18 minute read

Self Sovereign Identity

  • Self-Sovereign Identity in a World of Authentication: Architecture and Domain Usecases 2022-09-23 Morgan Reece & Sudip Mittal Mississippi State University

    In this paper, we describe the SSI framework architecture as well as possible use cases across domains like healthcare, finance, retail, and government. The paper also contrasts SSI and its decentralized architecture with the current widely adopted model of Public Key Infrastructure (PKI).

  • Towards the classification of Self-Sovereign Identity properties 2022-08-19 ŠPELACUCKO, ŠEILA BECIROVIC, AIDA KAMIŠALIC, SAŠA MRDOVIC, MUHAMED TURKANOVI

    The paper provides an overview of the SSI properties, focusing on an in-depth analysis, furthermore presenting a comprehensive collection of SSI properties that are important for the implementation of the SSI system. In addition, it explores the SSI process flow and highlights the steps in which individual properties are important.

  • Self-sovereign Identity: A Conceptual Framework & Ecosystem Design 2022-06-16 Gabriele Tripi, Linköping University.

    the findings are presented as two parts of a whole, the first being the conceptual framework that describes a set of essential factors that an ecosystem requires in order to fulfill the goals of self-sovereign identity and interoperability. The second is a set of visualizations of how the framework can be used to design systems and interactions, inside and between the systems, to create an ecosystem.

  • Digital Identities and Verifiable Credentials 2021-10-04 Johannes Sedlmeir, Reilly Smethurst, Alexander Rieger, Gilbert Fridgen

    Verifiable credentials and digital wallets offer a convenient, secure, and privacy-oriented alternative to current physical and digital identity management systems. A recent example – COVID-19 vaccination certificates – highlights this. The verification of paper-based vaccination certificates is often error-prone and time-consuming, especially when many certificates have to be verified in a short period of time, e.g., at a football match or when boarding a plane. Moreover, to establish a sufficient level of authenticity, paper-based vaccination certificates are typically disclosed with additional personal information and identity documents, such as a physical ID card. This requirement to disclose a considerable amount of personal information raises privacy concerns, it is inconvenient, and it increases the total verification time.

  • Self-Sovereign Identity: A Systematic Map and Review 2021-08-18 Frederico Schardong, Ricardo Custódio

    This study presents a rigorous systematic mapping and systematic literature review covering theoretical and practical advances in Self-Sovereign Identity. We identified and aggregated evidence from publications to answer four research questions, resulting in a classification scheme used to categorize and review publications. Open challenges are also discussed, providing recommendations for future work.

  • Decentralized and Self-Sovereign Identity: Systematic Mapping Study 2021 Špela Čučko Muhamed Turkanović

    The results suggest that validation research and solution proposals prevail, addressing decentralized identity in a general matter. Papers mainly propose systems/solutions, architectures, and frameworks, focusing on authentication, security, privacy, and trust, while there are hardly any studies researching usability, user experience, patterns, and good practices.

  • Self-Sovereign Identity as the Basis for Universally Applicable Digital Identities 2021-02-22 Tobias Ehrlich, Daniel Richter, Michael Meisel, Jürgen Anke

    This paper addresses the role of digital identities for a functioning digital economy and outlines requirements for their management. […] The concept of Self-Sovereign Identities (SSI) and the associated standards “Verifiable Credentials” and “Decentralized Identifiers” is a promising approach to improve the situation. They allow the flexible exchange of tamper-proof digital proofs between users and systems. Therefore, they form the foundation for building trust relationships in the digital space. This paper introduces the SSI paradigm and discusses the barriers that prevent the wide-scale adoption of this concept.

  • The Contested Horizons of Digital Identity 2020-10 Margie Cheesman

    I identify a series of competing logics in the debates around SSI’s emancipatory potential, which relate to four issues: (i) the neutrality of the technology, (ii) the capacities of refugees, (iii) global governance and the nation state, and (iv) new economic models for digital identity. SSI is simultaneously the potential enabler of new modes of empowerment, autonomy and data security for refugees and a means of maintaining and extending bureaucratic and commercial power.

  • Towards a Modelling Framework for Self-Sovereign Identity Systems 2020-09-10 Iain Barclay, Maria Freytsis†, Sherri Bucher, Swapna Radha, Alun Preece, Ian Taylor

    Modelling self-sovereign identity systems seeks to provide stakeholders and software architects with tools to enable them to communicate effectively, and lead to effective and well-regarded system designs and implementations. This paper draws upon research from Actor-based Modelling to guide a way forward in modelling self-sovereign systems, and reports early success in utilising the iStar 2.0 framework to provide a representation of a birth registration case study.

  • Self Sovereign Digital Identity on the Blockchain: A Discourse Analysis 2019-04 Onat Kibaroglu if you want understand the history of self-sovereign intellectual ideas its a good read.

    A key aim of this paper then, is to bring a discussion that must be (but currently is not) taking place in an academic context, due to its inherent multidisciplinary nature and complexities, into that particular realm of debate. This ‘history of self-sovereignty’, thus can be read as an experimental discourse analysis that discerns the contemporary usage of the concept

  • A Survey on Essential Components of a Self-Sovereign Identity 2018-07-17 Alexander Mühle, Andreas Grüner, Tatiana Gayvoronskaya, Christoph Meinel

    We further distinguish two major approaches, namely the Identifier Registry Model and its extension the Claim Registry Model. […] We will provide a more coherent view of verifiable claims in regards to blockchain based SSI and clarify differences in the used terminology. Storage solutions for the verifiable claims, both on- and off-chain, are presented with their advantages and disadvantages.

Establishing SSI - Frontiers Research

  • Establishing Self Sovereign Identity

    • How will society transition from today’s vast, vulnerable identity data silos to SSI?

    • Will social media giants and governments embrace or resist SSI?
    • Will SSI play a role in activism by civil society organisations?
    • What are the incentives and commercial models that will encourage SSI adoption?
    • What kinds of governance structures need to be established for SSI? The purpose of this Research Topic is to generate a rich resource for identity practitioners, researchers, technologists, potential adopters and many more to explore, understand, advance and enrich this subject.
  • Editorial: Establishing Self Sovereign Identity with Blockchain 2022-08-19 Frontiers

    This topic is a resource for those seeking to understand the building blocks and challenges of creating and growing SSI identity networks. Developing an SSI system is not straightforward; it takes a journey of collaboration and compromise.

  • Exploring Value Propositions to Drive Self-Sovereign Identity Adoption 2021-03-04 Mick Lockwood

    Original Research This paper presents research exploring the balancing of interactive friction and value proposition in the context of Self-Sovereign Identity (SSI) technology adoption. This work extends a related investigation of a full agency engagement with a

  • An Accessible Interface Layer for Self-Sovereign Identity 2021-03-02 Mick Lockwood

    Original Research The mechanisms and evolving standards collectively known as Self-Sovereign Identity (SSI) offer the prospect of a decentralised Internet by providing a central pillar for a Human-Centred Data Ecosystem (HCDE).

  • Development of a Mobile, Self-Sovereign Identity Approach for Facility Birth Registration in Kenya 2021-01-15 Maria Freytsis1, Iain Barclay, Swapna Krishnakumar Radha, Adam Czajka, Geoffery H. Siwo, Ian Taylor, Sherri Bucher

    This paper describes the development of a smartphone-based prototype system that allows interaction between families and health workers to carry out the initial steps of birth registration and linkage of mothers-baby pairs in an urban Kenyan setting using verifiable credentials, decentralized identifiers, and the emerging standards for their implementation in identity systems.

  • Distributed Ledger Technologies, Value Accounting, and the Self Sovereign Identity 2020-06-23 Sarah Manski

    Review Technological activists are designing blockchains and other distributed ledger technologies to challenge extractive value-accounting and identity management in global capitalism.

Proposed Systems

  • SSI4Web: A Self-sovereign Identity (SSI) Framework for the Web 2022-07 Sadek Ferdous, Andrei Ionita

    a framework for integrating Self-sovereign Identity (SSI) for providing web services in a secure passwordless manner with much more user control and greater flexibility. We provide its architecture, discuss its implementation details, sketch out its use-case with an analysis of its advantages and limitations.

  • NSSIA: A New Self-Sovereign Identity Scheme with Accountability 2022

    This thesis proposes a conceptual framework for the design of an ecosystem that supports self-sovereign identity. The research reviews theory, methodology, and technology from subjects such as design, identity, and distributed systems. Through the design process, a set of elements and functions supporting interactions within an ecosystem were developed. The design is revolved around the ideas of privacy, security, distribution, and interoperability. The findings are presented as two parts of a whole, the first being the conceptual framework that describes a set of essential factors that an ecosystem requires in order to fulfill the goals of self-sovereign identity and interoperability. The second is a set of visualizations of how the framework can be used to design systems and interactions, inside and between the systems, to create an ecosystem.

  • A Truly Self-Sovereign Identity System 2021-09-28 Quinten Stokkink, Georgy Ishmaev, Dick Epema, Johan Pouwelse

    we argue that without addressing privacy at the network level, SSI systems cannot deliver on this promise. In this paper we present the design and analysis of our solution TCID, created in collaboration with the Dutch government. TCID is a system consisting of a set of components that together satisfy seven functional requirements to guarantee the desirable system properties.

  • Analysis and Evaluation of Blockchain-based Self-Sovereign Identity Systems 2019-11-19 Martin Schaeffner

    The components of SSI will be described in detail, evaluated, and visualized in a components architecture. These include standards like decentralized identifiers (DIDs), verifiable credentials (VCs), and verifiable presentations (VPs). Further, the concepts of a decentralized public key infrastructure (DPKI) and a decentralized key management system (DKMS) are introduced. Additionally, this thesis deals in detail with the trust infrastructure of SSI.

    Additionally, this thesis focuses on SSI systems and their underlying DID methods. To provide an overview of existing identity systems, the SSI ecosystem is analyzed on its currently existing DID methods. Based on the presented DID methods, representative DID methods are selected and examined for further analysis and evaluation of the system. To analyze the DID methods and their systems, criteria are defined to emphasize the differences of each DID method. The results from the analysis are then used for evaluating the DID methods.

  • A First Look at Identity Management Schemes on the Blockchain 2018-01-10 Paul Dunphy, Fabien A. P. Petitcolas

    The emergence of distributed ledger technology (DLT) based upon a blockchain data structure, has given rise to new approaches to identity management that aim to upend dominant approaches to providing and consuming digital identities. These new approaches to identity management (IdM) propose to enhance decentralisation, transparency and user control in transactions that involve identity information; but, given the historical challenge to design IdM, can these new DLTbased schemes deliver on their lofty goals? We introduce the emerging landscape of DLT-based IdM, and evaluate three representative proposals – uPort, ShoCard and Sovrin – using the analytic lens of a seminal framework that characterises the nature of successful IdM schemes

  • Matching Identity Management Solutions to Self Sovereign Identity Solutions 2018-05-01 Tommy Koens

    We created an analysis of nearly 50 (blockchain based) digital identity management solutions, and matched these against Self Sovereign Identity (SSI) management principles and additional requirements. The document can be found here: https://www.slideshare.net/secret/uafcwzQQWH86SW

Problem areas

  • Toward a Post-Quantum Zero-Knowledge Verifiable Credential System for Self-Sovereign Identity 2022-12-07 Simone Dutto, Davide Margaria, Carlo Sanna, Andrea Vesco of LNKS Foundation & Politecnico di Torino

    We describe the two main ZKP VCs schemes based on classical cryptographic assumptions, that is, the signature scheme with efficient protocols of Camenisch and Lysyanskaya, which is based on the strong RSA assumption, and the BBS+ scheme of Boneh, Boyen and Shacham, which is based on the strong Diffie-Hellman assumption. Since these schemes are not quantum-resistant, we select as one of the possible post-quantum alternatives a lattice-based scheme proposed by Jeudy, Roux-Langlois, and Sander, and we try to identify the open problems for achieving VCs suitable for selective disclosure, non-interactive renewal mechanisms, and efficient revocation.

  • Distributed Attestation Revocation in Self-Sovereign Identity 2022-08-10 Rowdy Chotkan, Jérémie Decouchant, Johan Pouwelse

    the first fully distributed SSI revocation mechanism that does not rely on specialised trusted nodes. Our novel gossip-based propagation algorithm disseminates revocations throughout the network and provides nodes with a proof of revocation that enables offline verification of revocations. We demonstrate through simulations that our protocol adequately scales to national levels.

  • Building a Credential Exchange Infrastructure for Digital Identity: A Sociohistorical Perspective and Policy Guidelines 2022-02-14 Mawaki Chango

    Credential Exchange Infrastructures based on open standards are emerging with work ongoing across many different jurisdictions, in several global standards bodies and industry associations, as well as at a national level. This article addresses the technology advances on this topic, particularly around identification mechanisms, through the Self-sovereign identity model.

Use Cases

  • A Consortium Blockchain-Based Secure and Trusted Electronic Portfolio Management Scheme 2022-02-03 Mpyana Mwamba Merlec, Mainul Islam,Youn Kyu Lee, Hoh Peter

    This system guarantees the authenticity and integrity of user credentials and e-portfolio data. Decentralized identifiers and verifiable credentials are used for user profile identification, authentication, and authorization, whereas verifiable claims are used for e-portfolio credential proof authentication and verification. We have designed and implemented a prototype of the proposed scheme using a Quorum consortium blockchain network. Based on the evaluations, our solution is feasible, secure, and privacy-preserving. It offers excellent performance.

  • How to protect privacy in a datafied society? A presentation of multiple legal and conceptual approaches 2022-01-29 Oskar J. Gstrein, Anne Beaulieu

    serves as a key resource to analyse the usefulness of the approaches in the context of the increasing datafication of both private and public spheres.

  • Digital identity for development: The quest for justice and a research agenda 2020-12-29 Silvia Masiero

    we first propose a framework to map the theoretical link between digital identity and human development, articulated in three dimensions linking digital identity to expected development outcomes. Secondly, we present the seven papers in this collection in terms of how they problematise such a link, observing how each of them uses empirical data to increase existing knowledge on this connection and question it.

  • Beyond Consent: A Right-to-Use License for Mutual Agency 2019-12 Lisa LeVasseur; Eve Maler

    What’s needed is a method to enable true mutual agency between any two parties in an Internet-enabled relationship. We propose a right-to-use license for access permissions as a practical alternative to consent and contract as used today, and a taxonomy that classifies important types of permissions. We also examine new data sharing scenarios, including decentralized identity, that may support their use.

  • A Decentralized Digital Identity Architecture 2019-11-05 Geoff Goodell, Tomaso Aste

    Although this article shall focus on challenges related to identity systems for adult persons in the developed world, we argue that the considerations around data protection and personal data that are applicable in the humanitarian context, such as those elaborated by the International Committee of the Red Cross


  • Self-sovereign Identity – Opportunities and Challenges for the Digital Revolution 2017-12-05 Uwe Der, Stefan Jähnichen, Jan Sürmeli

    The interconnectedness of people, services and devices is a defining aspect of the digital revolution, and, secure digital identities are an important prerequisite for secure and legally compliant information exchange. Existing approaches to realize a secure identity management focus on central providers of identities such as national authorities or online service providers. Hence, changing residence or service provider often means to start over and creating new identities, because procedures for data portability are missing. Self-sovereign digital identities are instead created and managed by individuals, and enable them to maintain their digital identities independent from residence, national eID infrastructure and market-dominating service providers.

  • IDENTITY MATTERS - A primer paper on the rise and relevance of Self-Sovereign Identity. 2017-09

    This list of 13 interesting projects / startups in the Self Sovereign Identity field should be treated as a starting point as of September 2017; it will be out of date when you read it …

  • Blockchain for Identity Management 2016-12-11 Ori Jacobovitz

    In this paper, I discusses the state of the art in Blockchain technology and its applications, focusing on applications and solutions in identity management

  • Towards Self-Sovereign Identity using Blockchain Technology 2016-10-26 Djuri Baars, Rabobank

    A case study has been performed on a solution which allows the exchange of KYC attributes, resulting from thorough Customer Due Diligence (CDD) as is often performed when opening a bank account. These attributes can be used by other entities, like insurance companies and mortgage lenders to make their on-boarding process easier for customers, since they don’t need to supply copies of the same documentation all over again. Also, the companies themselves could outsource their Customer Due Diligence (CDD) this way to lower costs and make fewer errors. Although the idea is very interesting, the studied solution did not meet the expectations. At the time the company behind the solution was very small and the process to improve very complex. The solution was also proprietary, creating dependence on the vendor, which heightens the adoption barrier

  • Decentralizing Privacy: Using Blockchain to Protect Personal Data 2015-03-02

    Personal data, and sensitive data in general, should not be trusted in the hands of third-parties, where they are susceptible to attacks and misuse. Instead, users should own and control their data without compromising security or limiting companies’ and authorities’ ability to provide personalized services. Our platform enables this by combining a blockchain, re-purposed as an access-control moderator, with an off-blockchain storage solution. Users are not required to trust any third-party and are always aware of the data that is being collected about them and how it is used. In addition, the blockchain recognizes the users as the owners of their personal data. Companies, in turn, can focus on utilizing data without being overly concerned about properly securing and compartmentalizing them.

  • Establishing Identity Without Certification Authorities 1996

    There are many methods for establishing identity without using certificates from trusted certification authorities. The relationship between verifier and subject guides the choice of method. Many of these relationships have easy, straight-forward methods for binding a public key to an identity, using a broadcast channel or 1:1 meetings, but one relationship makes it especially difficult. That relationship is one with an old friend with whom you had lost touch but who appears now to be available on the net. You make contact and share a few exchanges which suggest to you that this is, indeed, your old friend. Then you want to form a secure channel in order to carry on a more extensive conversation in private. This case is subject to the man-in-the-middle attack. For this case, a protocol is presented which binds a pair of identities to a pair of public keys without using any certificates issued by a trusted CA.

  • Security without Identification: Transaction Systems to make Big Brother Obsolete 1985 David Chaum

    With the new approach, an individual uses a different account number or “digital pseudonym” with each organization. Individuals will create all such pseudonyms by a special random process. Information further identifying the individual is not used. A purchase at a shop, for example, might be made under a one-time-use pseudonym; for a series of transactions comprising an ongoing relationship, such as a bank account, a single pseudonym could be used repeatedly. Although the pseudonyms cannot be linked, organizations will be able to ensure that the pseudonyms are not used improperly by such measures as limiting individuals to one pseudonym per organization and ensuring that individuals are held accountable for abuses created under any of their pseudonyms. Individuals will be able to authenticate ownership of their pseudonyms and use them while ensuring that they are not improperly used by others.

  • The Knowledge Complexity Of Interactive Proofs 1985 Shafi Goldwasser, Silvio Micali, and Charles Rackoff

    In this paper a computational complexity theory of the “knowledge” contained in a proof is developed. Zero-knowledge proofs are defined as those proofs that convey no additional knowledge other than the correctness of the proposition in question. Examples of zero-knowledge proof systems are given for the languages of quadratic residuosity and ‘quadratic nonresiduosity. These are the first examples of zero-knowledge proofs for languages not known to be efficiently recognizable.


  • Self-sovereign identity as future privacy by design solution in digital identity? 2022-08 International Association of Privacy Professionals (White Paper)

    With ongoing research in the field and growing awareness of the potential for privacy protection of SSI solutions, the concepts of privacy by default and privacy by design are increasingly adopted for new architectures using distributed ledger technology. It will, however, need the private sector to follow a SSI market roadmap, and to implement and use the opportunities of SSI to complete this (r)evolution of digital identity

  • Self-Sovereign Identities (SSI) – user-focused concept for data-efficient identity management 2021-11-18 Bosch

    “Since offering users control and sovereignty over their own data is a highly desirable goal, we are working with innovation partners to establish an identity system that works without any central data collector and is operated equally by many participants,” says Dr. Nik Scharmann, Project Director of the “Economy of Things” (EoT) strategic advance engineering project at Bosch Research.

  • Digital Identity: the current state of affairs 2018-02 BBVA Research

    As public identities have been created by different authorities, and since a global public or private identity is not a realistic option in the short term, interoperability and the collaboration between different entities to offer complete solutions is decisive. In the long run, to become a trusted identity provider across different industries could represent a big business opportunity for financial institutions

  • Blockchain: Evolving Decentralized Identity Design 2017-12-01

    Decentralized identity is evolving into self-sovereign identity networks and verification services. While efforts are underway to establish standards for these ecosystems, technical professionals should identify processes that will be affected and plan for integration scenarios in coming years.

  • A Comprehensive Guide to Self Sovereign Identity 2019-04-06 Kaliya ‘Identity Woman’ Young and Heather Vescent [Related]

    Self Sovereign Identity technologies give individuals and companies the ability to control and manage their own digital identifiers. This technology is gaining momentum as it solves previously unsolvable challenges. With the emergence of SSI open standards, a new layer of the internet emerges for the identity of people and organizations. SSI represents a new paradigm – it changes the identity game completely.