SISSI: An Architecture for Semantic Interoperable Self-Sovereign Identity-based Access Control on the Web

Braun, Christoph H.-J.; Papanchev, Vasil; Käfer, Tobias

doi:10.1145/3543507.3583409

Cited by 5 publications

(1 citation statement)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A verifiable credential-based authentication mechanism is an ongoing subject of discussion with respect to Solid. A suitably designed [62,63] VC protocol should satisfy unlinkability from the perspective of the issuer, in the sense that having issued the credential, it is impossible for the issuer to link two sessions where credentials are used, assuming the data user and app are honest, and even when the session involves a credential that it issued. A typical flow for an unlinkable VC protocol is presented in Figure 8, where the information typically provided in an ID token is authenticated in two stages, as suggested by the attributes struck out.…”

Section: Unlinkable Alternatives To Solid Oidc For Authentication Via...mentioning

confidence: 99%

Assessing the Solid Protocol in Relation to Security and Privacy Obligations

Esposito,

Horne,

Robaldo

et al. 2023

Information

View full text Add to dashboard Cite

The Solid specification aims to empower data subjects by giving them direct access control over their data across multiple applications. As governments are manifesting their interest in this framework for citizen empowerment and e-government services, security and privacy represent pivotal issues to be addressed. By analysing the relevant legislation, with an emphasis on GDPR and officially approved documents such as codes of conduct and relevant security ISO standards, we formulate the primary security and privacy requirements for such a framework. The legislation places some obligations on pod providers, much like cloud services. However, what is more interesting is that Solid has the potential to support GDPR compliance of Solid apps and data users that connect, via the protocol, to Solid pods containing personal data. A Solid-based healthcare use case is illustrated where identifying such controllers responsible for apps and data users is essential for the system to be deployed. Furthermore, we survey the current Solid protocol specifications regarding how they cover the highlighted requirements, and draw attention to potential gaps between the specifications and requirements. We also point out the contribution of recent academic work presenting novel approaches to increase the security and privacy degree provided by the Solid project. This paper has a twofold contribution to improve user awareness of how Solid can help protect their data and to present possible future research lines on Solid security and privacy enhancements.

show abstract

Section: Unlinkable Alternatives To Solid Oidc For Authentication Via...mentioning

confidence: 99%

Assessing the Solid Protocol in Relation to Security and Privacy Obligations

Esposito,

Horne,

Robaldo

et al. 2023

Information

View full text Add to dashboard Cite

show abstract

A Systematic Review of Identity and Access Management Requirements in Enterprises and Potential Contributions of Self-Sovereign Identity

Glöckler,

Sedlmeir,

Frank

et al. 2023

Bus Inf Syst Eng

View full text Add to dashboard Cite

Digital identity and access management (IAM) poses significant challenges for companies. Cyberattacks and resulting data breaches frequently have their root cause in enterprises’ IAM systems. During the COVID-19 pandemic, issues with the remote authentication of employees working from home highlighted the need for better IAM solutions. Using a design science research approach, the paper reviews the requirements for IAM systems from an enterprise perspective and identifies the potential benefits of self-sovereign identity (SSI) – an emerging, passwordless paradigm in identity management that provides end users with cryptographic attestations stored in digital wallet apps. To do so, this paper first conducts a systematic literature review followed by an interview study and categorizes IAM system requirements according to security and compliance, operability, technology, and user aspects. In a second step, it presents an SSI-based prototype for IAM, whose suitability for addressing IAM challenges was assessed by twelve domain experts. The results suggest that the SSI-based authentication of employees can address requirements in each of the four IAM requirement categories. SSI can specifically improve manageability and usability aspects and help implement acknowledged best practices such as the principle of least privilege. Nonetheless, the findings also reveal that SSI is not a silver bullet for all of the challenges that today’s complex IAM systems face.

show abstract