[2024]Digital Global Overview Report 2024 Meltwater.pdf
BlockchainHub Graz Meetup #24 - Self-Sovereign Identity - Andreas Abraham
1. Das E-Government Innovationszentrum ist eine
gemeinsame Einrichtung des BMDW und der TU Graz
Self-Sovereign Identity (SSI)
The Concept of Self-Sovereign Identity (SSI), its motivation and
potential [1]
Andreas Abraham
andreas.abraham@egiz.gv.at
Graz, 06.11.2018
2. Andreas AbrahamSelf-Sovereign Identity 2
Overview
« What are digital identities
« What is identity management
« What are the problems in identity management
« Can the blockchain help to solve these issues
« Evolution of identity models
« Self-Sovereign Identity
« Architecture, potentital and use cases
« Research
3. Andreas AbrahamSelf-Sovereign Identity 3
Digital Identities
« “Digital identity can be defined as the digital representation of the information known
about a specific individual or organization.” [Bertino and Takahashi]
« Digital Identity consists of:
« Identifier
« e.g. email address
« Attributes
« e.g. name, birthdate
« Credentials
« e.g. certificate, password
Identifier
Digital Identity
stands for stands for
refers to
Subject
4. Andreas AbrahamSelf-Sovereign Identity 4
Identity Management (IdM)
« Identity and access management combines processes, technologies, and policies to
manage digital identities and specify how they are used to access resources. [Microsoft]
« Managin of:
« Identities
« Identity lifecycle
« Create
« Usage
« Maintain
« Delete
« Governance
« Access rights
5. Andreas AbrahamSelf-Sovereign Identity 5
Problems
« The web was not considered using digital identities
« Companies create their own IdM solution -> identity silos
« Problem that the users are not in control of the digital identity and do not have
ownership over the identity data
« Identity silos attract attackers
« Trust in organizations and companies that store and maintain identity data
« Examples:
« The Equifax [2] data breach 2017, sensitive data of approximately 145 million
American citizens were exposed
« Facebook’s [3] data breach 2018, 50 million Facebook profiles were disclosed
6. Andreas AbrahamSelf-Sovereign Identity 6
Blockchain
« Can the blockchain help to solve these problems?
« What does the term „blockchain“ actually mean?
« The term blockchain can stand for:
« A actual chain of cryptographically connected blocks
« A cryptocurrency
« An umbrella term over a collection of tools and fancy cryptography
« Blockchain is a special case of the DL
« In SSI context, the term distributed ledger (DL) is often used instead of blockchain
It depends!
7. Andreas AbrahamSelf-Sovereign Identity 7
SSI Concept
« Per definition, sovereignty is a supreme power of authority that governs itself without
any outside influences
« Sovereignty in IdM means that the user fully owns and controls her own identity data
« User should be able to create, update, delete her own identity data
« User has to give consent about what data are being shared
« Joe Andrieu [4] defined the core characteristics of SSI as:
« Control: SSIs are fully controlled by the related subject
« Acceptance: SSIs are accepted were observers and individuals correlate across
contexts
« Zero-Costs: SSIs should follow the minimal cost principle
8. Andreas AbrahamSelf-Sovereign Identity 8
SSI Concept - The 10 Principles
Christopher Allen [5] defined the 10 principles of SSI
1. Existence
2. Control
3. Access
4. Transparency
5. Persistence
6. Portability
7. Interoperability
8. Consent
9. Minimalization
10. Protection
9. Andreas AbrahamSelf-Sovereign Identity 9
IdM Actors
« Subject (User)
« Digital identity of a person
« Identity Provider (IdP)
« Identification and authentication
« Provides subjects attributes to SP
« Service Provider (SP)
« Provides services or resources to the subject
« Control Party
« Checks compliance of policies, guidelines and laws
10. Andreas AbrahamSelf-Sovereign Identity 10
Isolated IdM Model
« SP is also IdP
« Authentication at IdP
« Identity data are stored and maintained
from the SP
[6]
11. Andreas AbrahamSelf-Sovereign Identity 11
Central IdM Model
« IdP separated from SP
« Identity data are stored at the IdP
« SP receives identity data from the IdP
« User has no control over the actual
data transfer
[6]
12. Andreas AbrahamSelf-Sovereign Identity 12
Federated IdM Model
« Identity data distributed
across several IdPs
« Identity data are linked
« Trust relationship between
IdPs required
[6]
13. Andreas AbrahamSelf-Sovereign Identity 13
User-Centric IdM Model
« Identity data are stored in the user‘s
domain
« Sharing of identity data requires
explicit user consent
[6]
14. Andreas AbrahamSelf-Sovereign Identity 14
SSI IdM Model
« SSI is the next step after the user-centric model
« The user fully controls her identity data
« Without trust in a central authority
« User should be able to create, update and delete their own identity
« Utilizing the distributed ledger technology (DLT)
« Trust is distributed to the nodes
15. Andreas AbrahamSelf-Sovereign Identity 15
SSI Architecture Requirements
« Ledger Type: Permissioned DL
« Trusted nodes that hold a copy of the ledger
« Consensus mechanism
« Identifier which don‘t require central authority for creation such as decentralized
identifier (DID)
« Lightweight data format that is also extensible such as verifiable claims
« Data storage: No sensitive data are store on the ledger
« Data import/gathering: trust anchors issue claims for users
« Should support selective attribute disclosure
17. Andreas AbrahamSelf-Sovereign Identity 17
SSI Potential
« Extends the trust model in IdM by solving trust issues in a central authority
« Can support GDPR compliance
« Can be used as decentralized public key infrastructure (DPKI)
« No single point of failure
« Not bound to a specific country, usage of identity data all over the world
« Combining it with already existing IdM systems to import identity data
18. Andreas AbrahamSelf-Sovereign Identity 18
SSI Use Cases
« User applies for a job at company C
« Company C wants to verify if the user holds a masters degree from the university U
« The university issues the user a signed claim that she holds a masters degree
« The user gives her consent to share this claim with company C
« The company can verify that the claim belongs to the User and that the issuer was
the university
19. Andreas AbrahamSelf-Sovereign Identity 19
SSI Use Cases - Privacy Preserving Claim Attestation
« Requesting special services:
« John is a student with physical disabilities requires special services
« He wants to study at a University and requests these special
« John provides medical attestations, issued by his health operator
« The medical attestations can contain various information about John
« John only discloses the information that he has reduced mobility capabilities
« Prove age of majority:
« John has to prove his age of majority to a public authority
« The public authority receives a claim about that John‘s age is > 18
20. Andreas AbrahamSelf-Sovereign Identity 20
Research
« Use an existing IdM system as source for digital identities
« Goal is to import identity data from an existing IdM system into a SSI system
« Maintaining the trust in the identity data
« Benefits:
« Possibility to import from almost any existing IdM system
« Without having to change the existing IdM
« Improvement: Privacy-Preserving identity data derivation
23. Andreas AbrahamSelf-Sovereign Identity 23
References
[1] A. Abraham, „Self-Sovereign Identity“, Whitepaper, https://www.egiz.gv.at/files/download/Self-Sovereign-
Identity-Whitepaper.pdf , 2017
[2] Seena Gressin, “The Equifax Data Breach: What to Do | Consumer Information,” September 8, 2017.
[Online]. Available: https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do. [Accessed:
23-Apr-2018].
[3] “Facebook Data Breach -- What To Do Next.” [Online]. Available:
https://www.forbes.com/sites/kateoflahertyuk/2018/09/29/facebook-data-breach-what-to-do-
next/#565bbf9d2de3 . [Accessed: 09-Nov-2018].
[4] J. Andrieu, R. Web, and T. D. October, “A Technology ‐ Free Definition of Self ‐ Sovereign Identity,”
October, 2016.
[5] Allen Christopher, “The Path to Self-Sovereign Identity,” April 25, 2016. [Online]. Available:
http://www.lifewithalacrity.com/2016/04/the-path-to-self-soverereign-identity.html . [Accessed: 30-Aug-
2018].
[6] F. Hörandner, „Lecture Slides Identity Management“, https://teaching.iaik.tugraz.at/_media/egov/2018_19-
l03-identity-management.pdf
[7] A. Abraham, „Importing National eID Attributes into a Decentralized System“, Concept,
https://www.egiz.gv.at/files/projekte/2018/eIdAttributeImport/ImportNationaleEIdAttribute.pdf