decentralized-id.github.io/identosphere-dump/literature/research.md
2023-01-15 01:30:53 -05:00

50 KiB
Raw Blame History

published
false

Research

This solution allows users to prove that they are vaccinated for different pathogens without revealing their identity. The architecture is loosely coupled, allowing components to be exchanged, which we discuss when we present the implementation of a working prototype.

based on the article Self-Sovereign Identity in a Globalized World: Credentials-Based Identity Systems as a Driver for Economic Inclusion by Fennie Wang and Primavera De Filippi.

  • SURF: Technical exploration Ledger-based Self Sovereign Identity Identity Economy DE

    This report begins by describing SSI and its concepts, standards and components in more detail in chapter two. Chapter three describes the project activities that were conducted. In chapter four, we describe the technology stack we selected in more detail, to set the stage for chapter five, where we describe the SURF deployment we set up for further testing. In chapter six, we present the findings, both when evaluating the standards and platforms, our experiments with the technical setup we deployed and while testing our use cases.

    Unfortunately, our time was limited and, at the same, time more insight also brought additional questions and ideas. Chapter seven therefore contains a number of suggestions for further work that could be conducted.

    Chapter eight wraps up the document with a number of conclusions on SSI and its applicability in the context of SURF. We have also provided links to online resources including the git repositories, where we have made all our code and deployment information available, as well as some demonstration videos.

  • Decentralized SSI Governance, the missing link in automating business decisions TNO

    This paper introduces SSI Assurance Communities (SSI-ACs) and identifies three specific governance topics: credential-types, accreditation and decision tree support.

Tools and services are suggested that help with these topics. Furthermore, a distinction is made between what the business primarily cares about (business and business applications), and the technology and other things that are just expected to work (which we call "SSI-infrastructure").

  • Development of a Mobile, Self-Sovereign Identity Approach for Facility Birth Registration in Kenya

    The process of birth registration and the barriers experienced by stakeholders are highly contextual. There is currently a gap in the literature with regard to modeling birth registration using SSI technology. This paper describes the development of a smartphone-based prototype system that allows interaction between families and health workers to carry out the initial steps of birth registration and linkage of mothers-baby pairs in an urban Kenyan setting using verifiable credentials, decentralized identifiers, and the emerging standards for their implementation in identity systems.

  • Digital identities steps on the path to an ID ecosystem BankenVerband Position Paper

    To be a success, an ecosystem of verified digital identities must

  • be usable by different companies and across different sectors,
  • enable interoperability with existing schemes,
  • be based on consistent and, ideally, globally recognised standards,
  • be usable by any individual in society, irrespective of nationality,
  • be secure and help to protect consumers against identity fraud,
  • be consumer-centric, meaning that it enables data sovereignty,
  • be usable in legal contexts and be recognised by all public authorities,
  • and be able to accommodate natural persons and legal entities and, in future, objects too.

This article is primarily interested in the affordances of the technology as a public good for the education sector. It levers on the lead authors perspective as a mediator between the blockchain and education sectors in Europe on high-profile blockchain in education projects to provide a snapshot of the challenges and workable solutions in the blockchain-enabled, European digital credentials sector.

This paper introduces a software architecture and implementation of a system based on design patterns from the field of self-sovereign identity. Scientists can issue signed credentials attesting to qualities of their data resources. Data contributions to ML models are recorded in a bill of materials (BOM), which is stored with the model as a verifiable credential. The BOM provides a traceable record of the supply chain for an AI system, which facilitates on-going scrutiny of the qualities of the contributing components. The verified BOM, and its linkage to certified data qualities, is used in the AI Scrutineer, a web-based tool designed to offer practitioners insight into ML model constituents and highlight any problems with adopted datasets, should they be found to have biased data or be otherwise discredited.

  • Exploring Potential Impacts of Self-Sovereign Identity on Smart Service Systems

    Self-sovereign identity (SSI) is a new paradigm, which puts users back in control of their own digital identity. This does not only strengthen the position of the users but implies new interaction schemes that may improve interoperability and usability. Smart services systems enable the integration of resources and activities and use smart products as boundary objects. As such systems typically involve digital interactions between multiple actors, it can be assumed that utilising SSI has a positive impact on them. To investigate how these potential improvements manifest themselves, we investigate electric vehicle charging as example of a smart service system. At the core of our conceptual analysis is the service process, which we extract from a reference model. Based on a SWOT analysis, we identify areas for transformation and derive an SSI-enabled interaction model for an electric vehicle charging service. The evaluation of the new process shows that SSI can reduce complexity of integration with partners and can provide a better customer experience through simplified registration and authentication. Moreover, SSI might even lead to the disintermediation of actors in the service system. Although SSI is still emerging, our findings underline its relevance as a mechanism to establish trust in smart service systems through the seamless and standardised integration of digital identities for humans, organisations, and things.

  • Encoding Trust that Travels with Data — A New Product Introduction Case Study Powered by Solutions Design with Transmute

underpinned by GS1 as a root of trust in the network — continuing a rich history for GS1 in this role. GS1 licenses and identifiers are and will continue to be at the foundation of trusting products and companies. Combining current practices with verifiable credential, decentralized identifier, and GS1 Digital Link standards disambiguating products builds business reputation for just-in-time engagement while keeping information up to date.

In a world that is becoming more digital, it is relevant to find some guidelines for organizations to design digital identity more ethically. A universal identity system on the internet is still missing and there are no clear standards for organizations to design digital identity. With this research, knowledge and insights have been obtained to advance organizations to design digital identity more ethically. A contribution has been made by proposing the conditions to enable improvements for a more ethical design.

Self-sovereign identity (SSI) solutions implemented on the basis of blockchain technology are seen as alternatives to existing digital identification systems, or even as a foundation of standards for the new global infrastructures for identity management systems. It is argued that self-sovereignty in this context can be understood as the concept of individual control over identity relevant private data, capacity to choose where such data is stored, and the ability to provide it to those who need to validate it.

The proposed solution concept, zkKYC, removes the need for the customer to share any personal information with a regulated business for the purpose of KYC, and yet provides the transparency to allow for a customer to be identified if and when that is ruled necessary by a designated governing entity (e.g. regulator, law enforcement). This approach breaks the traditional privacy vs. transparency trade-off and provides structured transparency, resulting in a net positive outcome for all parties involved.

The current interoperability processes for data exchange result in fragmentation and lack of aggregation, impacting patient identity, consent management, and access management across stakeholders. Patients lack the ability to administer and transfer consent in managing their own data. Payers risk sharing data with partners without consent. And, providers have identified “pain points” in data sharing in consent management and care coordination.

revocation acceptance is at the discretion of individual clients, making our mechanism fully adhere to the principles of Self-Sovereignty. This revocation and verification structure is part of our Industry-Grade Self-Sovereign Identity (IG-SSI) architecture. IG-SSI is a purely academic fully distributed SSI scheme with intrinsic equality across the network. Furthermore, communication is facilitated peer-to-peer, requiring no specialised infrastructure.

we argue that without addressing privacy at the network level, SSI systems cannot deliver on this promise. In this paper we present the design and analysis of our solution TCID, created in collaboration with the Dutch government. TCID is a system consisting of a set of components that together satisfy seven functional requirements to guarantee the desirable system properties.

we discuss the challenges of todays centralized identity management and investigate current developments regarding verifiable credentials and digital wallets. Finally, we offer suggestions about promising areas of research into decentralized digital identities.

using standards that are WWW Consortium-compatible and the Ethereum Blockchain, ensures eligibility, transparency, and traceability of the certifications along a food supply chain, and could be an innovation model/idea that the companies that adopt the Open Innovation paradigm might want to pursue.

The discussion covered a broad range of topics, from specific data availability to the challenges of applying and translating technical data into usable formats to the application of geospatial data for anticipatory humanitarian response

We demonstrate how blockchain-based self-sovereign identity (SSI) can solve the challenges of KYC. We follow a rigorous design science research approach to create a framework that utilizes SSI in the KYC process, deriving nascent design principles that theorize on blockchains role for SSI.

Self-sovereign identity (SSI) is an idea, a movement, and a decentralized approach for establishing trust online. Many standards-making bodies, open-source working groups, and organizations have been working on SSI and verifiable credentials for years. Although production-ready solutions remain in the developmental stage, business executives, professionals, and students need to start learning about whats ahead. Business practitioners want to know what is unique about SSI. Is there anything idiosyncratic about managing an SSI project compared to other digital projects? How can we apply SSI to deliver business value? We help to answer those questions by explaining SSI through a case study at UK National Health Service (NHS). NHS developed a digital staff passport to verify health professionals qualifications and credentials so that healthcare staff could be moved around quickly during COVID-19. While SSI provides some unique capabilities, it does not require unique project management practices. Like all digital projects, the aim was to build capabilities and design for interoperability to avoid vendor lock-in. Building on its early success, NHS intends to expand the application to enable its strategic people plan.

Credential Exchange Infrastructures based on open standards are emerging with work ongoing across many different jurisdictions, in several global standards bodies and industry associations, as well as at a national level. This article addresses the technology advances on this topic, particularly around identification mechanisms, through the Self-sovereign identity model.

This system guarantees the authenticity and integrity of user credentials and e-portfolio data. Decentralized identifiers and verifiable credentials are used for user profile identification, authentication, and authorization, whereas verifiable claims are used for e-portfolio credential proof authentication and verification. We have designed and implemented a prototype of the proposed scheme using a Quorum consortium blockchain network. Based on the evaluations, our solution is feasible, secure, and privacy-preserving. It offers excellent performance.

serves as a key resource to analyse the usefulness of the approaches in the context of the increasing datafication of both private and public spheres.

this article assesses how the personas method can be adapted to include morethan-human perspectives in the design process. Based on a case study, which involved designing smart urban furniture for human and non-human use, we introduce a framework for developing and employing non-human personas. As a key element of the framework, we describe a middle-out approach for forming a coalition that can speak on behalf of the non-human species that are impacted by design decisions.

The paper provides an overview of the SSI properties, focusing on an in-depth analysis, furthermore presenting a comprehensive collection of SSI properties that are important for the implementation of the SSI system. In addition, it explores the SSI process flow and highlights the steps in which individual properties are important.

We follow a rigorous design science research approach to create a framework that utilizes SSI in the KYC process, deriving nascent design principles that theorize on blockchains role for SSI.

The results suggest that validation research and solution proposals prevail, addressing decentralized identity in a general matter. Papers mainly propose systems/solutions, architectures, and frameworks, focusing on authentication, security, privacy, and trust, while there are hardly any studies researching usability, user experience, patterns, and good practices.

Research from the Real World

  1. In what ways might platform work empower women?

  2. How can we make platforms work better for women?

The unified theory of acceptance and use of technology was extended to examine the potential influence of the self sovereign identity principles and trustworthyness, along with other factors such as percieved usefulness and perceived ease of use, on the adoption of this new approach to online identity

This research has been performed in pursuit of the MSc Computer Science at Delft University of Technology in collaboration with the Dutch National Office for Identity Data (RvIG), part of the Dutch Ministry of the Interior and Kingdom Relations. Self-Sovereign Identity (SSI) is a relatively new concept part of a movement aspiring to create a universal identity layer for the Internet. SSI aims to put the citizen at the centre of their data, making them the sovereign over their digital presence.

What's needed is a method to enable true mutual agency between any two parties in an Internet-enabled relationship. We propose a right-to-use license for access permissions as a practical alternative to consent and contract as used today, and a taxonomy that classifies important types of permissions. We also examine new data sharing scenarios, including decentralized identity, that may support their use.

This study presents a rigorous systematic mapping and systematic literature review covering theoretical and practical advances in Self-Sovereign Identity. We identified and aggregated evidence from publications to answer four research questions, resulting in a classification scheme used to categorize and review publications. Open challenges are also discussed, providing recommendations for future work.

This article is primarily interested in the affordances of the technology as a public good for the education sector. It levers on the lead authors perspective as a mediator between the blockchain and education sectors in Europe on high-profile blockchain in education projects to provide a snapshot of the challenges and workable solutions in the blockchain-enabled, European digital credentials sector.

The Gravity Platform was developed through direct inputs from all types of end-users through user consultations with local communities and NGO staff.

presents the architecture of an identity metasystem called the Sovrin Network that aims to improve the user experience, increase flexibility, and reduce overall costs while supporting better privacy and security. We discuss the problems of online identity on the modern internet, discuss the nature of digital relationships, explore the architectures of identity systems, and detail the combination of these concepts into a comprehensive metasystem for solving the problems of online identity.

  • Blockchain, Self-Sovereign Identity and Digital Credentials: Promise Versus Praxis in Education

    This article is primarily interested in the affordances of the technology as a public good for the education sector. It levers on the lead authors perspective as a mediator between the blockchain and education sectors in Europe on high-profile blockchain in education projects to provide a snapshot of the challenges and workable solutions in the blockchain-enabled, European digital credentials sector.

  • Towards a Modelling Framework for Self-Sovereign Identity Systems

    Modelling self-sovereign identity systems seeks to provide stakeholders and software architects with tools to enable them to communicate effectively, and lead to effective and well-regarded system designs and implementations. This paper draws upon research from Actor-based Modelling to guide a way forward in modelling self-sovereign systems, and reports early success in utilising the iStar 2.0 framework to provide a representation of a birth registration case study.

  • Self Sovereign Digital Identity on the Blockchain: A Discourse Analysis if you want understand the history of self-sovereign intellectual ideas its a good read.

    A key aim of this paper then, is to bring a discussion that must be (but currently is not) taking place in an academic context, due to its inherent multidisciplinary nature and complexities, into that particular realm of debate. This history of self-sovereignty, thus can be read as an experimental discourse analysis that discerns the contemporary usage of the concept

  • Digital identity for development: The quest for justice and a research agenda

    we first propose a framework to map the theoretical link between digital identity and human development, articulated in three dimensions linking digital identity to expected development outcomes. Secondly, we present the seven papers in this collection in terms of how they problematise such a link, observing how each of them uses empirical data to increase existing knowledge on this connection and question it.

  • Self-Sovereign Identity for IoT environments: A Perspective

(On ARXIV) PGP, X.509, and SSI standards

We contrast existing approaches for identity on the Internet, such as cloud-based accounts and digital certificates, with SSI standards such as Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs). To the best of our knowledge, this is the first thorough comparison of these approaches. The benefits and challenges of using DIDs and VCs to identify and authenticate IoT devices and their respective users are discussed.

Establishing Self Sovereign Identity - Frontiers Research Topic

  • Will social media giants and governments embrace or resist SSI?
  • Will SSI play a role in activism by civil society organisations?
  • What are the incentives and commercial models that will encourage SSI adoption?
  • What kinds of governance structures need to be established for SSI? The purpose of this Research Topic is to generate a rich resource for identity practitioners, researchers, technologists, potential adopters and many more to explore, understand, advance and enrich this subject.

This paper addresses the role of digital identities for a functioning digital economy and outlines requirements for their management. [...] The concept of Self-Sovereign Identities (SSI) and the associated standards “Verifiable Credentials” and “Decentralized Identifiers” is a promising approach to improve the situation. They allow the flexible exchange of tamper-proof digital proofs between users and systems. Therefore, they form the foundation for building trust relationships in the digital space. This paper introduces the SSI paradigm and discusses the barriers that prevent the wide-scale adoption of this concept.

This thesis introduces the concept of self-sovereign identity and analysis the factors required to achieve adoption of the concept. It describes the basic components of a self-sovereign identity system and provides the reader with an overview of important conceptual theories to understand the differences to traditional identity systems and the unique approach taken instead. It then dives into the status quo of the discussions around business, technology, legal and governance aspects. It further examines the central factors for the user and describes a know your costumer use-case as well as the current efforts and challenges for higher education certificates for learners. Furthermore, it depicts the diffusion factors of the innovation. While the legal aspects are mainly concerned with regulations from the European Union, the findings in this thesis can be applied globally.

We analyzed GitHub issues to find breakdowns when syndicating between brid.gy and Facebook. Results explore how alternative social media can coexist w/ the corporate web

Bridging the Open Web and APIs: Alternative Social Media Alongside the Corporate Web.

Goal: In a country where 60% of the vulnerable citizens, not having an identity or bank account, but own a smart phone, echoes the possibility of a mobile based digital identity solution.

The present project is aimed to deliberate upon the feasibility, benefits and privacy concerns associated with different identity models. All possible decentralized identity models shall be audited in light of data protection, immutability, revocation, accountability, auditability, speed and users control over the personally identifiable information...... and the one that promises self-sovereign identity, shall be worked out with associated bare-bone framework.

the findings are presented as two parts of a whole, the first being the conceptual framework that describes a set of essential factors that an ecosystem requires in order to fulfill the goals of self-sovereign identity and interoperability. The second is a set of visualizations of how the framework can be used to design systems and interactions, inside and between the systems, to create an ecosystem.

Alexandra Giannopoulou

The concept of self-sovereign identity (SSI) describes an identity management system created to operate independently of third-party public or private actors, based on decentralised technological architectures, and designed to prioritise user security, privacy, individual autonomy and self-empowerment.

New paper by Kaliya presented at Identiverse for the first time - in first public review.

Feedback welcome :)

The first follows the ways in which identities were designed and managed in computer systems. [...] The second history examines the evolution of paper-based identity systems that emerged in Europe. [...] The last section of the paper brings these two histories together and explains why the underlying technological design of SSI aligns with Western liberal democratic values in a way that the earlier digital identity systems designs do not.

we leveraged the Hyperledger Indy blockchain framework to store patients decentralized identifiers (DIDs) and the schemas or format for each credential type. In contrast, the credentials containing patient data are stored off-ledger in each persons wallet and accessible via a computer or smartphone. We used Hyperledger Aries as a middleware layer (API: Application Programming Interface)  to  connect  Hyperledger  Indy  with  the  front-end,

SSI technology enable methods for acquiring verified credential (VC) that are verifiable on a decentralised blockchain registry to identify both real estate owner(s) and real estate property. Second, the smart contracts are used to negotiate the secure transfer of real estate property deeds on the marketplace. To assess the viability of our proposal we define an application scenario and compare our work with other approaches.

This paper illustrates how TRAIN (Trust mAnagement INfrastructure), an approach based on established components like ETSI trust lists and the Domain Name System (DNS), can be used as a trust registry component to provide a holistic approach for trust management in SSI ecosystems. TRAIN facilitates individual trust decisions through the discovery of trust lists in SSI ecosystems, along with published credential schemas, so that verifiers can perform informed trust decisions about issued credentials.

We further distinguish two major approaches, namely the Identifier Registry Model and its extension the Claim Registry Model. [...] We will provide a more coherent view of verifiable claims in regards to blockchain based SSI and clarify differences in the used terminology. Storage solutions for the verifiable claims, both on- and off-chain, are presented with their advantages and disadvantages.

We investigate the privacy of the method did:btcr based on the criteria adopted from RFC 6973.

  • Surveillance
  • Correlation
  • Identification
  • Secondary Use
  • Disclosure
  • Misattribution

Our findings demonstrate that SSI-based event ticketing can enable efficient secondary market control by facilitating a practical implementation of the centralized exchange model. To generalize our results, we derive design principles for the efficient, reliable, and privacy-oriented ticket and identity verification and the use of revocation registries.

we propose a trust registry design that handles the aspect of human trust in self sovereign identity. We also introduce an incentivisation mechanism for the trust registry in order to motivate each stakeholder to participate actively and honestly.

Self-sovereign identity and blockchain technology in public management: current results of pilot programs in missions

This topic is a resource for those seeking to understand the building blocks and challenges of creating and growing SSI identity networks. Developing an SSI system is not straightforward; it takes a journey of collaboration and compromise.

With ongoing research in the field and growing awareness of the potential for privacy protection of SSI solutions, the concepts of privacy by default and privacy by design are increasingly adopted for new architectures using distributed ledger technology. It will, however, need the private sector to follow a SSI market roadmap, and to implement and use the opportunities of SSI to complete this (r)evolution of digital identity

The objective of this workstream was to examine the technology and policy landscapes for digital credentials of INATBA-Governmental Advisory Body (GAB) members, identify the commonalities and gaps, and then develop recommendations for enabling interoperability and mutual support for digital credentials across borders.

the first fully distributed SSI revocation mechanism that does not rely on specialised trusted nodes. Our novel gossip-based propagation algorithm disseminates revocations throughout the network and provides nodes with a proof of revocation that enables offline verification of revocations. We demonstrate through simulations that our protocol adequately scales to national levels.

a few SSI schemes introduce accountability mechanisms, but they sacrifice users privacy. In addition, the digital identities (static strings or updatable chains) in the existing SSI schemes are as inputs to a third-party executable program (mobile app, smart contract, etc.) to achieve identity reading, storing and proving, and users self-sovereignty are weakened. To solve the above problems, we present a new self-sovereign identity scheme to strike a balance between privacy and accountability

SRI focused primarily on the cryptographic algorithms being used in the W3C standards and not on blockchain and DLT technologies or their use in operational systems. An algorithmic review is an important starting point to a full, system-level review for compliance to the federal standards and other requirements

The project is directed primarily toward design and innovation teams, and associated knowledge workers, whose efforts have significant influence on future technologies, platforms, and their impacts. This work explores how we might deconstruct power dynamics prevalent in digital service design today. Through multiple analyses, maps and models of these systems, the paper reveals multiple opportunities for change.

This week, CEUR-WS.org has published the paper titled Harmonization Profiles for Trusted Data Sharing Between Data Spaces: Striking the Balance between Functionality and Complexity in the CEUR Workshop Proceedings.

The nuclear sector presents an exciting opportunity to implement advanced digital technologies for driving operational improvements and cultural transformation. Our DLT Field Labs showed how some of the challenges that seemed perplexing at the start of our journey have been deciphered through innovation and collaboration.

Today, Sep 16th is the International Identity Day, a commemoration of the UN Sustainable Development Goal 16.9 which calls for the provision of legal identity for all by 2030.

The proposed holistic framework aims to ignite new ideas and discussions related to the combined deployment of DLT, SSI, and metaverse to inspire new implementation areas within the Industry 4.0 environment. The paper also discusses various opportunities, enablers, technical & privacy aspects, legislation requirements, and other barriers related to SSI implementation.

To address trust and privacy issues in IOBP, this paper presents a Blockchain-based Self-Sovereign Identity (SSI) approach. The SSI concept is combined with a registry proof smart contract to provide an efficient privacy-preserving solution. The proposed approach is applied to the pharmaceutical supply chain case study and implemented on the Ethereum Blockchain

focusing on an in-depth analysis, furthermore, presenting a comprehensive collection of SSI properties that are important for the implementation of the SSI system. In addition, it explores the general SSI process flow, and highlights the steps in which individual properties are important. After the initial purification and classification phase, we then validated properties among experts in the field of Decentralized and Self-Sovereign Identity Management using an online questionnaire, which resulted in a final set of classified and verified SSI properties.

a framework for integrating Self-sovereign Identity (SSI) for providing web services in a secure passwordless manner with much more user control and greater flexibility. We provide its architecture, discuss its implementation details, sketch out its use-case with an analysis of its advantages and limitations.

We describe the two main ZKP VCs schemes based on classical cryptographic assumptions, that is, the signature scheme with efficient protocols of Camenisch and Lysyanskaya, which is based on the strong RSA assumption, and the BBS+ scheme of Boneh, Boyen and Shacham, which is based on the strong Diffie-Hellman assumption. Since these schemes are not quantum-resistant, we select as one of the possible post-quantum alternatives a lattice-based scheme proposed by Jeudy, Roux-Langlois, and Sander, and we try to identify the open problems for achieving VCs suitable for selective disclosure, non-interactive renewal mechanisms, and efficient revocation.

In this paper, we describe the SSI framework architecture as well as possible use cases across domains like healthcare, finance, retail, and government. The paper also contrasts SSI and its decentralized architecture with the current widely adopted model of Public Key Infrastructure (PKI).

In circles of identity management scholars and practitioners, the general consensus is that the region of northern Europe provides a good practice example [...] Out of the eighteen countries included in northern Europe in this paper, one has no national ID; another denies it has, and seven countries only have a voluntary ID. The extent of national ID coverage is hardly known. Also in the European Union, only six in ten countries have a mandatory ID. It does not matter.

According to World Bank gospel northern Europes frivolity about national IDs must mean big trouble.

“Since offering users control and sovereignty over their own data is a highly desirable goal, we are working with innovation partners to establish an identity system that works without any central data collector and is operated equally by many participants,” says Dr. Nik Scharmann, Project Director of the “Economy of Things” (EoT) strategic advance engineering project at Bosch Research.