Self-sovereign identity boils down to : you control a public key (you have the private key). Everything after that is some variant on : someone with another key can sign a message that means they believe something about your key. This turns out to be pretty much the same as X.509 from 30+ years ago, with the names of things changed and modern encoding schemes used for the messages.
In this context, much of what we think of as identity on the internet doesn't need a central authority because all most web sites know about you is that you're the same entity that originally created the account (usually implemented via your email address). But email tends to be favored by users because managing your own keys is problematic.
Be very skeptical of anyone who claims to have devised a decentralized sybil-resistant identity scheme.
In this context, much of what we think of as identity on the internet doesn't need a central authority because all most web sites know about you is that you're the same entity that originally created the account (usually implemented via your email address). But email tends to be favored by users because managing your own keys is problematic.
Be very skeptical of anyone who claims to have devised a decentralized sybil-resistant identity scheme.