Exploring the use of self-sovereign identity for event ticketing systems

[en] This position paper discusses the challenges of blockchain applications in businesses and the public sector related to an excessive degree of transparency. We first point out the types of sensitive data involved in different patterns of blockchain use cases. We then argue that the implications of blockchains’ information exposure caused by replicated transaction storage and execution go well beyond the often-mentioned conflicts with the GDPR’s “right to be forgotten” and may be more problematic than anticipated. In particular, we illustrate the trade-off between protecting sensitive information and increasing process efficiency through smart contracts. We also explore to which extent permissioned blockchains and novel applications of cryptographic technologies such as self-sovereign identities and zero-knowledge proofs can help overcome the transparency challenge and thus act as catalysts for blockchain adoption and diffusion in organizations.

Disciplines :

Gestion des systèmes d’information
Sciences informatiques

Auteur, co-auteur :

Feulner, Simon

SEDLMEIR, Johannes ; University of Luxembourg

Schlatt, Vincent

Urbach, Nils

Co-auteurs externes :

yes

Langue du document :

Anglais

Titre :

Exploring the use of self-sovereign identity for event ticketing systems

Date de publication/diffusion :

17 mars 2022

Titre du périodique :

Electronic Markets

ISSN :

1019-6781

eISSN :

1422-8890

Maison d'édition :

Springer, Heidelberg, Allemagne

Volume/Tome :

Pagination :

1759-1777

Peer reviewed :

Peer reviewed vérifié par ORBi

Focus Area :

Security, Reliability and Trust

Disponible sur ORBilu :

depuis le 12 janvier 2023

Statistiques

Nombre de vues

143 (dont 0 Unilu)

Nombre de téléchargements

58 (dont 0 Unilu)

Voir plus de statistiques

citations Scopus^®

citations Scopus^®
sans auto-citations

OpenCitations

citations OpenAlex

citations WoS^™

Bibliographie

Allen, C. (2016). The path to self-sovereign identity. http://www.lifewithalacrity.com/2016/04/the-path-to-self-soverereign-identity.html
Alpár, G., van den Broek, F., Hampiholi, B., Jacobs, B., Lueks, W., Ringers, S. (2017). IRMA: practical decentralized and privacy-friendly identity management using smartphones. https://www.semanticscholar.org/paper/IRMA-%3A-practical-%2C-decentralized-and-identity-using-Alp%C3%A1r-Broek/4bfefe33c5e143bb1cd4f3aca96539cb7289483b
Association of German Banks. (2021). Digital identities – steps on the path to an ID ecosystem. https://en.bankenverband.de/newsroom/comments/digital-identities-steps-path-id-ecosystem/#2
Avellaneda, O., Bachmann, A., Barbir, A., Brenan, J., Dingle, P., Duffy, K. H., et al. (2019). Decentralized identity: where did it come from and where is it going? IEEE Communications Standards Magazine, 3(4), 10–13. 10.1109/MCOMSTD.2019.9031542 DOI: 10.1109/MCOMSTD.2019.9031542
Aventus. (2020). Aventus white paper: the ultimate blockchain guide. https://www.aventus.io/wp-content/uploads/2020/03/The-Aventus-Whitepaper-2020-.pdf
Beck, R., Weber, S., & Gregory, R. W. (2013). Theory-generating design science research. Information Systems Frontiers, 15(4), 637–651. 10.1007/s10796-012-9342-4
Berg, A., Berg, C., Davidson, S.,; Potts, J. (2018). The institutional economics of identity. SSRN Electronic Journal. Advance online publication. https://doi.org/10.2139/ssrn.3072823
Birch, D. (2021). Digital identity should be a big business for banks. Forbes. https://www.forbes.com/sites/davidbirch/2021/09/16/digital-identity-should-be-a-big-business-for-banks/?sh=14bffa2b7c3f
Bonneau, J., Herley, C., van Oorschot, P. C., & Stajano, F. (2012, May 20–23). The quest to replace passwords: A framework for comparative evaluation of web authentication schemes. 2012 IEEE Symposium on Security and Privacy (pp. 553–567). IEEE. https://doi.org/10.1109/SP.2012.44
Camenisch, J., & Lysyanskaya, A. (2001). An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In G. Goos, J. Hartmanis, J. van Leeuwen, & B. Pfitzmann (Eds.), Lecture notes in computer science. Advances in cryptology — EUROCRYPT 2001 (Vol. 2045, pp. 93–118). Springer Berlin Heidelberg. https://doi.org/10.1007/3-540-44987-6_7
Cha, S.-C., Peng, W.-C., Hsu, T.-Y., Chang, C.-L., Li, S.-W. A blockchain-based privacy preserving ticketing service. IEEE 7th Global Conference 2018 (pp. 585–587). https://doi.org/10.1109/GCCE.2018.8574479 (Original work published 2019)
Charmaz, K. (2006). Constructing grounded theory: A practical guide through qualitative analysis. Sage Publications Ltd.
Chaumette, S., Dubernet, D., Ouoba, J., Siira, E., & Tuikka, T. (2012). Architecture and evaluation of a user-centric NFC-enabled ticketing system for small events. In J. Y. Zhang, J. Wilkiewicz, & A. Nahapetian (Eds.), Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering. Mobile Computing, Applications, and Services (Vol. 95, pp. 137–151). Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-642-32320-1_10
European Commission. (2019). eIDAS supported self-sovereign identity. https://ec.europa.eu/futurium/en/system/files/ged/eidas_supported_ssi_may_2019_0.pdf
European Commission. (2020). Proposal for a European digital identity (EUid) and revision of the eIDAS regulation. https://op.europa.eu/de/publication-detail/-/publication/35274ac3-cd1b-11ea-adf7-01aa75ed71a1
European Commission. (2022). Digital identity for all Europeans. https://ec.europa.eu/info/strategy/priorities-2019-2024/europe-fit-digital-age/european-digital-identity_en
Corbin, J. M., & Strauss, A. L. (2015). Basics of qualitative research: techniques and procedures for developing grounded theory (4. ed.). SAGE Publications.
Corsi, P., Lagorio, G., & Ribaudo, M. (2019). TickEth, a ticketing system built on Ethereum. In C.-C. Hung & G. A. Papadopoulos (Eds.), Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing - SAC '19 (pp. 409–416). ACM Press. https://doi.org/10.1145/3297280.3297323
Courty, P. (2019). Ticket resale, bots, and the fair price ticketing curse. Journal of Cultural Economics, 43(3), 345–363. 10.1007/s10824-019-09353-4 DOI: 10.1007/s10824-019-09353-4
Courty, P. (2017). Secondary ticket markets for sport events. http://web.uvic.ca/~pcourty/HSEPascal3.0.pdf
Der, U., Jähnichen, S; Sürmeli, J. (2017). Self-sovereign Identity − Opportunities and Challenges for the Digital Revolution. https://arxiv.org/abs/1712.01767
Drechsler, A., & Hevner, A. R. (2018). Utilizing, producing, and contributing design knowledge in DSR projects. In S. Chatterjee, K. Dutta, & R. P. Sundarraj (Eds.), Lecture Notes in Computer Science. Designing for a Digital and Globalized World (Vol. 10844, pp. 82–97). Springer International Publishing. https://doi.org/10.1007/978-3-319-91800-6_6
Dunphy, P., & Petitcolas, F. A. (2018). A first look at identity management schemes on the blockchain. IEEE Security & Privacy, 16(4), 20–29. 10.1109/MSP.2018.3111247 DOI: 10.1109/MSP.2018.3111247
Ehrlich, T., Richter, D., Meisel, M., & Anke, J. (2021). Self-Sovereign identity als Grundlage für universell einsetzbare digitale Identitäten. HMD Praxis Der Wirtschaftsinformatik, 58(2), 247–270. 10.1365/s40702-021-00711-5 DOI: 10.1365/s40702-021-00711-5
Ekberg, J.-E., & Tamrakar, S. (2012). Mass transit ticketing with NFC mobile phones. In D. Hutchison, T. Kanade, J. Kittler, J. M. Kleinberg, F. Mattern, J. C. Mitchell, M. Naor, O. Nierstrasz, C. Pandu Rangan, B. Steffen, M. Sudan, D. Terzopoulos, D. Tygar, M. Y. Vardi, G. Weikum, L. Chen, M. Yung, & L. Zhu (Eds.), Lecture Notes in Computer Science. Trusted Systems (Vol. 7222, pp. 48–65). Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-642-32298-3_4
Ferdous, M. S., Chowdhury, F., & Alassafi, M. O. (2019). In search of self-sovereign identity leveraging blockchain technology. IEEE Access, 7, 103059–103079. 10.1109/ACCESS.2019.2931173
GET. (2017). Guaranteed entrance token: smart event ticketing protocol. https://get-protocol.io/files/GET-Whitepaper-GUTS-Tickets-latest.pdf
Glaap, R., & Heilgenberg, M.-C. (2019). Digitales Ticketing. In L. Pöllmann & C. Herrmann (Eds.), Der digitale Kulturbetrieb (2018–5, pp. 127–159). Springer Fachmedien Wiesbaden. https://doi.org/10.1007/978-3-658-24030-1_7
Gregor, S., Kruse, L., & Seidel, S. (2020). Research perspectives: The anatomy of a design principle. Journal of the Association for Information Systems, 21, 1622–1652. 10.17705/1jais.00649
Gregor, S., & Hevner, A. R. (2013). Positioning and presenting design science research for maximum impact. MIS Quarterly, 37(2), 337–355. 10.25300/MISQ/2013/37.2.01
Gross, J., Sedlmeir, J., Babel, M., Bechtel, A., &; Schellinger, B. (2021). Designing a Central Bank digital currency with support for cash-like privacy. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.3891121
GUTS Tickets. (2018). FAQ — Can scalpers bypass the system by buying tickets on single use sim cards and selling these? https://blog.guts.tickets/faq-can-scalpers-bypass-the-system-by-buying-tickets-on-throw-away-simcards-and-selling-these-f24e9a27e2b7
Hardman, D. (2020). No paradox here: ZKPs deliver Savvy trust. https://www.evernym.com/blog/no-paradox-here-zkps-deliver-savvy-trust/
Hevner, A., March, S. T., Park, J., & Ram, S. (2004). Design science in information systems research. MIS Quarterly, 28(1), 75–105. 10.2307/25148625 DOI: 10.2307/25148625
Hevner, A., & Chatterjee, S. (2010). Design research in Information systems (Vol. 22). Springer US. https://doi.org/10.1007/978-1-4419-5653-8
Hoess, A., Roth, T., Sedlmeir, J., Fridgen, G., & Rieger, A. (2022). With or without Blockchain? Towards a decentralized, SSI-based eRoaming architecture. In T. Bui (Ed.), Proceedings of the Annual Hawaii International Conference on System Sciences, Proceedings of the 55th Hawaii International Conference on System Sciences. Hawaii International Conference on System Sciences. https://doi.org/10.24251/HICSS.2022.562
Hooking, M. (2019). The O2 and The SSE Arena, Wembley, launch fan-first ticketing approach with AXS. https://www.eventindustrynews.com/news/the-o2-and-the-sse-arena-wembley-launch-fan-first-ticketing-approach-with-axs
Imperva. (2019). How bots affect ticketing. https://www.imperva.com/resources/resource-library/reports/how-bots-affect-ticketing/
iTICKET. (2021). iTICKET front foot vaccine pass pre-verification for event ticketing. https://blog.iticket.co.nz/posts/iticket-front-foot-vaccine-pass-pre-verification-for-event-ticketing
Kuckartz, U. (2018). Qualitative Inhaltsanalyse. Methoden, Praxis, Computerunterstützung (4. Auflage). Grundlagentexte Methoden. Beltz Juventa. http://ebooks.ciando.com/book/index.cfm?bok_id/2513416
Laatikainen, G., Kolehmainen, T., & Abrahamsson, P. (2021). Self-sovereign identity ecosystems: benefits and challenges. 12th Scandinavian Conference on Information Systems. https://aisel.aisnet.org/scis2021/10
Lesavre, L. (2020). A taxonomic approach to understanding emerging blockchain identity management systems. https://doi.org/10.6028/NIST.CSWP.01142020 https://doi.org/10.6028/NIST.CSWP.01142020
Li, X., Niu, J., Gao, J., & Han, Y. (2019). Secure electronic ticketing system based on consortium blockchain. KSII Transactions on Internet and Information Systems, 13(10). https://doi.org/10.3837/tiis.2019.10.022
Liu, Y., Lu, Q., Paik, H.-Y., Xu, X., Chen, S., & Zhu, L [Liming] (2020). Design pattern as a service for blockchain-based self-sovereign identity. IEEE Software, 37(5), 30–36. https://doi.org/10.1109/MS.2020.2992783
Lyons, T., Courcelas, L., & Timsit, K. (2019). Blockchain and digital identity. https://www.eublockchainforum.eu/sites/default/files/report_identity_v0.9.4.pdf
Maler, E., & Reed, D. (2008). The venn of identity: options and issues in federated identity management. IEEE Security & Privacy, 6(2), 16–23. 10.1109/MSP.2008.50 DOI: 10.1109/MSP.2008.50
March, S. T., & Smith, G. F. (1995). Design and natural science research on information technology. Decision Support Systems, 15(4), 251–266. 10.1016/0167-9236(94)00041-2 DOI: 10.1016/0167-9236(94)00041-2
Markus, M. L., Majchrzak, A., & Gasser, L. (2002). A design theory for systems that support emergent knowledge processes. MIS Quarterly, 26(3), 179–212.
Morse, J. (1991). Qualitative nursing research: a contemporary dialogue. SAGE Publications, Inc. https://doi.org/10.4135/9781483349015
Mühle, A., Grüner, A., Gayvoronskaya, T., & Meinel, C. (2018). A survey on essential components of a self-sovereign identity. Computer Science Review, 30, 80–86. 10.1016/j.cosrev.2018.10.002
MutPuigserver, M., Payeras-Capellà, M. M., Ferrer-Gomila, J. L., Vives-Guasch, A., & Castellá-Roca, J. (2012). A survey of electronic ticketing applied to transport. Computers & Security, 31(8), 925–939. 10.1016/j.cose.2012.07.004
Nauta, J. C., & Joosten, R. (2019). Self-sovereign identity: A comparison of IRMA and Sovrin. https://www.researchgate.net/publication/334458009_Self-Sovereign_Identity_A_Comparison_of_IRMA_and_Sovrin
Nunamaker, J. F., & Chen, M. (1990, January 2). Systems development in Information systems research. Twenty-Third Annual Hawaii International Conference on System Sciences (pp. 631–640). IEEE Comput. Soc. Press. https://doi.org/10.1109/HICSS.1990.205401
NYT. (2019). Concert industry struggles with ‘bots’ that siphon off tickets. The New York Times. https://www.nytimes.com/2013/05/27/business/media/bots-that-siphon-off-tickets-frustrate-concert-promoters.html
Ostern, N. K., & Riedel, J. (2021). Know-your-customer (KYC) requirements for initial coin offerings. Business & Information Systems Engineering, 63(5), 551–567. 10.1007/s12599-020-00677-6 DOI: 10.1007/s12599-020-00677-6
Othman, A. A., & Callahan, J. (2018). The horcrux protocol: a method for decentralized biometric-based self-sovereign identity. International Joint Conference on Neural Networks (IJCNN), 2018, 1–7.
Payeras-Capellà, M. M., MutPuigserver, M., Castellá-Roca, J., & Bondia-Barceló, J. (2017). Design and performance evaluation of two approaches to obtain anonymity in transferable electronic ticketing schemes. Mobile Networks and Applications, 22(6), 1137–1156. 10.1007/s11036-016-0732-6 DOI: 10.1007/s11036-016-0732-6
Peffers, K., Tuunanen, T., Rothenberger, M. A., & Chatterjee, S. (2007). A design science research methodology for information systems research. Journal of Management Information Systems, 24(3), 45–77. 10.2753/MIS0742-1222240302 DOI: 10.2753/MIS0742-1222240302
Phillips, T. (2022). Google launches multipurpose digital wallet with support for digital IDs, tickets and payment cards. https://www.nfcw.com/2022/05/12/377096/google-launches-multipurpose-digital-wallet-with-support-for-digital-ids-tickets-and-payment-cards/
Preece, J.,; Easton, J. (2019). Blockchain technology as a mechanism for digital railway ticketing. https://doi.org/10.13140/RG.2.2.23692.67209
Preukschat, A., Reed, D. (2021). Self-sovereign identity: decentralized digital identity and verifiable credentials.
Regner, F., Urbach, N., &; Schweizer, A. (2019). NFTs in practice – Non-fungible tokens as core component of a blockchain-based event ticketing application. https://www.fim-rc.de/Paperbibliothek/Veroeffentlicht/1045/wi-1045.pdf
Rieger, A., Guggenmos, F., Lockl, J., Fridgen, G., & Urbach, N. (2019). Building a blockchain application that complies with the EU General Data Protection Regulation. MIS Quarterly Executive, 18(4), 263–279. 10.17705/2msqe.00020
Rieger, A., Roth, T., Sedlmeir, J., & Fridgen, G. (2021). The privacy challenge in the race for digital vaccination certificates. Med, 2(6), 633–634. 10.1016/j.medj.2021.04.018 DOI: 10.1016/j.medj.2021.04.018
Saldaña, J. (2009). The coding manual for qualitative researchers (First published 2009). Sage. http://gbv.eblib.com/patron/FullRecord.aspx?p=585421
Sartor, S., Sedlmeir, J., Rieger, A., & Roth, T. (2022). Love at first sight? A user experience study of self-sovereign identity Wallets. 30th European Conference on Information Systems, Timisoara, Romania.
Schellinger, B., Sedlmeir, J., Willburger, L., Strüker, J., & Urbach, N. (2022). Mythbusting Self-Sovereign Identity (SSI): Diskussionspapier zu selbstbestimmten digitalen Identitäten. https://www.fit.fraunhofer.de/content/dam/fit/de/documents/Whitepaper_Mythbusting_Self-Sovereign_Identity.pdf
Schlatt, V., Sedlmeir, J., Feulner, S., & Urbach, N. (2021). Designing a framework for digital KYC processes built on blockchain-based self-sovereign identity. Information & Management, 103553. 10.1016/j.im.2021.103553
Schneiderman, E. (2016). What’s blocking New Yorkers from getting tickets. https://ag.ny.gov/pdfs/Ticket_Sales_Report.pdf
Schultze, U., & Avital, M. (2011). Designing interviews to generate rich data for information systems research. Information and Organization, 21(1), 1–16. 10.1016/j.infoandorg.2010.11.001 DOI: 10.1016/j.infoandorg.2010.11.001
Sedlmeir, J., Smethurst, R., Rieger, A., & Fridgen, G. (2021). Digital identities and verifiable credentials. Business & Information Systems Engineering, 63(5), 603–613. 10.1007/s12599-021-00722-y DOI: 10.1007/s12599-021-00722-y
Sedlmeir, J., Lautenschlager, J., Fridgen, G., & Urbach, N. (2022). The transparency challenge of blockchain in organizations. Electronic Markets. 10.1007/s12525-022-00536-0 DOI: 10.1007/s12525-022-00536-0
Segrave, K. (2006). Ticket scalping: an American history, 1850–2005. McFarland & Company Inc. Publishers. http://gbv.eblib.com/patron/FullRecord.aspx?p=1784029
Smith, H. A., & McKeen, J. D. (2011). The identity management challenge. Communications of the Association for Information Systems, 28. 10.17705/1CAIS.02811
Soltani, R., & Nguyen, U. T. (2018). A new approach to client onboarding using self-sovereign identity and distributed ledger. 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData) (pp. 1129–1136). IEEE. 10.1109/Cybermatics_2018.2018.00205
Sonnenberg, C., & vom Brocke, J. (2012). Evaluations in the science of the artificial – Reconsidering the build-evaluate pattern in design science research. In D. Hutchison, T. Kanade, J. Kittler, F. Mattern, J. C. Mitchell, M. Naor, O. Nierstrasz, C. Pandu Rangan, B. Steffen, M. Sudan, D. Tygar, M. Y. Vardi, G. Weikum, K. Peffers, M. Rothenberger, & B. Kuechler (Eds.), Lecture Notes in Computer Science. Design Science Research in Information Systems. Advances in Theory and Practice (Vol. 7286, pp. 381–397). Springer Berlin Heidelberg. 10.1007/978-3-642-29863-9_28
Sporny, M., Longley, D., & Chadwick, D. (2021). Verifiable credentials data model 1.0: expressing verifiable information on the Web. https://w3c.github.io/vc-data-model/
Steiner, P. (1993, July 5). On the Internet, nobody knows you are a dog. The New Yorker, 1993.
Tackmann, B. (2017). Secure event tickets on a blockchain. In J. Garcia-Alfaro, G. Navarro-Arribas, H. Hartenstein, & J. Herrera-Joancomartí (Eds.), Data privacy management, cryptocurrencies and blockchain technology (pp. 437–444). Springer International Publishing.
The Australian Government the Treasury. (2017). Ticket reselling in Australia. https://consult.treasury.gov.au/small-business-and-consumer-division/ticket-reselling-in-australia/supporting_documents/cs2017t234743.pdf
U.S. GAO. (2018). Event ticket sales: market characteristics and consumer protection issues. https://www.gao.gov/assets/700/691247.pdf
Venable, J., Pries-Heje, J., & Baskerville, R. (2016). FEDS: A framework for evaluation in design science research. European Journal of Information Systems, 25(1), 77–89. 10.1057/ejis.2014.36 DOI: 10.1057/ejis.2014.36
Vives-Guasch, A., Payeras-Capellà, M. M., Mut Puigserver, M., Castellá-Roca, J., & Ferrer-Gomila, J. L. (2012). A secure E-ticketing scheme for mobile devices with near field communication (NFC) that includes exculpability and reusability. IEICE Transactions on Information and Systems, E95-D(1), 78–93. 10.1587/transinf.E95.D.78
Wagner, K., Nèmethi, B., Renieris, E., Lang, P., Brunet, E., & Holst, E. (2018). Self-sovereign identity: a position paper on blockchain enabled identity and the road ahead. https://www.bundesblock.de/wp-content/uploads/2019/01/ssi-paper.pdf
Walls, J. G., Widmeyer, G. R., & El Sawy, O. A. (1992). Building an information system design theory for vigilant EIS. Information Systems Research, 3(1), 36–59. 10.1287/isre.3.1.36 DOI: 10.1287/isre.3.1.36
Wang, F., & Filippi, P. de (2020). Self-sovereign identity in a globalized world: Credentials-based identity systems as a driver for economic inclusion. Frontiers in Blockchain, 2, Article 28. 10.3389/fbloc.2019.00028
Waterson, M. (2016). Independent review of consumer protection measures concerning online secondary ticketing facilities. https://bit.ly/2wLvnrB