Abstract
Despite extensive efforts, smaller companies and organisations often fail to be GDPR compliant. GDPR demands that the data subject’s information is available to the data subject in a simple and structured way. One option to provide the data with additional benefits is issuing verifiable credentials (VCs) following the W3C standard and, thus, introducing the data provider as an issuer into a Self-Sovereign Identity (SSI) system. We show that this can be achieved with limited overhead by introducing a middleware component, which is only loosely coupled with the existing ecosystem. To enhance user acceptance, we define our design goals as usability, security, and privacy, which we manage to achieve partially. During our work, we identified several challenges, such as revocation, verifiability of verifiers, and legal regulations, which provide options for future research in developing Self-Sovereign Identity solutions towards real-world applicability.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
OpenIDConnect is a widely used extension of the oAuth 2.0 protocol.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
References
Bolgouras, V., Angelogianni, A., Politis, I., Xenakis, C.: Trusted and secure self-sovereign identity framework. In: Proceedings of the 17th International Conference on Availability, Reliability and Security, pp. 1–6 (2022)
Brown, P.W.: Digital signatures: can they be accepted as legal signatures in EDI? In: Proceedings of the 1st ACM Conference on Computer and Communications Security, pp. 86–92 (1993)
Chotkan, R., Decouchant, J., Pouwelse, J.: Distributed attestation revocation in self-sovereign identity. In: 2022 IEEE 47th Conference on Local Computer Networks (LCN), pp. 414–421. IEEE (2022)
Emura, K., Takayasu, A., Watanabe, Y.: Generic constructions of revocable hierarchical identity-based encryption. Cryptology ePrint Archive (2021)
EU: Regulation (EU) 2016/679 of the European parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/EC (general data protection regulation). Technical report, European Union (2016)
Garlan, D.: Software architecture: a roadmap. In: Proceedings of the Conference on the Future of Software Engineering, pp. 91–101 (2000)
GDPR.EU: 2019 GDPR small business survey. Technical report, Proton AG (2019). https://gdpr.eu/wp-content/uploads/2019/05/2019-GDPR.EU-Small-Business-Survey.pdf
Ge, A., Wei, P.: Identity-based broadcast encryption with efficient revocation. In: Lin, D., Sako, K. (eds.) PKC 2019. LNCS, vol. 11442, pp. 405–435. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17253-4_14
Grüner, A., Mühle, A., Meinel, C.: An integration architecture to enable service providers for self-sovereign identity. In: 2019 IEEE 18th International Symposium on Network Computing and Applications (NCA), pp. 1–5. IEEE (2019)
Jamshidi, P., Pahl, C., Mendonça, N.C., Lewis, J., Tilkov, S.: Microservices: the journey so far and challenges ahead. IEEE Softw. 35(3), 24–35 (2018)
Kuperberg, M., Klemens, R.: Integration of self-sovereign identity into conventional software using established IAM protocols: a survey. Open Identity Summit 2022 (2022)
Martinez Jurado, V., Vila, X., Kubach, M., Henderson Johnson Jeyakumar, I., Solana, A., Marangoni, M.: Applying assurance levels when issuing and verifying credentials using trust frameworks. Open Identity Summit 2021 (2021)
Mühle, A., Grüner, A., Gayvoronskaya, T., Meinel, C.: A survey on essential components of a self-sovereign identity. Comput. Sci. Rev. 30, 80–86 (2018)
Mühle, A., Hoops, F., Assaf, K., Meinel, C.: Manuscript: universal statuslist: making a case for more middleware in self-sovereign identity (2023)
Pattiyanon, C., Aoki, T.: Compliance SSI system property set to laws, regulations, and technical standards. IEEE Access 10, 99370–99393 (2022)
Polat, H., Du, W.: SVD-based collaborative filtering with privacy. In: Proceedings of the 2005 ACM Symposium on Applied Computing, pp. 791–795 (2005)
Sartor, S., Sedlmeir, J., Rieger, A., Roth, T.: Love at first sight? A user experience study of self-sovereign identity wallets. In: ECIS 2022 Proceedings (2022)
Schardong, F., Custódio, R.: Self-sovereign identity: a systematic review, mapping and taxonomy. Sensors 22(15), 5641 (2022)
Schmidt, K., Mühle, A., Grüner, A., Meinel, C.: Clear the fog: towards a taxonomy of self-sovereign identity ecosystem members. In: 2021 18th International Conference on Privacy, Security and Trust (PST), pp. 1–7. IEEE (2021)
Venters, C., et al.: The blind men and the elephant: Towards an empirical evaluation framework for software sustainability. J. Open Res. Softw. 2(1) (2014)
Venters, C.C., et al.: Software sustainability: research and practice from a software architecture viewpoint. J. Syst. Softw. 138, 174–188 (2018)
Yu, T., Xie, H., Liu, S., Ma, X., Jia, X., Zhang, L.: CertRevoke: a certificate revocation framework for named data networking. In: Proceedings of the 9th ACM Conference on Information-Centric Networking, pp. 80–90 (2022)
Acknowledgements
This work has been funded through the Federal Ministry for Education and Research (BMBF) under grant M534800. We want to thank our partners at the TU Munich and the German Academic Exchange Service (DAAD) for the discussions on the topic.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Assaf, K., Mühle, A., Köhler, D., Meinel, C. (2023). Prison Break: From Proprietary Data Sources to SSI Verifiable Credentials. In: Barolli, L. (eds) Advanced Information Networking and Applications. AINA 2023. Lecture Notes in Networks and Systems, vol 654. Springer, Cham. https://doi.org/10.1007/978-3-031-28451-9_31
Download citation
DOI: https://doi.org/10.1007/978-3-031-28451-9_31
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-28450-2
Online ISBN: 978-3-031-28451-9
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)