Self-sovereign identity; Design principles; Distributed ledger; Innovation; Public key infrastructure; Certificate; Digital wallet; Verifiable credential; Multi-level perspective
Résumé :
[en] Society’s accelerating digital transformation during the COVID-19 pandemic highlighted clearly that the Internet lacks a secure, efficient, and privacy-oriented model for identity. Self-sovereign identity (SSI) aims to address core weaknesses of siloed and federated approaches to digital identity management from both users’ and service providers’ perspectives. SSI emerged as a niche concept in libertarian communities, and was initially strongly associated with blockchain technology. Later, when businesses and governments began to invest, it quickly evolved towards a mainstream concept. To investigate this evolution and its effects on SSI, we conduct design science research rooted in the theory of technological transition pathways. Our study identifies nine core design principles of SSI as deployed in relevant applications, and discusses associated competing political and socio-technical forces in this space. Our results shed light on SSI’s key characteristics, its development pathway, and tensions in the transition between regimes of digital identity management.
Centre de recherche :
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > FINATRAX - Digital Financial Services and Cross-organizational Digital Transformations
Disciplines :
Sociologie & sciences sociales Bibliothéconomie & sciences de l’information Gestion des systèmes d’information
Auteur, co-auteur :
Sedlmeir, Johannes; University of Bayreuth > FIM Research Center Bayreuth ; Fraunhofer FIT > Project Group Business & Information Systems Engineering
Huber, Jasmin; University of Bayreuth > The Faculty of Law, Business & Economics
BARBEREAU, Tom Josua ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > FINATRAX
WEIGL, Linda ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > FINATRAX
ROTH, Tamara ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > FINATRAX
Co-auteurs externes :
yes
Langue du document :
Anglais
Titre :
Transition Pathways towards Design Principles of Self-Sovereign Identity
Date de publication/diffusion :
octobre 2022
Nom de la manifestation :
Proceedings of the 43rd International Conference on Information Systems (ICIS)
Organisateur de la manifestation :
Association for Information Systems
Lieu de la manifestation :
Copenhagen, Danemark
Date de la manifestation :
from 09-12-2022 to 14-12-2022
Manifestation à portée :
International
Titre de l'ouvrage principal :
Proceedings of the 43rd International Conference on Information Systems (ICIS)
Peer reviewed :
Peer reviewed
Focus Area :
Security, Reliability and Trust
Projet FnR :
FNR13342933 - Paypal-fnr Pearl Chair In Digital Financial Services, 2019 (01/01/2020-31/12/2024) - Gilbert Fridgen
Abdullah, A., Breeijen, S. d., Cooper, K., Corning, M., Coutts, O., Cranston, R., Dahl, H., Hardman, D., Hickman, N., and Neubauer, N. (2019). On Guardianship in Self-Sovereign Identity.
Abraham, A. (2017). Whitepaper About the Concept of Self-Sovereign Identity Including its Potential.
Adams, C. and Lloyd, S. (2003). Understanding PKI: Concepts, Standards, and Deployment Considerations, Addison-Wesley Professional.
Allen, C. (2016). The Path to Self-Sovereign Identity.
Alpár, G. and Jacobs, B. (2013). “Towards Practical Attribute-Based Identity Management: The IRMA Trajectory,” in IFIP Working Conference on Policies and Research in Identity Management, Springer.
Alsayed Kassem, J., Sayeed, S., Marco-Gisbert, H., Pervez, Z., and Dahal, K. (2019). “DNS-IdM: A Blockchain Identity Management System to Secure Personal Data Sharing in a Network,” Applied Sciences (9:15).
Backes, M., Camenisch, J., and Sommer, D. (2005). “Anonymous yet Accountable Access Control,” in Proceedings of the ACM Workshop on Privacy in the Electronic Society, pp. 40-46.
Benchaya Gans, R., Ubacht, J., and Janssen, M. (2022). “Governance and Societal Impact of Blockchain-Based Self-Sovereign Identities,” Policy and Society (41:3), pp. 402-413.
Bonneau, J., Herley, C., Van Oorschot, P. C., and Stajano, F. (2012). “The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes,” in Symposium on Security and Privacy, IEEE, pp. 553-567.
Callon, M. (1986). “The Sociology of an Actor-Network: The Case of the Electric Vehicle,” in Mapping the Dynamics of Science and Technology, M. Callon, J. Law, and A. Rip (eds.). Palgrave, pp. 19-34.
Camenisch, J. and Lysyanskaya, A. (2001). “An Efficient System for Non-Transferable Anonymous Credentials with Optional Anonymity Revocation,” in International Conference on the Theory and Applications of Cryptographic Techniques, Springer, pp. 93-118.
Cameron, K. (2005). The Laws of Identity. Microsoft.
Cavoukian, A. (2009). Privacy by Design... Take the Challenge, Information and Privacy Commissioner.
Chadwick, D., Otenko, A., and Ball, E. (2003). “Role-Based Access Control with X.509 Attribute Certificates,” IEEE Internet Computing (7:2), pp. 62-69.
Chaum, D. (1985). “Security without Identification: Transaction Systems to Make Big Brother Obsolete,” Communications of the ACM (28:10), pp. 1030-1044.
Clauß, S. and Köhntopp, M. (2001). “Identity Management and its Support of Multilateral Security,” Computer Networks (37:2), pp. 205-219.
Collingridge, D. (1980). The Social Control of Technology, Open University Press.
Čučko, Š. and Turkanović, M. (2021). “Decentralized and Self-Sovereign Identity: Systematic Mapping Study,” IEEE Access (9), pp. 139009-139027.
Delignat-Lavaud, A., Fournet, C., Kohlweiss, M., and Parno, B. (2016). “Cinderella: Turning Shabby X.509 Certificates into Elegant Anonymous Credentials with the Magic of Verifiable Computation,” in Symposium on Security and Privacy, IEEE, pp. 235-254.
Dijck, J. van and Jacobs, B. (2020). “Electronic Identity Services as Sociotechnical and Political-Economic Constructs,” New Media & Society (22:5), pp. 896-914.
El Maliki, T. and Seigneur, J.-M. (2007). “A Survey of User-Centric Identity Management Technologies,” in International Conference on Emerging Security Information, Systems, and Technologies, IEEE, pp. 12-17.
Ferdous, M. S., Chowdhury, F., and Alassafi, M. O. (2019). “In Search of Self-Sovereign Identity Leveraging Blockchain Technology,” IEEE Access (7), pp. 103059-103079.
Feulner, S., Sedlmeir, J., Schlatt, V., and Urbach, N. (2022). “Exploring the Use of Self-Sovereign Identity for Event Ticketing Systems,” Electronic Markets.
Fink, A. (2005). Conducting Research Literature Reviews: From the Internet to Paper, SAGE.
Geels, F. W. (2002). “Technological Transitions as Evolutionary Reconfiguration Processes: A Multi-Level Perspective and a Case-Study,” Research Policy (31:8-9), pp. 1257-1274.
Geels, F. W. (2004). “From Sectoral Systems of Innovation to Socio-Technical Systems,” Research Policy (33:6-7), pp. 897-920.
Geels, F. W. and Schot, J. (2007). “Typology of Sociotechnical Transition Pathways,” Research Policy (36:3), pp. 399-417.
Goodell, G. and Aste, T. (2019). “A Decentralized Digital Identity Architecture,” Frontiers in Blockchain (2).
Gregor, S. and Hevner, A. R. (2013). “Positioning and Presenting Design Science Research for Maximum Impact,” MIS Quarterly (37:2), pp. 337-355.
Grüner, A., Mühle, A., Gayvoronskaya, T., and Meinel, C. (2019). “A Comparative Analysis of Trust Requirements in Decentralized Identity Management,” in International Conference on Advanced Information Networking and Applications, Springer, pp. 200-213.
Hardman, D. (2019). What If Someone Steals My Phone? Available at: https://sovrin.org/wp-content/uploads/2019/03/What-if-someone-steals-my-phone-110319.pdf [Accessed: September 5, 2022].
Hevner, A. R., March, S. T., Park, J., and Ram, S. (2004). “Design Science in Information Systems Research,” MIS Quarterly (28:1), pp. 75-105.
Hughes, T. P. (1983). Networks of Power: Electrification in Western Society, 1880-1930, John Hopkins University Press.
Jørgensen, K. P. and Beck, R. (2022). “Universal Wallets,” Business & Information Systems Engineering (64), pp. 115-125.
Jøsang, A. (2014). “Identity Management and Trusted Interaction in Internet and Mobile Computing,” IET Information Security (8:2), pp. 67-79.
Koens, T. and Meijer, S. (2018). Matching Identity Management Solutions to Self-Sovereign Identity Principles.
Kubach, M., Schunck, C. H., Sellung, R., and Roßnagel, H. (2020). “Self-Sovereign and Decentralized Identity as the Future of Identity Management?,” in Open Identity Summit 2020, Gesellschaft für Informatik eV, pp. 35-47.
Kuechler, W. and Vaishnavi, V. (2012). “A Framework for Theory Development in Design Science Research: Multiple Perspectives,” Journal of the Association for Information Systems (13:6), pp. 395-423.
Kuperberg, M. (2019). “Blockchain-Based Identity Management: A Survey From the Enterprise and Ecosystem Perspective,” IEEE Transactions on Engineering Management (63:4), pp. 1008-1027.
Kuperberg, M., Kemper, S., and Durak, C. (2019). “Blockchain Usage for Government-Issued Electronic IDs: A Survey,” in International Conference on Advanced Information Systems Engineering, Springer, pp. 155-167.
Lacity, M. and Carmel, E. (2022). Implementing Self-Sovereign Identity (SSI) for a Digital Staff Passport at UK NHS.
Lacity, M. C. (2022). “Blockchain: From Bitcoin to the Internet of Value and Beyond,” Journal of Information Technology.
Madsen, P., Koga, Y., and Takahashi, K. (2005). “Federated Identity Management for Protecting Users from ID Theft,” in Proceedings of the 2005 Workshop on Digital Identity Management, pp. 77-83.
Maler, E. and Reed, D. (2008). “The Venn of Identity: Options and Issues in Federated Identity Management,” IEEE Security & Privacy (6:2), pp. 16-23.
McKay, J. and Marshall, P. (2005). “A Review of Design Science in Information Systems,” in Proceedings of the 16th Australasian Conference on Information Systems, AIS.
Miles, M. B., Huberman, A. M., and Saldaña, J. (2018). Qualitative Data Analysis: A Methods Sourcebook, 4th ed. SAGE.
Moe, K. S. and Thwe, M. (2019). “Investigation of Blockchain Based Identity System for Privacy Preserving University Identity Management System,” International Journal of Trend in Scientific Research and Development (3:6), pp. 336-341.
Mühle, A., Grüner, A., Gayvoronskaya, T., and Meinel, C. (2018). “A Survey on Essential Components of a Self-Sovereign identity,” Computer Science Review (30), pp. 80-86.
Myers, M. D. and Newman, M. (2007). “The Qualitative Interview in IS Research: Examining the Craft,” Information and Organization (17:1), pp. 2-26.
Narayanan, A. (2013). “What Happened to the Crypto Dream?, Part 1,” IEEE Security & Privacy (11:2), pp. 75-76.
Niehaves, B. (2007). “On Epistemological Diversity in Design Science: New Vistas for a Design-Oriented IS Research?,” in Proceedings of the 28th International Conference on Information Systems, AIS.
OECD (2011). Digital Identity Management: Enabling Innovation and Trust in the Internet Economy.
Peffers, K., Tuunanen, T., and Niehaves, B. (2018). “Design Science Research Genres: Introduction to the Special Issue on Exemplars and Criteria for Applicable Design Science Research,” European Journal of Information Systems (27:2), pp. 129-139.
Peffers, K., Tuunanen, T., Rothenberger, M. A., and Chatterjee, S. (2007). “A Design Science Research Methodology for Information Systems Research,” Journal of Management Information Systems (24:3), pp. 45-77.
Preukschat, A. and Reed, D. (2021). Decentralized Digital Identity and Verifiable Credentials: Self-Sovereign Identity, Manning.
Rannenberg, K., Camenisch, J., and Sabouri, A. (2015). “Attribute-Based Credentials for Trust,” Identity in the Information Society, Springer.
Rieger, A., Roth, T., Sedlmeir, J., and Fridgen, G. (2021). “The Privacy Challenge in the Race for Digital Vaccination Certificates,” Med (2:6), pp. 633-634.
Rivest, R. L., Shamir, A., and Adleman, L. (1978). “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems,” Communications of the ACM (21:2), pp. 120-126.
Rosenberg, M., White, J., Garman, C., and Miers, I. (2022). zk-creds: Flexible Anonymous Credentials from zkSNARKs and Existing Identity Infrastructure.
Sartor, S., Sedlmeir, J., Rieger, A., and Roth, T. (2022). “Love at First Sight? A User Experience Study of Self-Sovereign Identity Wallets,” in Proceedings of the 30th European Conference on Information Systems, AIS.
Schellinger, B., Sedlmeir, J., Willburger, L., Strüker, J., and Urbach, N. (2022). Mythbusting Self-Sovereign Identity (SSI): Discussion Paper on User-Centric Identities.
Schlatt, V., Sedlmeir, J., Feulner, S., and Urbach, N. (2021). “Designing a Framework for Digital KYC Processes Built on Blockchain-Based Self-Sovereign Identity,” Information & Management, p. 103553.
Schwalm, S., Albrecht, D., and Alamillo, I. (2022). “eIDAS 2.0: Challenges, Perspectives and Proposals to Avoid Contradictions between eIDAS 2.0 and SSI,” in Open Identity Summit 2022, Gesellschaft für Informatik eV, pp. 63-74.
Sedlmeir, J., Lautenschlager, J., Fridgen, G., and Urbach, N. (2022). “The Transparency Challenge of Blockchain in Organizations,” Electronic Markets.
Sedlmeir, J., Smethurst, R., Rieger, A., and Fridgen, G. (2021). “Digital Identities and Verifiable Credentials,” Business & Information Systems Engineering (63:5), pp. 603-613.
Seltsikas, P. and O'Keefe, R. M. (2010). “Expectations and Outcomes in Electronic Identity Management: The Role of Trust and Public Value,” European Journal of Information Systems (19:1), pp. 93-103.
Smith, H. A. and McKeen, J. D. (2011). “The Identity Management Challenge,” Communications of the Association for Information Systems (28:1), pp. 169-180.
Soltani, R., Nguyen, U. T., and An, A. (2018). “A New Approach to Client Onboarding Using Self-Sovereign Identity and Distributed Ledger,” in IEEE International Conference on Internet of Things and IEEE Green Computing and Communications and IEEE Cyber, Physical and Social Computing and IEEE Smart Data, IEEE, pp. 1129-1136.
Soltani, R., Nguyen, U. T., and An, A. (2021). “A Survey of Self-Sovereign Identity Ecosystem,” Security and Communication Networks.
Sonnenberg, C. and vom Brocke, J. (2012). “Evaluations in the Science of the Artificial - Reconsidering the Build-Evaluate Pattern in Design Science Research,” in International Conference on Design Science Research in Information Systems, Springer, pp. 381-397.
Sovrin Foundation (2021). Principles of SSI V2.
Stokkink, Q. and Pouwelse, J. (2018). “Deployment of a Blockchain-Based Self-Sovereign Identity,” in International Conference on Internet of Things and Green Computing and Communications and Cyber, Physical and Social Computing and Smart Data, IEEE, pp. 1336-1342.
Tobin, A. (2017). Sovrin: What Goes on the Ledger?
Tobin, A. and Reed, D. (2016). The Inevitable Rise of Self-Sovereign Identity. The Sovrin Foundation.
Toth, K. C. and Anderson-Priddy, A. (2019). “Self-Sovereign Digital Identity: A Paradigm Shift for Identity,” IEEE Security & Privacy (17:3), pp. 17-27.
Trust over IP Foundation (2021). Principles of SSI.
van Bokkem, D., Hageman, R., Koning, G., Nguyen, L., and Zarin, N. (2019). Self-Sovereign Identity Solutions: The Necessity of Blockchain Technology.
vom Brocke, J., Winter, R., Hevner, A., and Maedche, A. (2020). “Special Issue Editorial - Accumulation and Evolution of Design Knowledge in Design Science Research: A Journey through Time and Space,” Journal of the Association for Information Systems (21:3), pp. 520-544.
Webster, J. and Watson, R. T. (2002). “Analyzing the Past to Prepare for the Future: Writing a Literature Review,” MIS Quarterly (26:2), pp. 13-26.
Weigl, L., Barbereau, T. J., Rieger, A., and Fridgen, G. (2022). “The Social Construction of Self-Sovereign Identity: An Extended Model of Interpretive Flexibility,” in Proceedings of the 55th Hawaii International Conference on System Sciences, pp. 2543-2552.
Whitley, E. A. (2009). “Informational Privacy, Consent and the “Control” of Personal Data,” Information Security Technical Report (14:3), pp. 154-159.
Whitley, E. A., Gal, U., and Kjaergaard, A. (2014). “Who Do You Think You Are? A Review of the Complex Interplay between Information Systems, Identification and Identity,” European Journal of Information Systems (23:1), pp. 17-35.
Windley, P. J. (2019). “Multisource Digital Identity,” IEEE Internet Computing (23:5), pp. 8-17.
Yan, Z., Gan, G., and Riad, K. (2017). “BC-PDS: Protecting Privacy and Self-Sovereignty through BlockChains for OpenPDS,” in Symposium on Service-Oriented System Engineering, IEEE, pp. 138-144.
Zimmermann, P. R. (1995). The Official PGP User's Guide, MIT Press.
Zuboff, S. (2015). “Big Other: Surveillance Capitalism and the Prospects of an Information Civilization,” Journal of Information Technology (30:1), pp. 75-89.
