This commit is contained in:
⧉ infominer 2023-07-01 03:04:48 +05:30
parent e06e3f9779
commit 40b17366ce

View File

@ -10,99 +10,41 @@ header:
categories: ["Resources"]
tags: ["Literature","Resources"]
toc: true
toc_sticky: false
toc_sticky: true
redirect_from:
- literature
- literature/
permalink: /resources/literature/
canonical_url: 'https://decentralized-id.com/resources/literature/'
last_modified_at: 2023-06-19
last_modified_at: 2023-07-01
---
## Papers
* [Toward a Post-Quantum Zero-Knowledge Verifiable Credential System for Self-Sovereign Identity](https://eprint.iacr.org/2022/1297) 2022-12-07 Simone Dutto, Davide Margaria, Carlo Sanna, Andrea Vesco of LNKS Foundation & Politecnico di Torino
> We describe the two main ZKP VCs schemes based on classical cryptographic assumptions, that is, the signature scheme with efficient protocols of Camenisch and Lysyanskaya, which is based on the strong RSA assumption, and the BBS+ scheme of Boneh, Boyen and Shacham, which is based on the strong Diffie-Hellman assumption. Since these schemes are not quantum-resistant, we select as one of the possible post-quantum alternatives a lattice-based scheme proposed by Jeudy, Roux-Langlois, and Sander, and we try to identify the open problems for achieving VCs suitable for selective disclosure, non-interactive renewal mechanisms, and efficient revocation.
## Self Sovereign Identity
* [Self-Sovereign Identity in a World of Authentication: Architecture and Domain Usecases](https://arxiv.org/pdf/2209.11647.pdf) 2022-09-23 Morgan Reece & Sudip Mittal Mississippi State University
> In this paper, we describe the SSI framework architecture as well as possible use cases across domains like healthcare, finance, retail, and government. The paper also contrasts SSI and its decentralized architecture with the current widely adopted model of Public Key Infrastructure (PKI).
* [Towards the classification of Self-Sovereign Identity properties](https://arxiv.org/pdf/2112.04155.pdf) 2022-08-19 ŠPELACUCKO, ŠEILA BECIROVIC, AIDA KAMIŠALIC, SAŠA MRDOVIC, MUHAMED TURKANOVI
> The paper provides an overview of the SSI properties, focusing on an in-depth analysis, furthermore presenting a comprehensive collection of SSI properties that are important for the implementation of the SSI system. In addition, it explores the SSI process flow and highlights the steps in which individual properties are important.
* [Distributed Attestation Revocation in Self-Sovereign Identity](https://arxiv.org/abs/2208.05339) 2022-08-10 Rowdy Chotkan, Jérémie Decouchant, Johan Pouwelse
> the first fully distributed SSI revocation mechanism that does not rely on specialised trusted nodes. Our novel gossip-based propagation algorithm disseminates revocations throughout the network and provides nodes with a proof of revocation that enables offline verification of revocations. We demonstrate through simulations that our protocol adequately scales to national levels.
* [SSI4Web: A Self-sovereign Identity (SSI) Framework for the Web](https://www.researchgate.net/publication/363698387_SSI4Web_A_Self-sovereign_Identity_SSI_Framework_for_the_Web) 2022-07 Sadek Ferdous, Andrei Ionita
> a framework for integrating Self-sovereign Identity (SSI) for providing web services in a secure passwordless manner with much more user control and greater flexibility. We provide its architecture, discuss its implementation details, sketch out its use-case with an analysis of its advantages and limitations.
* [Self-sovereign Identity: A Conceptual Framework & Ecosystem Design](http://liu.diva-portal.org/smash/record.jsf?pid=diva2%3A1668615&dswid=816) 2022-06-16 Gabriele Tripi, Linköping University.
> the findings are presented as two parts of a whole, the first being the conceptual framework that describes a set of essential factors that an ecosystem requires in order to fulfill the goals of self-sovereign identity and interoperability. The second is a set of visualizations of how the framework can be used to design systems and interactions, inside and between the systems, to create an ecosystem.
* [Building a Credential Exchange Infrastructure for Digital Identity: A Sociohistorical Perspective and Policy Guidelines](https://www.frontiersin.org/articles/10.3389/fbloc.2021.629790/full) 2022-02-14 Mawaki Chango
> Credential Exchange Infrastructures based on open standards are emerging with work ongoing across many different jurisdictions, in several global standards bodies and industry associations, as well as at a national level. This article addresses the technology advances on this topic, particularly around identification mechanisms, through the Self-sovereign identity model.
* [A Consortium Blockchain-Based Secure and Trusted Electronic Portfolio Management Scheme](https://www.mdpi.com/1424-8220/22/3/1271) 2022-02-03 Mpyana Mwamba Merlec, Mainul Islam,Youn Kyu Lee, Hoh Peter
> This system guarantees the authenticity and integrity of user credentials and e-portfolio data. Decentralized identifiers and verifiable credentials are used for user profile identification, authentication, and authorization, whereas verifiable claims are used for e-portfolio credential proof authentication and verification. We have designed and implemented a prototype of the proposed scheme using a Quorum consortium blockchain network. Based on the evaluations, our solution is feasible, secure, and privacy-preserving. It offers excellent performance.
* [How to protect privacy in a datafied society? A presentation of multiple legal and conceptual approaches](https://link.springer.com/article/10.1007/s13347-022-00497-4) 2022-01-29 Oskar J. Gstrein, Anne Beaulieu
> serves as a key resource to analyse the usefulness of the approaches in the context of the increasing datafication of both private and public spheres.
* [NSSIA: A New Self-Sovereign Identity Scheme with Accountability](https://arxiv.org/pdf/2206.04911.pdf) 2022
> This thesis proposes a conceptual framework for the design of an ecosystem that supports self-sovereign identity. The research reviews theory, methodology, and technology from subjects such as design, identity, and distributed systems. Through the design process, a set of elements and functions supporting interactions within an ecosystem were developed. The design is revolved around the ideas of privacy, security, distribution, and interoperability. The findings are presented as two parts of a whole, the first being the conceptual framework that describes a set of essential factors that an ecosystem requires in order to fulfill the goals of self-sovereign identity and interoperability. The second is a set of visualizations of how the framework can be used to design systems and interactions, inside and between the systems, to create an ecosystem.
* [Digital Identities and Verifiable Credentials](https://link.springer.com/article/10.1007/s12599-021-00722-y) 2021-10-04 Johannes Sedlmeir, Reilly Smethurst, Alexander Rieger, Gilbert Fridgen
> Verifiable credentials and digital wallets offer a convenient, secure, and privacy-oriented alternative to current physical and digital identity management systems. A recent example COVID-19 vaccination certificates highlights this. The verification of paper-based vaccination certificates is often error-prone and time-consuming, especially when many certificates have to be verified in a short period of time, e.g., at a football match or when boarding a plane. Moreover, to establish a sufficient level of authenticity, paper-based vaccination certificates are typically disclosed with additional personal information and identity documents, such as a physical ID card. This requirement to disclose a considerable amount of personal information raises privacy concerns, it is inconvenient, and it increases the total verification time.
* [A Truly Self-Sovereign Identity System](https://arxiv.org/abs/2007.00415) 2021-09-28 Quinten Stokkink, Georgy Ishmaev, Dick Epema, Johan Pouwelse
> we argue that without addressing privacy at the network level, SSI systems cannot deliver on this promise. In this paper we present the design and analysis of our solution TCID, created in collaboration with the Dutch government. TCID is a system consisting of a set of components that together satisfy seven functional requirements to guarantee the desirable system properties.
* [Self-Sovereign Identity: A Systematic Map and Review](https://arxiv.org/abs/2108.08338) 2021-08-18 Frederico Schardong, Ricardo Custódio
> This study presents a rigorous systematic mapping and systematic literature review covering theoretical and practical advances in Self-Sovereign Identity. We identified and aggregated evidence from publications to answer four research questions, resulting in a classification scheme used to categorize and review publications. Open challenges are also discussed, providing recommendations for future work.
* [Global Identity through Blockchain](https://www.researchgate.net/publication/353141617_Global_Identity_through_Blockchain) 2021-05 Rishabh Garg
> Cumbrous documentation, unsolicited expenses, undue involvement of intermediaries, and frequent data hacks, are some of the major roadblocks that deprive millions of individuals from having an official identity in India. The present project aims to introduce a DLT enabled All-inclusive ID card to ensure organized and sustainable change at all levels and spheres of life.
* [SURF: Technical exploration Ledger-based Self Sovereign Identity](https://www.surf.nl/files/2021-05/technical-exploration-surf-ledger-based-self-sovereign-identity.pdf) 2021-05 Identity Economy DE
> This report begins by describing SSI and its concepts, standards and components in more detail in chapter two. Chapter three describes the project activities that were conducted. In chapter four, we describe the technology stack we selected in more detail, to set the stage for chapter five, where we describe the SURF deployment we set up for further testing. In chapter six, we present the findings, both when evaluating the standards and platforms, our experiments with the technical setup we deployed and while testing our use cases.
>
> Unfortunately, our time was limited and, at the same, time more insight also brought additional questions and ideas. Chapter seven therefore contains a number of suggestions for further work that could be conducted.
>
> Chapter eight wraps up the document with a number of conclusions on SSI and its applicability in the context of SURF. We have also provided links to online resources including the git repositories, where we have made all our code and deployment information available, as well as some demonstration videos.
* [Self-sovereign identity](https://www.researchgate.net/publication/351078806_Self-sovereign_identity/link/608391b6907dcf667bbd9fb9/download)2021-04 Alexandra Giannopoulou Internet Policy Review
> The concept of self-sovereign identity (SSI) describes an identity management system created to operate independently of third-party public or private actors, based on decentralised technological architectures, and designed to prioritise user security, privacy, individual autonomy and self-empowerment.
* [Self-Sovereign Identity as the Basis for Universally Applicable Digital Identities](https://link.springer.com/article/10.1365/s40702-021-00711-5) 2021-02-22 Tobias Ehrlich, Daniel Richter, Michael Meisel, Jürgen Anke
> This paper addresses the role of digital identities for a functioning digital economy and outlines requirements for their management. [...] The concept of Self-Sovereign Identities (SSI) and the associated standards “Verifiable Credentials” and “Decentralized Identifiers” is a promising approach to improve the situation. They allow the flexible exchange of tamper-proof digital proofs between users and systems. Therefore, they form the foundation for building trust relationships in the digital space. This paper introduces the SSI paradigm and discusses the barriers that prevent the wide-scale adoption of this concept.
* [Decentralized and Self-Sovereign Identity: Systematic Mapping Study](https://ieeexplore.ieee.org/document/9558805?cmid=296e8b0d-a3de-4224-a628-b90d777ae944) 2021 Špela Čučko Muhamed Turkanović
> The results suggest that validation research and solution proposals prevail, addressing decentralized identity in a general matter. Papers mainly propose systems/solutions, architectures, and frameworks, focusing on authentication, security, privacy, and trust, while there are hardly any studies researching usability, user experience, patterns, and good practices.
* [Digital identity for development: The quest for justice and a research agenda](https://www.tandfonline.com/doi/full/10.1080/02681102.2021.1859669) 2020-12-29 Silvia Masiero
> we first propose a framework to map the theoretical link between digital identity and human development, articulated in three dimensions linking digital identity to expected development outcomes. Secondly, we present the seven papers in this collection in terms of how they problematise such a link, observing how each of them uses empirical data to increase existing knowledge on this connection and question it.
* [Self-Sovereign Identity as the Basis for Universally Applicable Digital Identities](https://link.springer.com/article/10.1365/s40702-021-00711-5) 2021-02-22 Tobias Ehrlich, Daniel Richter, Michael Meisel, Jürgen Anke
> This paper addresses the role of digital identities for a functioning digital economy and outlines requirements for their management. [...] The concept of Self-Sovereign Identities (SSI) and the associated standards “Verifiable Credentials” and “Decentralized Identifiers” is a promising approach to improve the situation. They allow the flexible exchange of tamper-proof digital proofs between users and systems. Therefore, they form the foundation for building trust relationships in the digital space. This paper introduces the SSI paradigm and discusses the barriers that prevent the wide-scale adoption of this concept.
* [The Contested Horizons of Digital Identity](https://www.tandfonline.com/doi/full/10.1080/14650045.2020.1823836) 2020-10 Margie Cheesman
> I identify a series of competing logics in the debates around SSIs emancipatory potential, which relate to four issues: (i) the neutrality of the technology, (ii) the capacities of refugees, (iii) global governance and the nation state, and (iv) new economic models for digital identity. SSI is simultaneously the potential enabler of new modes of empowerment, autonomy and data security for refugees and a means of maintaining and extending bureaucratic and commercial power.
* [Towards a Modelling Framework for Self-Sovereign Identity Systems](https://arxiv.org/pdf/2009.04327.pdf) 2020-09-10 Iain Barclay, Maria Freytsis†, Sherri Bucher, Swapna Radha, Alun Preece, Ian Taylor
> Modelling self-sovereign identity systems seeks to provide stakeholders and software architects with tools to enable them to communicate effectively, and lead to effective and well-regarded system designs and implementations. This paper draws upon research from Actor-based Modelling to guide a way forward in modelling self-sovereign systems, and reports early success in utilising the iStar 2.0 framework to provide a representation of a birth registration case study.
* [Beyond Consent: A Right-to-Use License for Mutual Agency](https://ieeexplore.ieee.org/document/9031549) 2019-12 Lisa LeVasseur; Eve Maler
> What's needed is a method to enable true mutual agency between any two parties in an Internet-enabled relationship. We propose a right-to-use license for access permissions as a practical alternative to consent and contract as used today, and a taxonomy that classifies important types of permissions. We also examine new data sharing scenarios, including decentralized identity, that may support their use.
* [Analysis and Evaluation of Blockchain-based Self-Sovereign Identity Systems](https://wwwmatthes.in.tum.de/pages/hhh5oin2o5sw/Master-s-Thesis-Martin-Schaeffner) 2019-11-19 Martin Schaeffner
> The components of SSI will be described in detail, evaluated, and visualized in a components architecture. These include standards like decentralized identifiers (DIDs), verifiable credentials (VCs), and verifiable presentations (VPs). Further, the concepts of a decentralized public key infrastructure (DPKI) and a decentralized key management system (DKMS) are introduced. Additionally, this thesis deals in detail with the trust infrastructure of SSI.
>
> Additionally, this thesis focuses on SSI systems and their underlying DID methods. To provide an overview of existing identity systems, the SSI ecosystem is analyzed on its currently existing DID methods. Based on the presented DID methods, representative DID methods are selected and examined for further analysis and evaluation of the system. To analyze the DID methods and their systems, criteria are defined to emphasize the differences of each DID method. The results from the analysis are then used for evaluating the DID methods.
* [A Decentralized Digital Identity Architecture](https://www.frontiersin.org/articles/10.3389/fbloc.2019.00017/full) 2019-11-05 Geoff Goodell, Tomaso Aste
> Although this article shall focus on challenges related to identity systems for adult persons in the developed world, we argue that the considerations around data protection and personal data that are applicable in the humanitarian context, such as those elaborated by the International Committee of the Red Cross (Kuner and Marelli, 2017; Stevens et al., 2018), also apply to the general case. We specifically consider the increasingly commonplace application of identity systems “to facilitate targeting, profiling and surveillance” by “binding us to our recorded characteristics and behaviors” (Privacy International, 2019). Although we focus primarily upon the application of systems for digital credentials to citizens of relatively wealthy societies, we hope that our proposed architecture might contribute to the identity zeitgeist in contexts such as humanitarian aid, disaster relief, refugee migration, and the special interests of children as well.
* [Self Sovereign Digital Identity on the Blockchain: A Discourse Analysis](https://www.slideshare.net/eraser/self-sovereign-digital-identity-on-the-blockchain-a-discourse-analysis) 2019-04 Onat Kibaroglu
if you want understand the history of self-sovereign intellectual ideas its a good read.
> A key aim of this paper then, is to bring a discussion that must be (but currently is not) taking place in an academic context, due to its inherent multidisciplinary nature and complexities, into that particular realm of debate. This history of self-sovereignty, thus can be read as an experimental discourse analysis that discerns the contemporary usage of the concept
* [A Survey on Essential Components of a Self-Sovereign Identity](https://arxiv.org/abs/1807.06346) 2018-07-17 Alexander Mühle, Andreas Grüner, Tatiana Gayvoronskaya, Christoph Meinel
> We further distinguish two major approaches, namely the Identifier Registry Model and its extension the Claim Registry Model. [...] We will provide a more coherent view of verifiable claims in regards to blockchain based SSI and clarify differences in the used terminology. Storage solutions for the verifiable claims, both on- and off-chain, are presented with their advantages and disadvantages.
* [Matching Identity Management Solutions to Self Sovereign Identity Solutions](https://www.linkedin.com/pulse/matching-identity-management-solutions-self-sovereign-tommy-koens) 2018-05-01 Tommy Koens
> We created an analysis of nearly 50 (blockchain based) digital identity management solutions, and matched these against Self Sovereign Identity (SSI) management principles and additional requirements. The document can be found here: [https://www.slideshare.net/secret/uafcwzQQWH86SW](https://www.slideshare.net/TommyKoens/matching-identity-management-solutions-to-selfsovereign-identity-principles)
* [A First Look at Identity Management Schemes on the Blockchain](https://arxiv.org/pdf/1801.03294.pdf) 2018-01-10 Paul Dunphy, Fabien A. P. Petitcolas
> The emergence of distributed ledger technology (DLT) based upon a blockchain data structure, has given rise to new approaches to identity management that aim to upend dominant approaches to providing and consuming digital identities. These new approaches to identity management (IdM) propose to enhance decentralisation, transparency and user control in transactions that involve identity information; but, given the historical challenge to design IdM, can these new DLTbased schemes deliver on their lofty goals? We introduce the emerging landscape of DLT-based IdM, and evaluate three representative proposals uPort, ShoCard and Sovrin using the analytic lens of a seminal framework that characterises the nature of successful IdM schemes
* [Self-sovereign Identity Opportunities and Challenges for the Digital Revolution](https://arxiv.org/pdf/1712.01767.pdf) 2017-12-05 Uwe Der, Stefan Jähnichen, Jan Sürmeli
> The interconnectedness of people, services and devices is a defining aspect of the digital revolution, and, secure digital identities are an important prerequisite for secure and legally compliant information exchange. Existing approaches to realize a secure identity management focus on central providers of identities such as national authorities or online service providers. Hence, changing residence or service provider often means to start over and creating new identities, because procedures for data portability are missing. Self-sovereign digital identities are instead created and managed by individuals, and enable them to maintain their digital identities independent from residence, national eID infrastructure and market-dominating service providers.
* [IDENTITY MATTERS - A primer paper on the rise and relevance of Self-Sovereign Identity.](https://cboxxtest.files.wordpress.com/2017/09/cboxxidentitymatters04.pdf) 2017-09
> This list of 13 interesting projects / startups in the Self Sovereign Identity field should be treated as a starting point as of September 2017; it will be out of date when you read it ...
* [Blockchain for Identity Management](https://www.cs.bgu.ac.il/~frankel/TechnicalReports/2016/16-02.pdf) 2016-12-11 Ori Jacobovitz
> In this paper, I discusses the state of the art in Blockchain technology and its applications, focusing on applications and solutions in identity management
* [Towards Self-Sovereign Identity using Blockchain Technology](https://essay.utwente.nl/71274/1/Baars_MA_BMS.pdf) 2016-10-26 Djuri Baars, Rabobank
> A case study has been performed on a solution which allows the exchange of KYC attributes, resulting from thorough Customer Due Diligence (CDD) as is often performed when opening a bank account. These attributes can be used by other entities, like insurance companies and mortgage lenders to make their on-boarding process easier for customers, since they dont need to supply copies of the same documentation all over again. Also, the companies themselves could outsource their Customer Due Diligence (CDD) this way to lower costs and make fewer errors. Although the idea is very interesting, the studied solution did not meet the expectations. At the time the company behind the solution was very small and the process to improve very complex. The solution was also proprietary, creating dependence on the vendor, which heightens the adoption barrier
* [Decentralizing Privacy: Using Blockchain to Protect Personal Data](http://web.media.mit.edu/~guyzys/data/ZNP15.pdf) 2015-03-02
> Personal data, and sensitive data in general, should not be trusted in the hands of third-parties, where they are susceptible to attacks and misuse. Instead, users should own and control their data without compromising security or limiting companies and authorities ability to provide personalized services. Our platform enables this by combining a blockchain, re-purposed as an access-control moderator, with an off-blockchain storage solution. Users are not required to trust any third-party and are always aware of the data that is being collected about them and how it is used. In addition, the blockchain recognizes the users as the owners of their personal data. Companies, in turn, can focus on utilizing data without being overly concerned about properly securing and compartmentalizing them.
* [Establishing Identity Without Certification Authorities](https://www.usenix.org/conference/6th-usenix-security-symposium/establishing-identity-without-certification-authorities) 1996
> There are many methods for establishing identity without using certificates from trusted certification authorities. The relationship between verifier and subject guides the choice of method. Many of these relationships have easy, straight-forward methods for binding a public key to an identity, using a broadcast channel or 1:1 meetings, but one relationship makes it especially difficult. That relationship is one with an old friend with whom you had lost touch but who appears now to be available on the net. You make contact and share a few exchanges which suggest to you that this is, indeed, your old friend. Then you want to form a secure channel in order to carry on a more extensive conversation in private. This case is subject to the man-in-the-middle attack. For this case, a protocol is presented which binds a pair of identities to a pair of public keys without using any certificates issued by a trusted CA.
* [Security without Identification: Transaction Systems to make Big Brother Obsolete](https://www.cs.ru.nl/~jhh/pub/secsem/chaum1985bigbrother.pdf) 1985 David Chaum
> With the new approach, an individual uses a different account number or “digital pseudonym” with each organization. Individuals will create all such pseudonyms by a special random process. Information further identifying the individual is not used. A purchase at a shop, for example, might be made under a one-time-use pseudonym; for a series of transactions comprising an ongoing relationship, such as a bank account, a single pseudonym could be used repeatedly. Although the pseudonyms cannot be linked, organizations will be able to ensure that the pseudonyms are not used improperly by such measures as limiting individuals to one pseudonym per organization and ensuring that individuals are held accountable for abuses created under any of their pseudonyms. Individuals will be able to authenticate ownership of their pseudonyms and use them while ensuring that they are not improperly used by others.
* [The Knowledge Complexity Of Interactive Proofs](https://dl.acm.org/doi/10.1145/22145.22178) 1985 Shafi Goldwasser, Silvio Micali, and Charles Rackoff
> In this paper a computational complexity theory of the “knowledge” contained in a proof is developed. Zero-knowledge proofs are defined as those proofs that convey no additional knowledge other than the correctness of the proposition in question. Examples of zero-knowledge proof systems are given for the languages of quadratic residuosity and 'quadratic nonresiduosity. These are the first examples of zero-knowledge proofs for languages not known to be efficiently recognizable.
### Establishing Self Sovereign Identity - Frontiers Research Topic
## Establishing SSI - Frontiers Research
* [Establishing Self Sovereign Identity](https://www.frontiersin.org/research-topics/11806/establishing-self-sovereign-identity-with-blockchain#articles)
> • How will society transition from todays vast, vulnerable identity data silos to SSI?
> - Will social media giants and governments embrace or resist SSI?
@ -121,6 +63,60 @@ if you want understand the history of self-sovereign intellectual ideas its a go
* [Distributed Ledger Technologies, Value Accounting, and the Self Sovereign Identity](https://www.frontiersin.org/articles/10.3389/fbloc.2020.00029) 2020-06-23 Sarah Manski
> Review Technological activists are designing blockchains and other distributed ledger technologies to challenge extractive value-accounting and identity management in global capitalism.
## Proposed Systems
* [SSI4Web: A Self-sovereign Identity (SSI) Framework for the Web](https://www.researchgate.net/publication/363698387_SSI4Web_A_Self-sovereign_Identity_SSI_Framework_for_the_Web) 2022-07 Sadek Ferdous, Andrei Ionita
> a framework for integrating Self-sovereign Identity (SSI) for providing web services in a secure passwordless manner with much more user control and greater flexibility. We provide its architecture, discuss its implementation details, sketch out its use-case with an analysis of its advantages and limitations.
* [NSSIA: A New Self-Sovereign Identity Scheme with Accountability](https://arxiv.org/pdf/2206.04911.pdf) 2022
> This thesis proposes a conceptual framework for the design of an ecosystem that supports self-sovereign identity. The research reviews theory, methodology, and technology from subjects such as design, identity, and distributed systems. Through the design process, a set of elements and functions supporting interactions within an ecosystem were developed. The design is revolved around the ideas of privacy, security, distribution, and interoperability. The findings are presented as two parts of a whole, the first being the conceptual framework that describes a set of essential factors that an ecosystem requires in order to fulfill the goals of self-sovereign identity and interoperability. The second is a set of visualizations of how the framework can be used to design systems and interactions, inside and between the systems, to create an ecosystem.
* [A Truly Self-Sovereign Identity System](https://arxiv.org/abs/2007.00415) 2021-09-28 Quinten Stokkink, Georgy Ishmaev, Dick Epema, Johan Pouwelse
> we argue that without addressing privacy at the network level, SSI systems cannot deliver on this promise. In this paper we present the design and analysis of our solution TCID, created in collaboration with the Dutch government. TCID is a system consisting of a set of components that together satisfy seven functional requirements to guarantee the desirable system properties.
* [Analysis and Evaluation of Blockchain-based Self-Sovereign Identity Systems](https://wwwmatthes.in.tum.de/pages/hhh5oin2o5sw/Master-s-Thesis-Martin-Schaeffner) 2019-11-19 Martin Schaeffner
> The components of SSI will be described in detail, evaluated, and visualized in a components architecture. These include standards like decentralized identifiers (DIDs), verifiable credentials (VCs), and verifiable presentations (VPs). Further, the concepts of a decentralized public key infrastructure (DPKI) and a decentralized key management system (DKMS) are introduced. Additionally, this thesis deals in detail with the trust infrastructure of SSI.
>
> Additionally, this thesis focuses on SSI systems and their underlying DID methods. To provide an overview of existing identity systems, the SSI ecosystem is analyzed on its currently existing DID methods. Based on the presented DID methods, representative DID methods are selected and examined for further analysis and evaluation of the system. To analyze the DID methods and their systems, criteria are defined to emphasize the differences of each DID method. The results from the analysis are then used for evaluating the DID methods.
* [A First Look at Identity Management Schemes on the Blockchain](https://arxiv.org/pdf/1801.03294.pdf) 2018-01-10 Paul Dunphy, Fabien A. P. Petitcolas
> The emergence of distributed ledger technology (DLT) based upon a blockchain data structure, has given rise to new approaches to identity management that aim to upend dominant approaches to providing and consuming digital identities. These new approaches to identity management (IdM) propose to enhance decentralisation, transparency and user control in transactions that involve identity information; but, given the historical challenge to design IdM, can these new DLTbased schemes deliver on their lofty goals? We introduce the emerging landscape of DLT-based IdM, and evaluate three representative proposals uPort, ShoCard and Sovrin using the analytic lens of a seminal framework that characterises the nature of successful IdM schemes
* [Matching Identity Management Solutions to Self Sovereign Identity Solutions](https://www.linkedin.com/pulse/matching-identity-management-solutions-self-sovereign-tommy-koens) 2018-05-01 Tommy Koens
> We created an analysis of nearly 50 (blockchain based) digital identity management solutions, and matched these against Self Sovereign Identity (SSI) management principles and additional requirements. The document can be found here: [https://www.slideshare.net/secret/uafcwzQQWH86SW](https://www.slideshare.net/TommyKoens/matching-identity-management-solutions-to-selfsovereign-identity-principles)
## Problem areas
* [Toward a Post-Quantum Zero-Knowledge Verifiable Credential System for Self-Sovereign Identity](https://eprint.iacr.org/2022/1297) 2022-12-07 Simone Dutto, Davide Margaria, Carlo Sanna, Andrea Vesco of LNKS Foundation & Politecnico di Torino
> We describe the two main ZKP VCs schemes based on classical cryptographic assumptions, that is, the signature scheme with efficient protocols of Camenisch and Lysyanskaya, which is based on the strong RSA assumption, and the BBS+ scheme of Boneh, Boyen and Shacham, which is based on the strong Diffie-Hellman assumption. Since these schemes are not quantum-resistant, we select as one of the possible post-quantum alternatives a lattice-based scheme proposed by Jeudy, Roux-Langlois, and Sander, and we try to identify the open problems for achieving VCs suitable for selective disclosure, non-interactive renewal mechanisms, and efficient revocation.
* [Distributed Attestation Revocation in Self-Sovereign Identity](https://arxiv.org/abs/2208.05339) 2022-08-10 Rowdy Chotkan, Jérémie Decouchant, Johan Pouwelse
> the first fully distributed SSI revocation mechanism that does not rely on specialised trusted nodes. Our novel gossip-based propagation algorithm disseminates revocations throughout the network and provides nodes with a proof of revocation that enables offline verification of revocations. We demonstrate through simulations that our protocol adequately scales to national levels.
* [Building a Credential Exchange Infrastructure for Digital Identity: A Sociohistorical Perspective and Policy Guidelines](https://www.frontiersin.org/articles/10.3389/fbloc.2021.629790/full) 2022-02-14 Mawaki Chango
> Credential Exchange Infrastructures based on open standards are emerging with work ongoing across many different jurisdictions, in several global standards bodies and industry associations, as well as at a national level. This article addresses the technology advances on this topic, particularly around identification mechanisms, through the Self-sovereign identity model.
## Use Cases
* [A Consortium Blockchain-Based Secure and Trusted Electronic Portfolio Management Scheme](https://www.mdpi.com/1424-8220/22/3/1271) 2022-02-03 Mpyana Mwamba Merlec, Mainul Islam,Youn Kyu Lee, Hoh Peter
> This system guarantees the authenticity and integrity of user credentials and e-portfolio data. Decentralized identifiers and verifiable credentials are used for user profile identification, authentication, and authorization, whereas verifiable claims are used for e-portfolio credential proof authentication and verification. We have designed and implemented a prototype of the proposed scheme using a Quorum consortium blockchain network. Based on the evaluations, our solution is feasible, secure, and privacy-preserving. It offers excellent performance.
* [How to protect privacy in a datafied society? A presentation of multiple legal and conceptual approaches](https://link.springer.com/article/10.1007/s13347-022-00497-4) 2022-01-29 Oskar J. Gstrein, Anne Beaulieu
> serves as a key resource to analyse the usefulness of the approaches in the context of the increasing datafication of both private and public spheres.
* [Digital identity for development: The quest for justice and a research agenda](https://www.tandfonline.com/doi/full/10.1080/02681102.2021.1859669) 2020-12-29 Silvia Masiero
> we first propose a framework to map the theoretical link between digital identity and human development, articulated in three dimensions linking digital identity to expected development outcomes. Secondly, we present the seven papers in this collection in terms of how they problematise such a link, observing how each of them uses empirical data to increase existing knowledge on this connection and question it.
* [Beyond Consent: A Right-to-Use License for Mutual Agency](https://ieeexplore.ieee.org/document/9031549) 2019-12 Lisa LeVasseur; Eve Maler
> What's needed is a method to enable true mutual agency between any two parties in an Internet-enabled relationship. We propose a right-to-use license for access permissions as a practical alternative to consent and contract as used today, and a taxonomy that classifies important types of permissions. We also examine new data sharing scenarios, including decentralized identity, that may support their use.
* [A Decentralized Digital Identity Architecture](https://www.frontiersin.org/articles/10.3389/fbloc.2019.00017/full) 2019-11-05 Geoff Goodell, Tomaso Aste
> Although this article shall focus on challenges related to identity systems for adult persons in the developed world, we argue that the considerations around data protection and personal data that are applicable in the humanitarian context, such as those elaborated by the International Committee of the Red Cross
## Background
* [Self-sovereign Identity Opportunities and Challenges for the Digital Revolution](https://arxiv.org/pdf/1712.01767.pdf) 2017-12-05 Uwe Der, Stefan Jähnichen, Jan Sürmeli
> The interconnectedness of people, services and devices is a defining aspect of the digital revolution, and, secure digital identities are an important prerequisite for secure and legally compliant information exchange. Existing approaches to realize a secure identity management focus on central providers of identities such as national authorities or online service providers. Hence, changing residence or service provider often means to start over and creating new identities, because procedures for data portability are missing. Self-sovereign digital identities are instead created and managed by individuals, and enable them to maintain their digital identities independent from residence, national eID infrastructure and market-dominating service providers.
* [IDENTITY MATTERS - A primer paper on the rise and relevance of Self-Sovereign Identity.](https://cboxxtest.files.wordpress.com/2017/09/cboxxidentitymatters04.pdf) 2017-09
> This list of 13 interesting projects / startups in the Self Sovereign Identity field should be treated as a starting point as of September 2017; it will be out of date when you read it ...
* [Blockchain for Identity Management](https://www.cs.bgu.ac.il/~frankel/TechnicalReports/2016/16-02.pdf) 2016-12-11 Ori Jacobovitz
> In this paper, I discusses the state of the art in Blockchain technology and its applications, focusing on applications and solutions in identity management
* [Towards Self-Sovereign Identity using Blockchain Technology](https://essay.utwente.nl/71274/1/Baars_MA_BMS.pdf) 2016-10-26 Djuri Baars, Rabobank
> A case study has been performed on a solution which allows the exchange of KYC attributes, resulting from thorough Customer Due Diligence (CDD) as is often performed when opening a bank account. These attributes can be used by other entities, like insurance companies and mortgage lenders to make their on-boarding process easier for customers, since they dont need to supply copies of the same documentation all over again. Also, the companies themselves could outsource their Customer Due Diligence (CDD) this way to lower costs and make fewer errors. Although the idea is very interesting, the studied solution did not meet the expectations. At the time the company behind the solution was very small and the process to improve very complex. The solution was also proprietary, creating dependence on the vendor, which heightens the adoption barrier
* [Decentralizing Privacy: Using Blockchain to Protect Personal Data](http://web.media.mit.edu/~guyzys/data/ZNP15.pdf) 2015-03-02
> Personal data, and sensitive data in general, should not be trusted in the hands of third-parties, where they are susceptible to attacks and misuse. Instead, users should own and control their data without compromising security or limiting companies and authorities ability to provide personalized services. Our platform enables this by combining a blockchain, re-purposed as an access-control moderator, with an off-blockchain storage solution. Users are not required to trust any third-party and are always aware of the data that is being collected about them and how it is used. In addition, the blockchain recognizes the users as the owners of their personal data. Companies, in turn, can focus on utilizing data without being overly concerned about properly securing and compartmentalizing them.
* [Establishing Identity Without Certification Authorities](https://www.usenix.org/conference/6th-usenix-security-symposium/establishing-identity-without-certification-authorities) 1996
> There are many methods for establishing identity without using certificates from trusted certification authorities. The relationship between verifier and subject guides the choice of method. Many of these relationships have easy, straight-forward methods for binding a public key to an identity, using a broadcast channel or 1:1 meetings, but one relationship makes it especially difficult. That relationship is one with an old friend with whom you had lost touch but who appears now to be available on the net. You make contact and share a few exchanges which suggest to you that this is, indeed, your old friend. Then you want to form a secure channel in order to carry on a more extensive conversation in private. This case is subject to the man-in-the-middle attack. For this case, a protocol is presented which binds a pair of identities to a pair of public keys without using any certificates issued by a trusted CA.
* [Security without Identification: Transaction Systems to make Big Brother Obsolete](https://www.cs.ru.nl/~jhh/pub/secsem/chaum1985bigbrother.pdf) 1985 David Chaum
> With the new approach, an individual uses a different account number or “digital pseudonym” with each organization. Individuals will create all such pseudonyms by a special random process. Information further identifying the individual is not used. A purchase at a shop, for example, might be made under a one-time-use pseudonym; for a series of transactions comprising an ongoing relationship, such as a bank account, a single pseudonym could be used repeatedly. Although the pseudonyms cannot be linked, organizations will be able to ensure that the pseudonyms are not used improperly by such measures as limiting individuals to one pseudonym per organization and ensuring that individuals are held accountable for abuses created under any of their pseudonyms. Individuals will be able to authenticate ownership of their pseudonyms and use them while ensuring that they are not improperly used by others.
* [The Knowledge Complexity Of Interactive Proofs](https://dl.acm.org/doi/10.1145/22145.22178) 1985 Shafi Goldwasser, Silvio Micali, and Charles Rackoff
> In this paper a computational complexity theory of the “knowledge” contained in a proof is developed. Zero-knowledge proofs are defined as those proofs that convey no additional knowledge other than the correctness of the proposition in question. Examples of zero-knowledge proof systems are given for the languages of quadratic residuosity and 'quadratic nonresiduosity. These are the first examples of zero-knowledge proofs for languages not known to be efficiently recognizable.
## Reports
* [Self-sovereign identity as future privacy by design solution in digital identity?](https://iapp.org/resources/article/white-paper-self-sovereign-identity/) 2022-08 International Association of Privacy Professionals (White Paper)
> With ongoing research in the field and growing awareness of the potential for privacy protection of SSI solutions, the concepts of privacy by default and privacy by design are increasingly adopted for new architectures using distributed ledger technology. It will, however, need the private sector to follow a SSI market roadmap, and to implement and use the opportunities of SSI to complete this (r)evolution of digital identity