this concept of self-sovereign identity is not common on the internet. it's used with SSH, and a small amount of TLS works from this basis. the DNS roots are sovereign in as far as a small number of individuals have the secret to sign stuff, and this is why it's robust. the rest of the internet tho. they don't care. in my fiat mine job, we are working with several blockchains and fortunately two of them that we work with the users' signatures are generated locally by the users, albeit with the help of this "web3auth" system which binds access to a secret key to an email address. we are integrating another chain, an ethereium fork sponsored by Sony, and the web3 devs in charge of that yet again chose a non-self-sovereign identity scheme whereby the secret bound to a user's email related identity depends on a smart contract to ... idk even how this is considered secure... but the smart contract signs their events. i haven't implemented the prescribed API call to that SC to verify the signatures, and as such, an important but minor attack vector on our users is currently open because the server i built isn't validating the signatures. but this is a bad thing. and its a very bad design to shift authentication inwards to the centre of a network system. authority to sign events should be on the edge, this is what "self sovereign identity" means. the history of hacks on central authentication systems is extensive. why people keep building them is beyond me.