No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Decentralized Identity: Where Did It Come From and Where Is It Going?
Abstract
The technology category now widely known as “decentralized identity” and more narrowly as “self-sovereign identity” didn’t even exist four years ago. At that time, the cutting edge of digital identity technology consisted of Internet- scale federated identity protocols such as OpenID Connect and user-centric data sharing protocols such as User-Managed Access (UMA). Then along came Bitcoin and a surge of interest in blockchain and distributed ledger technology (DLT). Although the initial uses of this technology focused primarily on cryptocurrency, it didn’t take long for the digital identity community to begin applying it to digital identity scenarios.
... As the internet has no built-in identity protocol [1], various approaches have been developed in the past. In the isolated model, online services are at the centre of the identity ecosystem, as each one requires users to register a user account with them, which then can be used together with a password to log in [2]. This leads to many user accounts ("logins"), which are spread among various service providers. ...
... In the federated model, dedicated identity providers are utilised, where the user registers once. Afterwards, their identity can be verified at online services that support the respective identity provider [ 2]. Popular examples include so-called social logins, such as the ones offered by Google, Facebook, and Microsoft. ...
... Self-sovereign identity (SSI) is the most recent approach and enables users to manage their digital identities on their own [2], [6]. In addition to strengthening users, SSI could also provide benefits from an interoperability and process perspective [4]. ...
Self-sovereign identity (SSI) is a new paradigm, which puts users back in control of their own digital identity. This does not only strengthen the position of the users but implies new interaction schemes that may improve interoperability and usability. Smart services systems enable the integration of resources and activities and use smart products as boundary objects. As such systems typically involve digital interactions between multiple actors, it can be assumed that utilising SSI has a positive impact on them. To investigate how these potential improvements manifest themselves, we investigate electric vehicle charging as example of a smart service system. At the core of our conceptual analysis is the service process, which we extract from a reference model. Based on a SWOT analysis, we identify areas for transformation and derive an SSI-enabled interaction model for an electric vehicle charging service. The evaluation of the new process shows that SSI can reduce complexity of integration with partners and can provide a better customer experience through simplified registration and authentication. Moreover, SSI might even lead to the disintermediation of actors in the service system. Although SSI is still emerging, our findings underline its relevance as a mechanism to establish trust in smart service systems through the seamless and standardised integration of digital identities for humans, organisations, and things.
... Nowadays, we can differentiate between the following core digital identity models: centralized, federated, and decentralized [1]. The latter is the newest among the models, which came into focus after the introduction of blockchain technology. ...
... The idea of the decentralized identity model is that end-users create their own digital identities and corresponding identifiers and use them for any service or digital interactions they like [2], [3]. However, the decentralized identity idea grew into multiple forms, like those for using blockchain and DLT-based networks, and also self-sovereign identities (SSI) [1], [3]. We can also group these into on-chain (e.g., blockchain-based) and off-chain (e.g., SSI) decentralized identities. ...
Digital identity is becoming one of the core elements during the digitalization age, when more and more processes and interactions are taking place in the digital sphere. Therefore, current identity management approaches will define how these interactions will look in the future, but different fields and communities often approach management with their own solutions and tools, despite their similarities. This includes decentralized digital identities, where the identity is managed with asymmetric cryptographic keys, and no centralized entity oversees the whole identity system. This paper focuses on managing on- and off-chain decentralized digital identities, with the former being used for blockchain networks and the latter for self-sovereignty and privacy. While both types of decentralized identity build on the same cryptographic and identity primitives, there is no single wallet that handles both. Therefore, this paper proposes an orchestration solution for both wallet types, which enables their convergence to a single universal wallet and validates it with a real-life decentralized identity use case.
... Identity can be defined as a group of assertions about a person, place, or thing. First and last name, date of birth, nationality, address, and some type of national identifier, such as a passport number, social security number (SSN), driver's license number, etc., are typically included in this information for persons (Avellaneda et al., 2019). These informational pieces are generated by centralized organizations (state and federal governments) and kept in centralized databases. ...
... Identity can be defined as a group of assertions about a person, place, or thing. First and last name, date of birth, nationality, address, and some type of national identifier, such as a passport number, social security number (SSN), driver's license number, etc., are typically included in this information for persons (Avellaneda et al., 2019). These informational pieces are generated by centralized organizations (state and federal governments) and kept in centralized databases. ...
In the digital age, our identity is built on our sense of identity, which defines who we are in our families, communities, cultures, and the wider world. The phrase "Know Yourself" (KYS) describes who we are and how we want to be perceived. It covers a range of characteristics, including those related to language, culture, religion, education, character, and career. While these traits help to define our individual identities, in order for governments and institutions to effectively provide services in areas like education, healthcare, banking, employment, and travel, a broader definition of identity is required. As a result, 'Know Your Customer' (KYC) checks are required by regulatory agencies all over the world. These checks are designed to confirm a person's identification before allowing access to services or facilities, such as admission to universities, creating bank accounts, getting loans, receiving health care, getting mobile SIM cards, etc. Therefore, in this digital world, protecting our identities and valuing who we are as individuals should be our first priority. The use of digital identities is becoming more prevalent as paper-based identity verification becomes less common. A greater challenge in the digital age is setting up how to protect our personal information and ensure that we are dealing with the correct individual, which is thoroughly examined in this study.
... Users choose their preferred provider for authentication and if they select a website that is reliable, they can experience many of the benefits of SSI. It can be argued that OpenID is the digital identity system that is most similar to SSI [25]. However, the registration of an OpenID necessitates technical skills and expertise, and the registering entity holds the authority to withdraw it at any given moment. ...
Decentralized Identity (dID) has brought to the forefront the advantages and importance of total user control over identity. Previous solutions delegate identity management to the responsibility of third-party applications or services, which may raise multiple privacy and security concerns regarding users' personal data. In this paper, we highlight the significance of dID and in particular Self-Sovereign Identity (SSI) for a rapidly evolving ecosystem with a plethora of interconnected devices with different characteristics, such as the Internet of Things (IoT). Specifically, we analyze the benefits of incorporating SSI principles and technologies in IoT environments, while also discussing the challenges that may be introduced when combining the complexity of SSI concepts with the diverse and large-scale IoT environment. In addition, we present a thorough overview of existing systems that integrate SSI components into IoT environments, in order to address the challenges of authentication, authorization, and access control even for constrained IoT devices. Finally, we provide a comprehensive analysis regarding the contributions of Decentralized Identifiers and Verifiable Credentials, the two main pillars of SSI, for enhanced privacy and security for the Internet at large and for the IoT in particular.
... One of the most immediate solutions to these problems was demonstrated to be decentralised identities (DIDs) [79], which have lately been created to manage the separation between identities from centralised database registries, entities and services that offer authentication and authorisation services to verify a person's identity and grant access to specific resources or information and certificate authorities, as the name suggests (See Figure 2). Based on ten principles [80] with the user at their core, the Self-Sovereign Identity (SSI) model addresses the challenges of digital identities, for which preliminary models, prototypes and demonstrations that are designed to test and validate their feasibility, viability and potential benefits are ongoing and under continuous processes; designing, building, testing and improving. ...
Urban areas provide the seedbed conditions for a variety of agglomeration advantages, including incubator conditions for the ICT sector. This study aims to present the foundations for a data-driven digital architecture based on the notion of open access platform organisations (e.g., platform cities). The principles of coordinated multi-actor data handling and exchange mechanisms centre in particular on privacy and confidentiality regulations. These are highlighted and tested on the basis of the data exchange architecture in a particular Industry 4.0 sector, viz., the medical–pharmaceutical sector. To cope with these issues, self-sovereign data trust systems are designed and tested using an OpenDSU data environment. Several building blocks of this architecture are presented and assessed. The conclusion of this study is that OpenDSU technology offers promising departures for handling privacy-sensitive and confidential data exchange in open platform organisations, such as smart cities.
... The UMA 2.0 core protocol has several (open-source) implementations from, for example, ForgeRock, Gluu, MITREid Connect, Node-UMA, and Roland Hedberg. The Kantara UMA working group is currently working on several improvements, like an interface to SSI [10], trust models, data models, and many more. ...
Identity and access management is a core building block for the majority of web services. Cloud-based services, social webs, mobile apps, but also IoT-related services rely on identity management to provide a seamless and secure user experience. Transmitting and sharing sensitive information with other organizations always poses a security and privacy risk to all participating entities. One solution to tackle this problem is the principle of federated identity management (FIM). FIM is used to authenticate and authorize users across multiple organizations and platforms in order to obtain access to resources and services. The benefits of FIM are, for example, consistent data, reduced amount of sensitive information needed to be shared, as well as less passwords for the user to remember. Both predominant standards, Secure Assertion Markup Language (SAML) 2.0 and Open Authentication (OAuth) 2.0 with the authentication layer OpenID Connect, are in wide-spread practical use for at least a decade. However, these protocols were developed with different requirements in mind than nowadays present. This led to several extensions to tackle real-world problems, making it cumbersome to comply with every flavor. Also, Request for Comments (RFC) 8252 suggests that a native app opens a system browser for user authentication; consequently, new protocols are currently developed. For example, within Internet Engineering Task Force (IETF), Kantara Initiative, and OpenID Foundation, which (should) have three main goals in common: • Reducing the complexity in contrast to SAML 2.0 and OAuth 2.0. • Decreasing the amount of extensions and varieties found in the wild. Both help developers to comply with the standards and, consequently, increase the security. • Including edge and future use cases, making the protocols even more useful. This article gives insights into current developments and possible future paths.
... Each client has only one digital identity, which is a DID issued by the service provider, but has multiple claims (i.e., VCs) that prevent misuse of services and Sybil attacks [36]. Such identity information is not stored or controlled by other parties, rather they are kept in a wallet under the surveillance of the user, thus, improving both the control over the client's data and the degree of trust and security for external entities (e.g., apps or service providers) [37]. Our DID-based access control system comprises the following actors: ...
The increasing availability of data generated by Internet of Things (IoT) and Industrial Internet of Things (IIoT) devices, as well as privacy and law regulations, have significantly boosted the interest in collaborative machine learning (ML) approaches. In this direction, we claim federated learning (FL) as a promising ML paradigm where participants collaboratively train a global model without outsourcing on-premises data. However, setting up and using FL can be extremely costly and time-consuming. To effectively promote the adoption of FL in real-world scenarios, while limiting the overhead and knowledge of the underlying technology, service providers should offer federated learning as a service (FLaaS). One of the major concerns while designing an architecture that provides FLaaS is achieving trustworthiness among involved typically unknown participants. This article presents a blockchain-based architecture that achieves Trustworthy federated learning as a service (TruFLaaS). Our solution provides trustworthiness among 3rd-party organizations by leveraging blockchain, smart contracts, and a decentralized oracle network. Specifically, during each FL round, the service provider supplies a sample, without overlapping, of its validation set to validate all partial models submitted by clients. By doing so, poor models, which tend to degrade performance or introduce malicious backdoors, are identified and discarded. Due to the transparency of the blockchain, not changing the validation set would enable participants to forge a malicious partial model that passes the validation phase. We evaluate our approach over two well-known IIoT datasets: the reported experimental results show that TruFLaaS outperforms the state-of-the-art literature solutions in the field.
... A Decentralized Identifier (DID) 18 is globally unique and persistent identifier developed as a standard by the World Wide Web Consortium (W3C) as shown in Fig. 3 that offers verifiable and decentralized digital identity. DIDs are essential components of SSI created and controlled by individual users. ...
OAuth2.0 is a Single Sign-On (SSO) approach that helps to authenticate and authorize users to log into multiple applications without re-entering the credentials. In this model, the data are stored in a central repository completely controlled by the OAuth service provider, which may lead to third-party fraud and identity theft. This paper proposes a decentralized authentication framework comprised of a blockchain-based decentralized identifier and private distributed storage via an interplanetary filesystem (IPFS), permitting the user to have end-to-end data control. Furthermore, we have added a secret sharing mechanism that allows secure storage of data in our proposed model. We implemented our proposed framework in Hyperledger Indy(permissioned blockchain) and Ethereum (permissionless blockchain) to compare the efficiency, scalability, and privacy of the data stored in the blockchain ledger.
... DIDs carry with it numerous advantages in comparison to existing forms of identification. First, DIDs enable individuals to have a greater degree of control over their personal data due to their reduced reliance on centralized intermediaries[78] [79]. Second, DIDs are ...
... DID allows users to have control over their personal data and identity on the Web3 [19]. In addition, the process of uniquely recognizing and representing an entity as a digital identity in a virtual environment is performed under the hood of an Identity Management System (IdMS) [20]. ...
This paper summarizes the work of many different authors, industries, and countries by introducing important and influential factors that will help in the development, successful adoption, and sustainable use of the Web3/Metaverse and its applications. We introduce a few important factors derived from the current state-of-the-art literature, including four essential elements including (1) appropriate decentralization, (2) good user experience, (3) appropriate translation and synchronization to the real world, and (4) a viable economy, which are required for appropriate implementation of a Metaverse and its applications. The future of Web3 is all about decentralization, and blockchain can play a significant part in the development of the Metaverse. This paper also sheds light on some of the most relevant open issues and challenges currently facing the Web3/Metaverse and its applications, with the hope that this discourse will help to encourage the development of appropriate solutions.
... Technologies like decentralised identity systems enable users to securely and decentrally control and manage their personal data and digital identities (Avellaneda et al., 2019). These systems give people more ownership and control over personal data by using decentralised technologies like blockchain to store and manage identity information (Stockburger et al., 2021). ...
The metaverse is a new frontier in consumption. It is a digital place where people can buy and consume anything they want, whenever they want. It is an oasis of freedom and choice, and it has the potential to change the way we live and work. The future of the metaverse is placed where data and technology merge to create an experience that’s both unique and engaging. With information overload becoming a weekly reality, it is crucial for businesses to understand how their consumers are engaging with their offerings. This chapter synthesised the current research and practice to answer the following questions: How is the metaverse changing the way we consume and communicate? And how is Web 3.0 empowering and transforming the metaverse? Moreover, what are the threats Web 3.0 is bringing to our privacy on the internet?
... By executing performance-based financing of sustainable infrastructure, all actors participating in the infrastructure project would be represented with a decentralized identity (DID) on the blockchain containing a unique ID, a public cryptographic key, and other attribute descriptions of the digital identity (Avellaneda et al., 2019;Davie et al., 2019;Li et al., 2019). A decentralized trust web is established through the verifiable credentials of decentralized identifiers (Lux et al., 2020). ...
The United Nations Environment Program Finance Initiative as well as the National Academies of Science, Engineering, and Medicine recognize the need for financial innovations to facilitate transitioning to a sustainable society. To ignore financial solutions is to risk increasing environmental and social cost and the window to limit global warming under 1.5ﹾC. Under-investment in infrastructure has resulted in significant deterioration in functionality and deficiencies in society’s ability to meet present needs without compromising future generation needs from an environmental, social, and economic perspective. The American Society of Civil Engineers estimated that $5.9 trillion USD would be required to bring infrastructure to an adequate state and currently only 56 percent has been committed. This translates to an annual deficit of $259 billion USD from 2020 to 2029. Aside from the built environment, investment deficits are found in incentivizing sustainable practices in agriculture as well. Yet, while government subsidies have attempted to guide these operations towards sustainable outcomes, the capital market instruments have not been executed in farming due to market and definitional frictions. This dissertation sought to achieve three goals: (1) to understand the economic value and environmental cost of unsustainable practices; (2) to explore the potential for technology-based financing models such as blockchain to facilitate sustainability-linked financing mechanisms; and (3) to demonstrate a proof-of-concept to operationalize agricultural outcomes-based financing using blockchain. The regional use case focused on agriculture in the sub-watersheds of the Great Lakes drainage area. The work presented here leverages a number of methodologies to achieve these goals, including novel data fusion approaches, application of econometric theories, as well as blockchain-enabled funding and financing mechanisms. My initial approach applies data fusion and hedonic pricing to quantify the contribution of nitrogen and phosphorus loading on farmland sales transactions. The data sources and fusion process were derived from AcreValue, the United States Department of Agriculture's Gridded Soil Survey Geographic database and the United States Geological Survey's Spatially Referenced Regression on Watershed Attributes database. The results suggest that nutrient loading has significant positive influence on farmland prices such that prices increase with contamination and re-valuations of contaminating farmlands is required. The following chapters leverage technology-based financing using blockchains and decentralized oracle networks to reduce investment barriers for sustainable systems. A framework is presented where trusted data from internet-of-things of infrastructure can inform financial transactions on-chain in an efficient manner. This section employs the Model method to justify and predict how blockchains and oracles can use infrastructure internet-of-things data to streamline performance-based financing mechanisms by creating trust and automation. A performance-based proof-of-concept to incentivize regenerative agriculture practices is then implemented on the Ethereum blockchain. This research element highlights the benefits of implementing performance-based incentives on a blockchain via Transaction Cost Economics (TCE) analysis. The combination of blockchain-based platforms and decentralized oracle networks not only show that payment processes are automated, reducing transaction costs, but also that multiple transaction steps in a typical pay-for outcomes program can be executed using a smart contract. This work reveals the value of leveraging data streams, where insights are generated to understand the boundary conditions for the future design of sustainable infrastructure and practices. The findings of this study serve as a key input for technology-enabled financing models that can lower transaction costs and unlock new capital resources.
... In the EU, Blockchain Partnership Programme (EBP) developed the European Sovereign Identity Institution (ESSIF) based on the European Blockchain Services Infrastructure (EBSI) to provide cross-border public services for all EU citizens all over the EU in 2020. In addition, during the G20 summit, the concepts of self-sovereign identity and decentralized identity have been set as a key discussing topic over many participating countries in 2021 [6]. ...
Blockchain technology has been changing the trust system through machine endorsement and mathematical algorithms, laying a technical foundation for network identity from centralized to decentralized management. The decentralized identity with core features, such as “no need for a management center and self-managed identities” have become a key direction for the evolution of a new generation of digital identity based on blockchain. Internationally, the United States, the EU, and other countries have promoted the technological exploration and application innovation of the decentralized identity, aiming to seize the international discourse power in the digital space. This paper establishes an evaluation model of international engagement in the decentralized identity field and takes the United States as a case to analyze the current development status and international engagement of the decentralized identity from multiple dimensions. Furthermore, it proposes some suggestions for other countries to improve the international engagement in the decentralized identity field.
... As identifiers and associated identity data are no longer stored in centralized third-party repositories, eliminating a single point of failure, reducing the threat to privacy, enhancing security, and minimizing vulnerabilities connected to personal data misuse, data breaches, and identity-related cybercrimes [11]. Further-more, SSI is user-centric [6], presenting a shift of power and control from central authorities to decentralized entities such as users, i.e., identity holders, who must be central to the administration of their own identity and information flow during digital interactions [12], [13] and are responsible for storing their credentials in user agents, i.e., wallets. SSI enables an exchange of claims and credentials without an intermediary, allowing users to attain verifiable credentials from third-party issuers, and/or make assertions about themselves and present them to the relying party, i.e., verifiers, requesting proof of identity. ...
Self-Sovereign Identity (SSI) is a novel and emerging, decentralized digital identity approach that enables entities to control and manage their digital identifiers and associated identity data fully while enhancing trust, privacy, security, and the many other properties identified and analyzed in this paper. The paper provides an overview and classification of the SSI properties, focusing on an in-depth analysis, furthermore, presenting a comprehensive collection of SSI properties that are important for the implementation of the SSI system. In addition, it explores the general SSI process flow, and highlights the steps in which individual properties are important. After the initial purification and classification phase, we then validated properties among experts in the field of Decentralized and Self-Sovereign Identity Management using an online questionnaire, which resulted in a final set of classified and verified SSI properties. The results can be used for further work on definition and standardization of the SSI field.
... Although blockchain technology is not strictly needed for SSI, several SSI projects use a blockchain as a publicly shared and immutable registry for trusted organizations . In the case of SSI, users store their identity-related documents in so-called digital wallet apps on their smartphones (Avellaneda et al., 2019). Different credentials can be stored and presented in combination through these identity wallets, for instance, a digital ID card, a digital vaccination certificate, and a digital ticket . ...
Ticket fraud and ticket scalping activities often cause high costs as well as trust concerns for fans buying event tickets, especially in the secondary ticketing market. To address these issues, several publications and projects have proposed using blockchain technology to enable digital trust and ticket verifiability and thus to improve event ticketing systems. However, these approaches exhibit considerable privacy challenges and fall short concerning reliable, efficient visitor identification, which is necessary for controlling secondary market transactions. We demonstrate how a novel paradigm for end-user digital identity management, called self-sovereign identity (SSI), can be utilized to gain secondary market control. To do so, we follow a rigorous design science research approach to build and evaluate an SSI-based event ticketing framework. Our findings demonstrate that SSI-based event ticketing can enable efficient secondary market control by facilitating a practical implementation of the centralized exchange model. To generalize our results, we derive design principles for the efficient, reliable, and privacy-oriented ticket and identity verification and the use of revocation registries.
... We suggest that the record of the revocation operation for blockchain applications references the original transaction, indicating that it has been revoked. However, storing assets in transactions that operate in a decentralized and sovereign manner is a recent challenge, which did not even exist four years ago (Avellaneda et al., 2019). Therefore, we propose a model using VC and Decentralized Identifier (DID), which, combined, provide a mechanism to store the revocation operation, and at the same time, keep the sovereignty of the asset's owner. ...
The blockchain's immutability has allowed previously centralized operations to operate in a new way. The possibility of applications having a new architecture is given thanks to the innovative properties of the technology, which brought alternative control designs for distributed systems and allowed applications to work without the need for a central controlling point. The expansion of blockchain to other areas beyond cryptocurrencies has shown the need for applications to implement solutions to deal with corrective operations. Blockchain 3.0 applications bring new solutions for business needs. However, as opposed to immutability, the revoking functionality is much more complex to be implemented in this type of architecture, but paramount to applications resilience, allowing faulty or invalid information to be revoked, ensuring thus that the blockchain can still be trusted. This work assesses and discusses revocation mechanisms to contribute to the technical feasibility of several applications, which require corrective operations. We present a model in the academic area, which can be replicated for other types of systems in other areas.
... Several initiatives have been addressed to provide a decentralized identity model, such as ID2020 [19], Uport [20], Sovrin Foundation [21], or bonifii [22] that allows to develop SSI-based projects [23]. ...
user-centred identifier enables verifiable and decentralized digital identity, and lead users to control and to generate their own identifiers using systems they trust. This is how Self-Sovereign Identity works. This paper presents the case of universities, where several different agents need their own identifier and shows a digital identity mathematical model. Moreover, the Alastria model for the university context is detailed.
... They can keep them on their phones, PCs, or in the cloud with their preferred service provider. A comparable system exists for the actual credentials that we carry in our physical wallets, such as plastic cards [110]. Because people have complete control over their data, it is referred to as self-sovereign. ...
Citation: Shuaib, M.; Hassan, N.H.; Usman, S.; Alam, S.; Bhatia, S.; Agarwal, P.; Idrees, S.M. Land Registry Framework Based on Self-Sovereign Identity (SSI) for Environmental Sustainability.
... Through this process, verifiable credentials help manage anonymity, auditability, the correlation across contexts, privacy, revocability, and traceability, which can be authenticated using cryptographic proofs (Hyperledger 2021;Sporny et al., 2021). Verification can both occur as a centralized process, i.e., through a trusted network actor, or as part of the decentralized and automated process from digital MRV or EO data sources (Avellaneda et al., 2019;Li et al., 2019). In this way, DID-based systems remove the need for any centralized governing authority by constructing a decentralized web of trust among actors ( Figure 3B) while increasing transparency, improving communications, and saving costs Hyperledger 2021;Sporny et al., 2021). ...
The Paris Agreement’s decentralized and bottom-up approach to climate action poses an enormous accounting challenge by substantially increasing the number of heterogeneous national, sub-national, and non-state actors. Current legacy climate accounting systems and mechanisms are insufficient to avoid information asymmetry and double-counting due to actor heterogeneity and fragmentation. This paper presents a nested climate accounting architecture that integrates several innovative digital technologies, such as Distributed Ledger Technology, Internet of Things, Machine Learning, and concepts such as nested accounting and decentralized identifiers to improve interoperability across accounting systems. Such an architecture can enhance capacity building and technology transfer to the Global South by creating innovation groups, increasing scalability of accounting solutions that can lead to leapfrogging into innovative systems designs, and improving inclusiveness.
... As identifiers and associated identity data are no longer stored in centralized third-party repositories, eliminating a single point of failure, reducing the threat to privacy, enhancing security, and minimizing vulnerabilities connected to personal data misuse, data breaches, and identity-related cybercrimes [11]. Furthermore, SSI is user-centric [6], presenting a shift of power and control from central authorities to decentralized entities, such as users, i.e., identity holders, who must be central to the administration of their own identity and information flow during digital interactions [12] [13] and are responsible for storing their credentials in user agents, i.e., wallets. SSI enables an exchange of claims and credentials without an intermediary, allowing users to attain verifiable credentials from third-party issuers and/or make assertions about themselves, and present them to the relying party, i.e., verifies, requesting proof of identity. ...
Self-Sovereign Identity (SSI) is a novel and emerging, decentralized identity approach that enables entities to fully control and manage their digital identifiers and associated identity data while enhances trust, privacy, security, and many other properties analyzed in this paper. The paper provides an overview of the SSI properties, focusing on an in-depth analysis, furthermore presenting a comprehensive collection of SSI properties that are important for the implementation of the SSI system. In addition, it explores the SSI process flow and highlights the steps in which individual properties are important. After the initial purification and classification phase, we then validated properties among experts in the field of decentralized and self-sovereign identity management using an online questionnaire, which resulted in a final set of classified and verified SSI properties. The results can be used for further work on the definition and standardization of the SSI field.
... DIDs and the associated cryptographic keys, as well as credentials, are stored by users in so-called digital wallets, for instance on smartphones, computers, or in the cloud with a provider of their choice. Such a system is comparable to the physical credentials, e.g., plastic cards, we carry in our physical wallets [Avellaneda et al., 2019]. Since users fully control their data, this approach has been called self-sovereign [Allen, 2016]. ...
Know your customer (KYC) processes place a great burden on banks, because they are costly, inefficient, and inconvenient for customers. While blockchain technology is often mentioned as a potential solution, it is not clear how to use the technology's advantages without violating data protection regulations and customer privacy. We demonstrate how blockchain-based self-sovereign identity (SSI) can solve the challenges of KYC. We follow a rigorous design science research approach to create a framework that utilizes SSI in the KYC process, deriving nascent design principles that theorize on blockchain's role for SSI.
... DIDs and the associated cryptographic keys, as well as credentials, are stored by users in so-called digital wallets, for instance on smartphones, computers, or in the cloud with a provider of their choice. Such a system is comparable to the physical credentials, e.g., plastic cards, we carry in our physical wallets [Avellaneda et al., 2019]. Since users fully control their data, this approach has been called self-sovereign [Allen, 2016]. ...
Know your customer (KYC) processes place a great burden on banks, because they are costly, inefficient, and inconvenient for customers. While blockchain technology is often mentioned as a potential solution, it is not clear how to use the technology’s advantages without violating data protection regulations and customer privacy. We demonstrate how blockchain-based self-sovereign identity (SSI) can solve the challenges of KYC. We follow a rigorous design science research approach to create a framework that utilizes SSI in the KYC process, deriving nascent design principles that theorize on blockchain’s role for SSI.
... Recently, with the emergence of blockchains and DLT systems, the notion of a "self-sovereign" identity [39] has come to the forefront as a means for individuals to obtain control over their digital identities. This desire is not new, and it is as old as the Internet itself. ...
Today there is considerable interest in deploying blockchains and decentralized ledger technology as a means to address the deficiencies of current financial and digital asset infrastructures. The focal point of attention in many projects on digital asset and cryptocurrency is centered around blockchain systems and smart contracts. Many projects seek to make the blockchain as the centerpiece of the new decentralized world of finance. However, several roadblocks and challenges currently face this predominant blockchain-centric view. In this paper we argue that the proper and correct perspective on decentralized economy should be one that is asset-centric, where the goal should be the consistent lifecycle management of assets in the real-world with their digital representation on the blockchain. We introduce the notion of the digital twin to capture the relationship between a real-world asset and its on-chain representation. A digital twin container is utilized to permit off-chain state persistence and on-chain state traceability, where the container can be deployed on the blockchain as well as on traditional application servers. The digital twin container becomes the bridge between legacy infrastructures and the newly emergent blockchain infrastructures, permitting legacy systems to interoperate consistently with blockchain systems. We believe this asset-centric view to be the correct evolutionary direction for the nascent field of blockchains and decentralized ledger technology.
... SSI involves three distinct types of entities [46]: the issuer of an identity document, the holder of the respective document, and the verifier of properties described in the document. An analogy from the physical world serves as an illustration of the basic interactions [13]: An SSI system builds upon digital objects comparable to physical ID cards [47]. Appropriate organizations, such as government authorities, issue the respective ID cards to their holders, who subsequently store them in a physical infrastructure of their choice, such as a wallet. ...
The ongoing digital transformation of the medical sector requires solutions that are convenient and efficient for all stakeholders while protecting patients' sensitive data. One example involving both patients and health professionals that has already attracted design-oriented research are medical prescriptions. However, current implementations of electronic prescriptions typically create centralized data silos, leaving user data vulnerable to cybersecurity incidents and impeding interoperability. Research has also proposed decentralized solutions based on blockchain technology as an alternative, but privacy-related challenges have either been ignored or shifted to complex or yet non-standardized solutions so far. This paper presents a design and implementation of a system for the exchange of electronic prescriptions based on the combination of two blockchains and a digital wallet app. Our solution combines the bilateral, verifiable, and privacy-focused exchange of information between doctors, patients, and pharmacies based on a verifiable credential with a token-based, anonymized double-spending check. Our qualitative and quantitative evaluations suggest that this architecture can improve existing approaches to electronic prescription management by offering patients control over their data by design, a sufficient level of performance and scalability, and interoperability with emerging digital identity management solutions for users, businesses, and institutions.
... Therefore, third parties can verify its integrity without contacting the issuer. SSI provides a similar approach to physical ID cards by using Verifiable Credentials (VCs) (Avellaneda et al. 2019;Mühle et al. 2018). VCs contain identity data about their owner, which are digitally signed by trustworthy authorities using cryptographic techniques . ...
Due to a steeply growing number of energy assets, the increasingly decentralized and segmented energy sector fuels the potential for new digital use cases. In this paper, we focus our attention on the application field of asset logging, which addresses the collection, documentation, and usage of relevant asset data for direct or later verification. We identified a number of promising use cases that so far have not been implemented; supposedly due to the lack of a suitable technical infrastructure. Besides the high degree of complexity associated with various stakeholders and the diversity of assets involved, the main challenge we found in asset logging use cases is to guarantee the tamper-resistance and integrity of the stored data while meeting scalability, addressing cost requirements, and protecting sensitive data. Against this backdrop, we present a blockchain-based platform and argue that it can meet all identified requirements. Our proposed technical solution hierarchically aggregates data in Merkle trees and leverages Merkle proofs for the efficient and privacy-preserving verification of data integrity, thereby ensuring scalability even for highly frequent data logging. By connecting all stakeholders and assets involved on the platform through bilateral and authenticated communication channels and adding a blockchain as a shared foundation of trust, we implement a wide range of asset logging use cases and provide the basis for leveraging platform effects in future use cases that build on verifiable data. Along with the technical aspects of our solution, we discuss the challenges of its practical implementation in the energy sector and the next steps for testing in a regulatory sandbox approach.
... The suitability of open-source solutions for standardization has already proven to be a successful tool in several other domains. For example, it proved to be successful in the context of the definition of Decentralized Identity (DID) for blockchain solutions (Avellaneda et al., 2019). ...
Due to ongoing digitalization, more and more cloud services are finding their way into companies. In this context, data integration from the various software solutions, which are provided both on-premise (local use or licensing for local use of software) and as a service, is of great importance. In this regard, Integration Platform as a Service (IPaaS) models aim to support companies as well as software providers in the context of data integration by providing connectors to enable data flow between different applications and systems and other integration services. Since previous research has mostly focused on technical or legal aspects of IPaaS, this article focuses on deriving integration practices and design-related barriers and drivers regarding the adoption of IPaaS. Therefore, we conducted 10 interviews with experts from different software as a services vendors. Our results show that the main factors regarding the adoption of IPaaS are the standardization of data models, the usability and variety of connectors provided, and the issues regarding data privacy, security, and transparency.
... The identity information itself is not stored in the ledger but in a wallet managed by the user. By controlling what information is shared from the wallet to the requesting third party, users are able to manage their identity and privacy better online [1]. ...
We have entered the era of big data, and it is considered to be the "fuel" for the flourishing of artificial intelligence applications. The enactment of the EU General Data Protection Regulation (GDPR) raises concerns about individuals' privacy in big data. Federated learning (FL) emerges as a functional solution that can help build high-performance models shared among multiple parties while still complying with user privacy and data confidentiality requirements. Although FL has been intensively studied and used in real applications, there is still limited research related to its prospects and applications as a FLaaS (Federated Learning as a Service) to interested 3rd parties. In this paper, we present a FLaaS system: DID-eFed, where FL is facilitated by decentralized identities (DID) and a smart contract. DID enables a more flexible and credible decentralized access management in our system, while the smart contract offers a frictionless and less error-prone process. We describe particularly the scenario where our DID-eFed enables the FLaaS among hospitals and research institutions.
Today, most of us have more accounts with corresponding usernames and passwords than we can count. Online banking, shopping, streaming, and social media, among other things, require the user to authenticate, or prove, their identity to utilize the provided service. Keeping track of a multitude of accounts becomes burdensome, and many of us turn toward the usage of weak or recycled credentials that pose a security risk. On the other hand, to avoid said security risks, many of us trade our privacy for convenience and use social identities to log in, giving the companies that manage these identities the ability to track our behavior.
OAuth2.0 is a Single Sign-On approach that helps to authorize users to log into multiple applications without re-entering the credentials. Here, the OAuth service provider controls the central repository where data is stored, which may lead to third-party fraud and identity theft. To circumvent this problem, we need a distributed framework to authenticate and authorize the user without third-party involvement. This paper proposes a distributed authentication and authorization framework using a secret-sharing mechanism that comprises a blockchain-based decentralized identifier and a private distributed storage via an interplanetary file system. We implemented our proposed framework in Hyperledger Fabric (permissioned blockchain) and Ethereum TestNet (permissionless blockchain). Our performance analysis indicates that secret sharing-based authentication takes negligible time for generation and a combination of shares for verification. Moreover, security analysis shows that our model is robust, end-to-end secure, and compliant with the Universal Composability Framework.
The metaverse, as a rapidly evolving socio-technical phenomenon, exhibits significant potential across diverse domains by leveraging Web3 (a.k.a. Web 3.0) technologies such as blockchain, smart contracts, and non-fungible tokens (NFTs). This survey aims to provide a comprehensive overview of the Web3 metaverse from a human-centered perspective. We (i) systematically review the development of the metaverse over the past 30 years, highlighting the balanced contributions from its core components: Web3, immersive convergence, and crowd intelligence communities, (ii) define the metaverse that integrates the Web3 community as the Web3 metaverse and propose an analysis framework from the community, society, and human layers to describe the features, missions, and relationships for each community and their overlapping sections, (iii) survey the state-of-the-art of the Web3 metaverse from a human-centered perspective, namely the identity, field, and behavior aspects, and (iv) provide supplementary technical reviews. To the best of our knowledge, this work represents the first systematic, interdisciplinary survey on the Web3 metaverse. Specifically, we commence by discussing the potential for establishing decentralized identities (DID) utilizing mechanisms such as profile picture (PFP) NFTs, domain name NFTs, and soulbound tokens (SBTs). Subsequently, we examine land, utility, and equipment NFTs within the Web3 metaverse, highlighting interoperable and full on-chain solutions for existing centralization challenges. Lastly, we spotlight current research and practices about individual, intra-group, and inter-group behaviors within the Web3 metaverse, such as Creative Commons Zero license (CC0) NFTs, decentralized education, decentralized science (DeSci), and decentralized autonomous organizations (DAO). Furthermore, we share our insights into several promising directions, encompassing three key socio-technical facets of Web3 metaverse development.
Web 3, or the decentralized web, uses blockchain technology and decentralised principles to revolutionize online interactions and commercial practises. It gives people authority, builds trust, and allows for peer-to-peer interactions. Blockchain is a decentralized and secure database that ensures transparent transactions without the need of middlemen. Web 3 is reshaping the financial, healthcare, supply chain, and entertainment industries. Cryptocurrencies provide safe and borderless transactions. It improves supply chain management, assures ethical sourcing, and gives content producers more influence. Decentralised identification systems overcome the problems associated with centralized identity. Scalability, interoperability, and performance are all difficult issues. The importance of interoperability and standardization cannot be overstated. Regulatory and legal problems must be consistent with the ideas of decentralized identity. Decentralized identification systems provide personalised and transparent experiences that foster trust and consumer loyalty.
This chapter delves into the core building blocks of Web3, the transformative phase of the internet characterized by decentralized and user-centric digital ecosystems. It explores the ethos of Web3, emphasizing openness, transparency, trustlessness, and user empowerment. The chapter examines blockchain technology for secure transactions, smart contracts revolutionizing agreements, and cryptocurrencies facilitating peer-to-peer value transfer. It discusses decentralized finance (DeFi) as a transformative building block and explores decentralized applications (DApps) and non-fungible tokens (NFTs) for creating user-centric platforms. The importance of interoperability along with governance mechanisms like decentralized autonomous organizations (DAOs) is highlighted. The chapter concludes by envisioning the interconnectedness between Web3 and the metaverse, where virtual and physical realities merge. Overall, it provides a comprehensive overview of Web3's emergence and its transformative impact on decentralization, transparency, and user empowerment.
Decentralized identity solutions, built on the concept of Self-Sovereign Identity (SSI), have gained a competitive edge over existing identity management (IM) systems. This paper discusses the significance of decentralized identifier (DID) and verifiable credential (VC) in a peer-to-peer application for selling and managing pre-owned vehicles. The application uses Ethereum’s ERC-1056 lightweight DID standard. We aim to comply with the general data protection regulation (GDPR) requirements of the European Union. We propose implementing JSON Web Tokens (JWT) to store the user encoded information locally and a private interplanetary file system (IPFS) to maintain encrypted and encoded vehicle data information for improved privacy. Additionally, the ERC-721 standard is used to tokenize the vehicle to create the digital twin. Finally, we add the VC to the digital twin of the vehicle to increase the trust in the proposed model. The results demonstrate that our proposed solution offers more trust between the users and privacy of user and vehicle data. Furthermore, we also compute and compare the average cost of user DID creation using ERC-1056 and ERC-725, and the proposed solution is more cost-effective than the existing solutions.
This chapter delves into the potential of decentralized social networks to address the growing concerns surrounding privacy, censorship, and user control on centralized social platforms. Offering an alternative to traditional social media, decentralized social networks foster trust and transparency in online interactions by leveraging distributed ledger technologies like blockchain where data is stored across multiple nodes controlled by the users themselves. Decentralized networks utilize such systems to offer the means for privacy and communication without censorship or interference, empowering users with greater control over their personal data. Combining the exploration of decentralized social networks' fundamental features, analysis of advantages and challenges, and examination of real-world initiatives, this research aims to contribute to the understanding of this Web 3 phenomenon and its potential to reshape the social media landscape in a decentralized, democratic, and user-centric way.
Braudrillard 所說的超真實(hyperréalité)沒有過去與未來,元宇宙所構成 的超真實是不會有如同人類社會一樣隨著時間與人群移動造成社會城市興盛與衰敗 的物質景觀。元宇宙的超真實與 Guy Debord 的景觀(spectacle)一樣,不停被人 類消費。社會不會衰敗,但是可能無法進入與營運,但是始終會有新的元宇宙出 現。這個新的景觀,可以藉由藝術當中現代與後現代藝術的美學發展,作為人類學 民族誌研究的取向之一。藉由探究人類從相信技術到懷疑技術所創造出來的美學元 宇宙,以及伴隨著其過程所發展出對於科技與使用科技的再現方式,這個新類型的 美學民族誌的研究,可以幫助我們分析沒有衰敗的超真實的歷史,而這也回應了 Braudrillard 所說的 「幻象沒有歷史,只有美學形式才有」,並從而了解在元宇宙 中的人類社會是如何在沒有死亡與衰敗的情境中,元宇宙藉由結合金融體系與美學 共享,透過使用消費元宇宙當中如同現代主義的機器/卡通化風格,與後現代主義 的質疑與挪用的擬真/人性風格,維持景觀始終如新的社會秩序,展現經濟與權力 的文化形塑與再現。
E-government systems have revolutionized the way governments deliver services and interact with citizens. However, with the increasing reliance on digital platforms, ensuring the security of e-government systems has become a critical challenge. This paper provides an overview of e-government security, highlighting the importance of safeguarding government systems and data from various threats. It emphasizes the significance of e-government security in maintaining the integrity, confidentiality, and availability of government services. In addition, it highlights the vulnerabilities and risks faced by e-government systems, including data breaches, insider threats, phishing attacks, and emerging security challenges. Furthermore, the discussion of the current state of e-government security solutions is provided, pointing out their strengths and weaknesses. The findings indicate the need for continuous research and improvement to address the weaknesses and gaps in existing security measures. Several research areas that require further attention are identified, such as the security of emerging technologies, user-centric security approaches, privacy-preserving technologies, and effective risk assessment and management strategies. Emphasis is also paid to the importance of international cooperation, standardization, and collaboration among stakeholders to enhance e-government security on a global scale.
Lately the importance of swarm robotics has been recognized in a wide range of areas, including logistics, surveillance, disaster management, agriculture, and other industrial applications. The swarm intelligence introduced by the existing paradigm of Artificial Intelligence and Machine Learning often ignores the aspect of providing security and reliability guarantees. Consider a futuristic scenario wherein self-driving cars will transport people, self-driving trucks will carry cargo between warehouses, and a combination of legged robots/drones will ship cargo from warehouses to doorsteps. In the case of such a heterogeneous swarm of robots, it is crucial to ensure a trustful and reliable operating platform for smooth coordination, collaborative decision-making via appropriate consensus, and seamless information sharing while ensuring data security. In this direction, blockchain has been proven to be an effective technology that maintains the transactions (records) in a trustful manner after being validated through consensus. This guarantees accountability, transparency, and trust concerning the storage, safeguarding, and sharing of information among the parties. In this paper, we provide a walkthrough demonstrating the feasibility of using blockchain technology to make the robotic swarm trustful systems in their adoption to critical applications at large-scale. We highlight the pros and cons of the use of cloud vis-a-vis blockchain in swarm robotics. Finally, we present various future research opportunities pertaining to the adoption of blockchain technology in swarm robotics applications.
Although blockchain is an emerging technology, it has been applied in a lot of domains by leveraging its features. Traditional identity management systems have many issues regarding security and privacy of personal data. Blockchain has the potential to mitigate and avoid such issues by creating trust among the parties involved in the system while reducing reliance on third-party authorities. The first blockchain-based identity management solutions were launched in 2016. Since then, due to high demand, numerous primary and experimental studies and intatives have been carried out to provide solutions to this research topic. Along with that, there are also a lot of secondary studies to overview the current state of research on this topic. However, the number of systematic research articles is still limited and each research has it limitation. Through this study, we provide a novel systematic literature including categorization of studies into predefined categories (domain, research type, place of publication), analysis of publication frequency, co-authorship, number of papers citing each paper of all studied papers. Comparing to other systematic literature mapping studies, our paper provides a more comprehensive view of the studied articles. In particular, we analyze the number of citations, which no study has ever done. In this research, we studied 361 papers published from January 2009 to April 2022 in four big databases (IEEE Explore, ACM Digital Library, ScienceDirect, Springer Link), the largest number of articles studied compared to previous researches. The obtained results show that most of the articles under validation research type (providing solution and implementing that solution but not in real-world scenarios) propose solutions/systems, models/schemes and architectures to address general problems. We also find that the majority of authors works alone or collaborate in a separate group and co-work in only one paper. This shows that there is no long term collaboration in blockchain-based IdM identity management, and thus subsequent publications presenting real-world blockchain-based identity management products do not exist.
The digital transformation of the medical sector requires solutions that are convenient and efficient for all stakeholders while protecting patients’ sensitive data. One example that has already attracted design-oriented research are medical prescriptions. However, current implementations of electronic prescription management systems typically create centralized data silos, leaving user data vulnerable to cybersecurity incidents and impeding interoperability. Research has also proposed decentralized solutions based on blockchain technology, but privacy-related challenges have often been ignored. We conduct design science research to develop and implement a system for the exchange of electronic prescriptions that builds on two blockchains and a digital wallet app. Our solution combines the bilateral, verifiable, and privacy-focused exchange of information between doctors, patients, and pharmacies through verifiable credentials with a token-based, anonymized double-spending check. Our qualitative and quantitative evaluations as well as a security analysis suggest that this architecture can improve existing approaches to electronic prescription management by offering patients control over their data by design, a high level of security, sufficient performance and scalability, and interoperability with emerging digital identity management solutions for users, businesses, and institutions. We also derive principles on how to design decentralized, privacy-oriented information systems that require both the exchange of sensitive information and double-usage protection.
Self-Sovereign Identity is an emerging, user-centric, decentralized identity approach utilizing some form of decentralized technology. It provides a means for digital identification without reliance on any external authority, enabling entities to control their identity and data flow during digital interactions while enhancing security and privacy. With the rise of blockchain technology, Self-Sovereign Identity is gathering momentum in academia and industry while the number of research papers increases rapidly. Yet Self-Sovereign Identity is still in a young unstructured field in its early stages of research. Thus, a systematic mapping methodology was adopted to provide a coarse-grained overview of decentralized and Self-Sovereign Identity and structure the research area by identifying, analyzing, and classifying the research papers according to predefined parameters, precisely according to their contribution, application domain, IT field, research type, research method, and place of publication. Furthermore, the nature and scope of the research are determined, meanwhile existing research topics, gained insights into trends, demographics, challenges, gaps, and opportunities for future research are also presented.
Federated identity management has allowed the users to dynamically distribute identity information across security domains that increases the portability of their digital identities. Federated identity management is a set of technologies and processes that allow computer systems to dynamically distribute identity information and delegate identity tasks across security domains. Federated identity is a means by which Web applications offer the users with cross-domain single sign-on (SSO) that lets them to authenticate once and then gain access to protected resources and Websites. Federated identity offers solutions to many problems faced by the user in the Web environments, and SSO is the first federated capability that is added by the organizations. Federated identity is less expensive than implementing a high-quality authentication infrastructure because it offloads the authentication task to an IdP.
Distributed Ledger Technology Terms and Definitions
- Itu-T Tech
- Spec
ITU-T Tech. Spec., "Distributed Ledger Technology Terms and Definitions," 1
Decentralized Identifiers (DIDs) v1.0, Core Data Model and Syntaxes
- reed
D. Reed et al., "Decentralized Identifiers (DIDs) v1.0, Core Data Model and
Syntaxes," W3C Working Draft 09 December 2019; https://www.w3.org/TR/
did-core/.
Verifiable Credentials Data Model 1.0 Expressing Verifiable Information on the Web
- sporny
M. Sporny et al., "Verifiable Credentials Data Model 1.0 Expressing Verifiable
Information on the Web," W3C Rec., 19 Nov. 2019; https://www.w3.org/TR/
vc-data-model/
The Path to Self-Sovereign Identity
- C Allen