Digital identity is essential to access services such as: online banking, income tax portals, and online higher education. Digital identity is often outsourced to central digital identity providers, introducing a critical dependency. Self-Sovereign Identity gives citizens the ownership back of their own identity. However, proposed solutions concentrate on data disclosure protocols and are unable to produce identity with legal status. We identify how related work attempts to legalize identity by reintroducing centralization and disregards common attacks on peer-to-peer interactions, missing out on the strong privacy guarantees offered by the data disclosure protocols. To address this problem we present IPv8, a complete system for passport-grade Self-Sovereign Identity. Our design consists of a hierarchy of middleware layers which are minimally required to establish legal viability. IPv8 is comprised of a peer-to-peer middleware stack with Sybil attack resilience and strong privacy through onion routing. No other work has offered an operational prototype of an academically pure identity solution without any trusted third parties, critical external services, or any server in general.