Spelling suggestions: "subject:"self sovereignty identity""
1 |
Self-sovereign Identity : A Conceptual Framework & Ecosystem DesignTripi, Gabriele January 2022 (has links)
The ideas expressed in this thesis are meant to address the need for a transformation in the identity management systems currently in use in different parts of the world. Specifically, the paper presents a logical deduction of essential processes to allow for communication between individual people, governments, organizations, and private institutions to exchange and manage information pertaining to identity. This thesis proposes a conceptual framework for the design of an ecosystem that supports self-sovereign identity. The research reviews theory, methodology, and technology from subjects such as design, identity, and distributed systems. Through the design process, a set of elements and functions supporting interactions within an ecosystem were developed. The design is revolved around the ideas of privacy, security, distribution, and interoperability. The findings are presented as two parts of a whole, the first being the conceptual framework that describes a set of essential factors that an ecosystem requires in order to fulfill the goals of self-sovereign identity and interoperability. The second is a set of visualizations of how the framework can be used to design systems and interactions, inside and between the systems, to create an ecosystem. / <p>2022-06-20: Author's name has been corrected on the front page.</p>
|
2 |
SSASy: A Self-Sovereign Authentication SchemeManzi, Olivier January 2023 (has links)
Amidst the wild west of user authentication, this study introduces a new sheriff in town: the Self-Sovereign Authentication Scheme (SSASy). Traditional authentication methods, like passwords, are often fraught with usability and security concerns, leading users to find workaround ways that compromise the intended security. Federated Identities (FI) offer a convenient alternative, yet, they infringe on users' sovereignty over their identity and lead to privacy concerns. To address these challenges, this study proposes SSASy, which leverages cryptography and browser technology to provide a sovereign, usable, and secure alternative to the existing user authentication schemes. The proposal, which is a proof-of-concept, is comprised of a core library, which provides the authentication protocol to developers, and a browser extension that simplifies the authentication process for users. SSASy is available as an open-source project on GitHub for practical demonstration on multiple browser stores, bringing our theoretical study into the realm of tangible, real-world application. SSASy is evaluated and compared to existing authentication schemes using the "Usability-Deployability-Security" (UDS) framework. The results demonstrate that, although other authentication schemes may excel in a specific dimension, SSASy delivers a more balanced performance across the three dimensions which makes it a promising alternative.
|
3 |
Extensible Model and Policy Engine for Usage Control and Policy-Based Governance: Industrial ApplicationsHariri, Ali 25 March 2024 (has links)
The main focus of this thesis is applied research targeting industrial applications of Usage Control (UCON) and policy-based governance. Nonetheless, we also tackle an associated core problem to address the diverse requirements of the targeted application domains. The core research problem is three-fold. (1) UCON enacts usage control in a fixed life cycle of three temporal phases: pre, ongoing and post. However, emerging security paradigms require custom and finer-grained lifecycles with phases and transitions tailored for the application domain. For example, data hub applications entail data-oriented usage control throughout the different stages of the data lifecycle (e.g., collection, retention, processing and destruction). Therefore, policy systems must enable custom lifecycles to accommodate a wide variety of applications. (2) Although UCON allows attribute values to change and updates usage decisions accordingly, it does not specify a mechanism to govern attribute values. This becomes necessary in decentralised environments where attributes are collected from external parties that are not necessarily trusted. For this reason, policy systems must incorporate a mechanism to govern attributes, prepare them for policy evaluation and ensure their trustworthiness. (3) Due to its widespread adoption, UCON has been extended and adapted for diverse purposes, leading to a proliferation of frameworks. While these variations added significant contributions in their respective fields, they lack comprehensiveness and generality. Therefore, a unified solution is needed to encompass the existing variations of UCON as well as future applications. By addressing these core problems, we aim to leverage policy-based governance in the following four industrial applications: (1) Industrial/International Data Spaces (IDS), (2) data hubs, (3) smart vehicles, and (4) credential transformation.To address these challenges and fulfil our applied research goals, we present six contributions in this thesis. (1) We propose UCON+: an extensible model that extends beyond traditional access and usage control providing a comprehensive framework for policy-based governance. UCON+ builds on the same foundations of UCON, making it an attribute-based model that incorporates continuous monitoring and policy re-evaluation. However, it only defines general structures and common functions, and outlines extensible behaviour to be implemented by concrete extensions. Specifically, UCON+ allows concrete extensions to govern attribute values and updates, and to specify custom lifecycles tailored for their respective requirements. (2) We introduce a general-purpose policy engine that implements the UCON+ model. The engine conserves an Attribute-Based Access Control (ABAC) baseline using a standard policy language. The policy engine also introduces another type of policies used to govern attribute values, and to define and drive custom lifecycles. Thus, different extensions of UCON+ can be realised within the same policy engine using policies, eliminating the need for reimplementation. The policy engine leverages a modular architecture with an optimised implementation. (3) We demonstrate the use of the policy engine in a cloud service that provides an IDS for contract-based data exchange. We specifically used the policy engine and designed a custom lifecycle to govern and drive the contract negotiation between the data provider and data consumer using policies. We also used the policy engine to govern data usage based on the negotiated data sharing agreement. (4) We also showcase the policy engine in a data hub setting, where we leveraged it to track and govern data objects throughout their lifecycles. We designed a lifecycle that captures the different stages of the data lifecycle based on the General Data Protection Regulation (GDPR). We show how data usage is controlled at each stage of the lifecycle using policies. (5) We present a dynamic identity management and usage control framework for smart vehicles using the policy engine. We specifically introduce a policy-based Security Token Service (STS) that issues contextualised capabilities that specify what subjects are allowed to do within the vehicle. The STS also manages the capabilities throughout their lifecycles and revokes them if the corresponding policies are violated, while also taking safety measures into consideration. (6) Finally, we describe an application of the policy engine for policy-based credential transformation. Specifically, we introduce a policy-based credential bridge that exchanges, aggregates or maps credentials between different domains or regulatory frameworks. The bridge uses policies that specify how to transform or issue credentials according to the requirements of each domain.
|
4 |
Vad har du i din digitala identitetsplånbok? : En uppsats om eIDAS II-förordningens digitala identitetsplånböcker och de tillhörande funktionerna för autentisering, identifiering och digitala intyg på attribut / What do you have in your digital idenitity wallet?Stein, Camilla January 2023 (has links)
This thesis deals with digital identity wallets as digital identification means, through a legal and technical perspective, within the field of legal informatics. The 3rd of July 2021 the European Commission presented a proposal for a regulation of the European Parliament and of the Council amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital identity, also known as the eIDAS II-regulation. The eIDAS II-regulation is at this moment being negotiated on EU-level and has not yet been adopted. In the eIDAS II-regulation the digital identity wallets were presented. These wallets en-able citizens and other residents to authenticate, and share electronic documents and identification data, with a relying party. The purpose of the digital identity wallets is to create a harmonized identification solution that will function within all member states of the EU. The thesis will concentrate on the relationship between the legal aspects of the eIDAS II-regulation and the technical solutions presented in the regulation. The eIDAS II-regulation covers a vast variety of legal and technical solutions, however the thesis will only focus on the electronic identification, authentication, and the sharing of electronic documents through the wallet. Furthermore, the thesis will analyse which data can be stored in the wallet according to the eIDAS II-regulation and what legal and technical solutions are proposed to enable shar-ing, and controlling the accuracy, of the data. The relationship between eIDAS II-regulation and GDPR will be discussed and analysed in the end of the thesis. This discussion gives the reader an understanding of how the regulations will integrate with each other and how eIDAS II-regulation is affected by the GDPR. The conclusion of the thesis is that the eIDAS II-regulation, thus the digital identity wallets, is a step in the right direction to create a harmonized regulation for digital identities, however there are certain legal problems that should be ad-dressed to make the digital identity wallets a secure and user-friendly solution. These legal problems with the digital identity wallets could be solved with the right technical specifications. Some of these technical specifications will be pre-sented and discussed in the thesis.
|
5 |
A conceptual decentralized identity solution for state governmentDuclos, Martin 08 December 2023 (has links) (PDF)
In recent years, state governments, exemplified by Mississippi, have significantly expanded their online service offerings to reduce costs and improve efficiency. However, this shift has led to challenges in managing digital identities effectively, with multiple fragmented solutions in use. This paper proposes a Self-Sovereign Identity (SSI) framework based on distributed ledger technology. SSI grants individuals control over their digital identities, enhancing privacy and security without relying on a centralized authority. The contributions of this research include increased efficiency, improved privacy and security, enhanced user satisfaction, and reduced costs in state government digital identity management. The paper provides background on digital identity management in the public sector, discusses existing practices, presents the SSI framework as a solution, and outlines potential future research areas.
|
6 |
Implementation av Self-Sovereign Identity : Applikationsutveckling i React Native och Aries Cloud Agent Python / Implementation of Self-Sovereign Identity : Application development in React Native and Aries Cloud Agent PythonDeubler, Oskar, Stenqvist, Oscar January 2024 (has links)
In today’s centralized identity systems, large companies control and store user datain a centralized manner, which poses a risk to users’ privacy and personal data. Self-sovereign identity (SSI) decentralizes digital identity management and gives individu-als full control over which personal data is shared and with whom. Furthermore, SSIenables verifiable credentials, allowing companies, authorities and individuals to buildnetworks of trust among themselves. This thesis discusses SSI, as well as a project whereSSI is practically applied in a mobile software application project for the distribution ofdigital drink tickets. The goal of the project is to develop a prototype to demonstratehow SSI can be applied in a general application, that involves issuing a verifiable cre-dential in the form of a drink ticket. To realize the project goal, an application has beendeveloped in React Native, where several frameworks for SSI have been studied. ”AriesCloud Agent Python” (ACA-Py) has been integrated with a REST API to provide SSIfunctionality to the project. The project has resulted in a working mobile applicationthat can issue and verify digital drink tickets, stored in the digital wallet application ofthe ticket holder. Minimal personal data is shared with the application, and only withthe exclusive approval of the ticket holder. The result confirms the potential of SSI fordecentralized identity management. / I dagens centraliserade identitetssystem är det stora teknikföretag som lagrar och kon-trollerar användardata, vilket medför en risk för användarnas integritet och personligadata. ”Self-sovereign identity” (SSI) decentraliserar digitala identiteter och ger indivi-den full kontroll över vilka personliga data som delas och till vem. Vidare möjliggörSSI verifierbara legitimationer, där förtroendenätverk byggs mellan företag, myndig-heter och individer. Denna uppsats avhandlar SSI, samt ett projekt där SSI appliceratspraktiskt i en mobilapplikation för distribution av digitala dryckesbiljetter. Målet medprojektet är att utveckla en prototyp för att visa hur SSI kan appliceras på en generellapplikation som innebär utgivande av en verifierbar legitimation i form av en dryckesbil-jett. För att realisera målet har en applikation utvecklats i React Native, där flera ramverkför SSI har studerats. ”Aries Cloud Agent Python” (ACA-Py) har integrerats genomREST API för att tillhandahålla SSI-funktionalitet till projektet. Projektet har resulterati en fungerande mobilapplikation som kan utfärda och verifiera digitala dryckesbiljetter,som lagras på en biljettinnehavares digitala plånboksapplikation. Minimal personligdata delas med mobilapplikationen och med innehavarens exklusiva tillstånd. Resultatetbekräftar potentialen av SSI för decentraliserad digital identitetshantering.
|
7 |
Guardians of the Grid: Enhancing Cybersecurity of Blockchain-Based Renewable Energy MarketplaceJAYARAM, GILY January 2024 (has links)
Blockchain technology emerged as a potent tool for revolutionizing energy systems, offering secure transactions and efficient resource management. Blockchain offers transparency by enabling decentralized transactions. Despite adopting blockchainbased solutions, some cybersecurity issues persist in Decentralized Renewable Energy Marketplaces (DREMs). Specifically, data privacy, security, and verifiability remain a concern for prosumers and grid operators. To address such issues, several blockchainbased solutions utilize technologies such as Self-Sovereign Identities (SSIs), Digital Machine Identities (DMIs), and Zero-knowledge Proofs (ZKPs). In this work, we first review the literature to gain insight into cybersecurity issues within DREMs addressed using blockchain technology. Based on our review, we conceptualize a framework that leverages SSIs, DMIs, and ZKPs to address these issues. This work-in-progress shows the potential of these technologies to enhance security, privacy, and trust in decentralized energy transactions, paving the way for more resilient and efficient energy systems.
|
8 |
The M2X Economy – Concepts for Business Interactions, Transactions and Collaborations Among Autonomous Smart DevicesLeiding, Benjamin 11 December 2019 (has links)
No description available.
|
9 |
Studying the Opportunities of Blockchain Implementations in Electronic Transactions compared to the eIDAS Regulations / Undersöka möjligheterna för blockchain implementationer i elektroniska transaktioner jämfört med eIDAS regulationenHansson, Hanna January 2022 (has links)
The electronic identification regulation, eIDAS, and its trusted service providers are currently based on technologies that have been used for decades. The eIDAS and many others in the security industry have shown interest in newer technologies such as distributed ledgers and blockchain. This research looks into the current eIDAS regulation, its plans for future work, and how the current trusted systems could benefit from introducing blockchain into the solutions. Looking at new technologies is of importance to move forward but also making solutions more secure for the user with for example Self-Sovereign Identity solutions. The research was conducted through a literature review followed by interviews. A number of themes were identified to answer the research question. The findings were that blockchain is a viable technology to use but only if used in the right cases. A better understanding and knowledge of the technology is needed for new implementation to succeed and should not be rushed due to the hype of blockchain technology. / Se bif. fil
|
10 |
A phenomenological study of an emerging financial value ecosystem: based on distributed ledger technology and novel peer to eer game structure / Ucwaningo olugxile ezigamekweni okuhlangatshezwane nazo maqondana neekhosistimu efufusayo yobunani-mali: olusekelwe phezu kwe-distributed ledger technology Kanye ne-novel peer-to-peer game structureCrafford, Francois 02 1900 (has links)
Abstracts in English, Zulu and Xhosa / The central research issue in this study is the third morphing of economies due to the externally available intelligent building blocks of technology. More specifically, it is anticipated that the widespread use of distributed ledger technology will transform the workings of organisations to such a degree that they will cease to exist in their current form. Hence, the use of distributed ledger technology is not merely a tame management problem; it poses a wicked strategic problem.
Furthermore, natural explanations add to the confusion in relation to what managers should do with distributed ledger technology. A transcendental phenomenological attitude is required to transcend the multitude of natural explanations. Phenomenology is both the philosophy and method employed in this study, which questions what human engagement in the world is about. More specifically in this study engagement with distributed ledger technology. This study closes this gap in knowledge by giving an accurate description of the essence of the distributed value ecosystem phenomenon.
The study makes a contribution to more coherent and fundamental understanding the essences of the distributed value ecosystem phenomenon is the nature of the relationship patterns that participants hold to distributed ledger technology.
The central factual finding is the nature and pattern of these relationships is transactional and circular.
The pattern preferred by most organisations is the bounded binary transactional pattern. Organisations seek primarily to have power over the socially complex aspects in transacting. However, the bounded binary transactional pattern may become an unbalanced and unfair value-subtract relationship over time. The response to unbalanced binary bounded value relationships is the unbounded transactional pattern, which gives participants greater autonomy and privacy pseudonymity, but not the transparency that is essential to transact seamlessly.
The third value relationship pattern and novel idea presented is the folded value relationship pattern in which participants balance conflicts over socially complex aspects in relation to self and others by meeting narrow micro-level near interaction conditions. This is a more folded, novel strategic game that participants can pick. The key implication for society and organisations is that it presents an alternative approach to dealing with conflict in socially complex value relationships. In essence, with the folded transactional pattern, participants seek to trade up value relationships in relation to self and with others, as opposed to making value relationship trade-offs or sacrifices that lead to either compromises in relation to self or dominance over others. However, the practical managerial implication is truly folded value relationship pattern is not easy to create and is rare. / Umbandela ophambili wophando kwesi sifundo kukuzotywa ngokutsha kwesithathu kwezoqoqosho
ngenxa yobukho bezakhi zobuchwepheshe ezinobukrelekrele. Eyona nto ingundoqo yeyokuba
kucingelwa ukuba ukusetyenziswa kakhulu kobuchwepheshe bokubhala iingxelo mali buya
kuyiguqula indlela asebenza ngayo amaqumrhu, ade ayeke ukusebenza ngale ndlela enza ngayo
ngoku. Ukusetyenziswa kobuchwepheshe bokusasaza iingxelo zogcino mali (ngesiNgesi
kusetyenziswa isishunqulelo esithi DLT) akuyongxakana nje yolawulo; kuyingxaki enkulu
nekhohlakeleyo.
Ngaphaya koko, iinkcazelo ezikhoyo zongeza ukubhideka malunga neyona nto emele ukwenziwa
ngabaphathi ngobu buchwepheshe bokusasaza iingxelo zogcino mali. Into efunekayo kukusebenzisa
indlela yophando ngokuphicotha amava nokufuna ukuqonda indlela acinga ngayo umntu, ngakumbi
kumba omalunga nobuchwepheshe bokusasaza iingxelo zogcino mali. Esi sifundo sivala isikhewu
solwazi esikhoyo ngokunika inkcazelo echanekileyo ngalo mbandela wokusasazwa kokuxabiseka
kwentsebenziswano yendalo nomntu.
Esi sifundo sinceda ekuqondeni iziseko zombandela wokusasazwa kokuxabiseka kwentsebenziswano
yendalo nomntu neepatheni zolwalamano lwabathathi nxaxheba kwicandelo lobuchwepheshe
bokusasaza iingxelo zogcino mali.
Eyona nto ingundoqo efumanisekayo kukuba ubume nepatheni yolu lwalamano iquka
intsebenziswano yorhwebo kwaye ifana nomjikelo.
Ipatheni ekhethwa ngamaqumrhu amaninzi yileyo yentsebenziswano ephakathi kwesibini.
Amaqumrhu afuna tanci ukuba nolawulo kwimiba enzima yezentlalo xa erhwebelana. Noxa kunjalo,
ipatheni yokurhwebelana ngezibini isenokudala ukungalingani nokuqhathana ngokuhamba
kwexesha. Usabelo kulwalamano lwezibini olungenalingano yiphatheni yorhwebelwano
olungabekelwanga mida, apho abathathi nxaxheba bekwazi ukuzithathela izigqibo ekhusini
bengazichazi ukuba bangoobani, nto leyo inqanda ukusebenza ekuhleni nokufunekayo
ekusebenzisaneni ngaphandle kwamagingxigingxi.
Ipatheni yesithathu kwixabiso lolwalamano kulapho ulwalamano lusongiwe, apho abathathi
nxaxheba belungelelanisa iingxabano ezingemiba yezentlalo enzima ngokufezekisa iimeko ezilula
nezincinane. Oku kufana nomdlalo osongeneyo nolicebo lobulumko onokukhethwa ngabathathi
nxaxheba. Okubalulekileyo kukuba le yindlela eyenye enokukhawulelana neengxwabangxwaba
eluntwini nakumaqumrhu. Eneneni, kwipatheni yentsebenziswano esongeneyo, abathathi nxaxheba
bazama ukutshintsha ulwalamano oluphakathi komntu nabanye, endaweni yokuncama izinto ezithile
ezinokukhokelela kwilahleko okanye ekonganyelweni ngabanye. Noxa kunjalo, ipatheni
yolwalamano olusongeneyo kulwalamano lwabalawuli ayinto ilula kwaye inqabile. / Udaba olungumgogodla walolu cwaningo wukuguquka kwesithathu kweminotho ngenxa yamandla
namakhono obuchwepheshe besimanjemane atholakala ngaphandle kwenhlangano.
Ngokuqondileyo, kubhekeke ukuthi ukusetshenziswa kakhulu kwe-distributed ledger technology
kusiguqule kakhulu isimo-sakhiwo sezinhlangano kanye nendlela ezisebenza ngayo, kangangukuthi
zigcine sezingabonakali neze ukuthi zike zaba kulesi simo-sakhiwo ezikusona njengamanje. Ngakhoke
ukusetshenziswa kwe-distributed ledger technology akuyona neze inkinga elula futhi
abangayixazulula kalula abaphathi; kepha kuyinkinga eyinkimbinkimbi futhi eyimpicabadala
okungelula nakancane ukuyixazulula.
Ngaphezu kwalokho, izincazelo zemvelo ziyengeza phezu kokudideka okuphathelene nalokho
okumele kwenziwe ngabaphathi maqondana ne-distributed ledger technology. Ukuze kudlulelwe
ngale kwenqwabanqwaba yezincazelo zemvelo ezikhona kudingeka indlela-kucabanga nendlelakubuka
evulekile yokuqonda ulwazi oluphathelene nezimo kanye nezigameko okuhlangatshezwane
nazo noma okudlulwe kuzona. Ifenomeloji iyikho kokubili ifilosofi kanye nendlela-kusebenza
esetshenzisiwe kulolu cwaningo, okuphonsa umbuzo mayelana nokuthi kuphathelene nani
ukuxhumana kanye nokubandakanywa kwabantu emhlabeni, ikakhulukazi maqondana
nokubandakanywa okuphathelene ne-distributed ledger technology. Lolu cwaningo luvala igebe
lokungabi khona kolwazi ngokuthi lunikeze incazelo enembayo yomongo we-distributed value
ecosystem.
Ucwaningo luyalekelela futhi lufake isandla ekutholakaleni kokuqonda okuhle nokuhleleke kahle
futhi okuyisisekelo komongo we-distributed value ecosystem okungukuthi lokhu kuwuhlobo
lwamaphethini obudlelwano obuboniswa ngababambiqhaza maqondana ne-distributed ledger
technology.
Umphumela osemqoka kakhulu futhi oyiqiniso otholakale ocwaningweni wukuthi ubunjalo kanye
nephethini yalobu budlelwano ibandakanya izinhloso zokuzizuzela okuthile futhi okungubudlelwano
obusasiyingi.
Iphethini encanyelwa yiningi lezinhlangano yi-bounded binary transactional pattern. Izinhlangano
zihlose ikakhulukazi ukuba namandla phezu kwezinto ezithile ezinobunkimbinkimbi emphakathini
lapho zenza umsebenzi wazo. Kodwa-ke ngokuhamba kwesikhathi i-bounded binary transactional
pattern kungenzeka ibonise ubudlelwano obungenakho ukulingana futhi obuchemile
obungenabugugu. Impendulo yokubhekana nobudlelwano obungama-unbalanced binary bounded
value relationships yi-unbounded transactional pattern, enikeza ababambiqhaza ukukhululeka
nokuzimela okukhudlwana kanye nobumfihlo bokuthi bangazidaluli noma baziveze ukuthi
bangobani, kodwa-ke lokhu akubanikezi ukusebenza ngendlela esobala okuyinto edingekayo
ekusebenzeni ngaphandle kwezihibe.
I-third value relationship pattern kanye nomqondo ophusile owethulwayo yi-folded value
relationship pattern lapho ababambiqhaza beqinisekisa ukuthi kunokulingana phakathi
kokungqubuzana noma udweshu oluphathelene nezinto eziyinkimbinkimbi emphakathini
maqondana nabo uqobo kanye nabanye abantu, ngokuthi bahlangabezane nama-narrow micro-level near-interaction conditions. Lokhu kuwumdladlwana ofongqekile wesimanjemanje futhi okhethekile nosemqoka ongasetshenziswa ngababambiqhaza. Umthelela osemqoka walokhu emphakathini nasezinhlanganweni wukuthi lokhu kuhlinzeka ngendlela ehlukile yokubhekana nokungqubuzana nodweshu kubudlelwano obuyinkimbinkimbi emphakathini. Empeleni, ku-folded transactional pattern, ababambiqhaza bahlose ukuthola okungcono kubudlelwano phakathi kwabo bona uqobo lwabo kanye nabanye abantu esikhundleni sokwakha ubudlelwano lapho izinhlangothi zonke zithola ukushintshisana okulinganayo noma ukuzidela okuthile maqondana nobudlelwano, okuyinto eholela ekutheni kube nokuvumelana phakathi kwezinhlangothi okuhambisana nokuzidela komuntu uqobo lwakhe noma-ke ukukhonya phezu kwabanye. Kodwa-ke umthelela walokho oqondene nabaphathi wukuthi akulula neze ukwakha i-folded value relationship pattern yoqobo futhi lokhu kuyivela kancane. / Business Management / D. Com. (Business Management)
|
Page generated in 0.1321 seconds