technology Network is evolving above and beyond just technical integrations.


Related posts


Learn more about machine identity management.

Like this blog? We think you will love this.
Featured Blog

Cloud Native Machine Identity Management for Zero Trust

Richard: Tell us about Pomerium and the role machine ide

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Markus Soppa, filancore
Markus Soppa, filancore
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more