Self-sovereign Identity : A Conceptual Framework & Ecosystem Design

Tripi, Gabriele

January 2022

The ideas expressed in this thesis are meant to address the need for a transformation in the identity management systems currently in use in different parts of the world. Specifically, the paper presents a logical deduction of essential processes to allow for communication between individual people, governments, organizations, and private institutions to exchange and manage information pertaining to identity. This thesis proposes a conceptual framework for the design of an ecosystem that supports self-sovereign identity. The research reviews theory, methodology, and technology from subjects such as design, identity, and distributed systems. Through the design process, a set of elements and functions supporting interactions within an ecosystem were developed. The design is revolved around the ideas of privacy, security, distribution, and interoperability. The findings are presented as two parts of a whole, the first being the conceptual framework that describes a set of essential factors that an ecosystem requires in order to fulfill the goals of self-sovereign identity and interoperability. The second is a set of visualizations of how the framework can be used to design systems and interactions, inside and between the systems, to create an ecosystem. / <p>2022-06-20: Author's name has been corrected on the front page.</p>

Self-sovereign identity

Decentralized identity

Speculative design

Service

Ecosystems

Blockchain

Technology

Framework

Design

Design

Decentralized Identity Management for a Maritime Digital Infrastructure : With focus on usability and data integrity

Fleming, Theodor

January 2019

When the Internet was created it did not include any protocol for identifying the person behind the computer. Instead, the act of identification has primarily been established by trusting a third party. But, the rise of Distributed Ledger Technology has made it possible to authenticate a digital identity and build trust without the need of a third party. The Swedish Maritime Administration are currently validating a new maritime digital infrastructure for the maritime transportation industry. The goal is to reduce the number of accidents, fuel consumption and voyage costs. Involved actors has their identity stored in a central registry that relies on the trust of a third party. This thesis investigates how a conversion from the centralized identity registry to a decentralized identity registry affects the usability and the risk for compromised data integrity. This is done by implementing a Proof of Concept of a decentralized identity registry that replaces the current centralized registry, and comparing them. The decentralized Proof of Concept’s risk for compromised data integrity is 95.1% less compared with the centralized registry, but this comes with a loss of 53% in efficiency.

Decentralized identity

Decentralized Public Key Managemet

Decentralized Identifiers

Usability

Integrity

Hyperledger Indy

Distributed Ledger Technology

Computer Engineering

Datorteknik

Software Engineering

Programvaruteknik

Data ownership and interoperability for a decentralized social semantic web / La propriété des données et l'interopérabilité pour un Web sémantique social décentralisé

Sambra, Andrei Vlad

19 November 2013

Assurer l'appropriation des données personnelles et l'interopérabilité des applications Web sociaux décentralisées est actuellement un sujet controversé, surtout en prenant compte des aspects de la vie privée et du contrôle d'accès. Il est important d'améliorer le Web social de telle manière à permettre des modèles d'affaires viables tout en étant capable de fournir une plus grande appropriation des données et l'interopérabilité des données par rappport à la situation actuelle. A cet égard, nous avons concentré notre recherche sur trois thèmes différents: le contrôle d'identité, l'authentifiaction et le contrôle d'accès. Tout d'abord, nous abordons le sujet de l'identité décentralisée en proposant un nouveau standard Web appelé "Web Identity and Discovery" (WebID), qui offre un mécanisme d'identification simple et universel qui est distribué et ouvertement extensible. Ensuite, nous passons à la question de l'authentification où nous proposons WebID-TLS, un protocole d'authentification décentralisé qui permet l'authentification sécurisée, simple et efficace sur le Web en permettant aux personnes de se connecter à l'aide de certificats clients. Nous étendons également WebID-TLS, en offrant des moyens d'effectuer de l'authentification déléguée et de la délégation d'accès. Enfin, nous présentons notre dernière contribution, un service de contrôle d'accès social, qui sert à protéger l'accès aux ressources Linked Data générés par les utilisateurs (par exemple, les données de profil, messages du mur, conversations, etc) par l'application de deux mesures: la "distance de proximité sociale" et "contexte social" / Ensuring personal data ownership and interoperability for decentralized social Web applications is currently a debated topic, especially when taking into consideration the aspects of privacy and access control. Since the user's data are such an important asset of the current business models for most social Websites, companies have no incentive to share data among each other or to offer users real ownership of their own data in terms of control and transparency of data usage. We have concluded therefore that it is important to improve the social Web in such a way that it allows for viable business models while still being able to provide increased data ownership and data interoperability compared to the current situation. To this regard, we have focused our research on three different topics: identity, authentication and access control. First, we tackle the subject of decentralized identity by proposing a new Web standard called "Web Identity and Discovery" (WebID), which offers a simple and universal identification mechanism that is distributed and openly extensible. Next, we move to the topic of authentication where we propose WebID-TLS, a decentralized authentication protocol that enables secure, efficient and user friendly authentication on the Web by allowing people to login using client certificates and without relying on Certification Authorities. We also extend the WebID-TLS protocol, offering delegated authentication and access delegation. Finally we present our last contribution, the Social Access Control Service, which serves to protect the privacy of Linked Data resources generated by users (e.g. pro le data, wall posts, conversations, etc.) by applying two social metrics: the "social proximity distance" and "social contexts"

Identité décentralisée

Authentification décentralisée

Confidentialité des données

Contrôle d'accès

WebID

WebID-TLS

Web sémantique

Decentralized identity

Decentralized authentification

Data privacy

Access control

WebID

WebID-TLS

Semantic web

Data ownership and interoperability for a decentralized social semantic web

SAMBRA, Andrei Vlad

19 November 2013

Ensuring personal data ownership and interoperability for decentralized social Web applications is currently a debated topic, especially when taking into consideration the aspects of privacy and access control. Since the user's data are such an important asset of the current business models for most social Websites, companies have no incentive to share data among each other or to offer users real ownership of their own data in terms of control and transparency of data usage. We have concluded therefore that it is important to improve the social Web in such a way that it allows for viable business models while still being able to provide increased data ownership and data interoperability compared to the current situation. To this regard, we have focused our research on three different topics: identity, authentication and access control. First, we tackle the subject of decentralized identity by proposing a new Web standard called "Web Identity and Discovery" (WebID), which offers a simple and universal identification mechanism that is distributed and openly extensible. Next, we move to the topic of authentication where we propose WebID-TLS, a decentralized authentication protocol that enables secure, efficient and user friendly authentication on the Web by allowing people to login using client certificates and without relying on Certification Authorities. We also extend the WebID-TLS protocol, offering delegated authentication and access delegation. Finally we present our last contribution, the Social Access Control Service, which serves to protect the privacy of Linked Data resources generated by users (e.g. pro le data, wall posts, conversations, etc.) by applying two social metrics: the "social proximity distance" and "social contexts"

[INFO:INFO_OH] Computer Science/Other

[INFO:INFO_OH] Informatique/Autre

Decentralized identity

Decentralized authentification

Data privacy

Access control

WebID

WebID-TLS

Semantic web