From Self-Sovereign Identity to Fiduciary Identity: A Journey Towards Greater User Privacy and Usability
Pages 687 - 694
Abstract
In an era defined by the evolving Identity and Access Management (IAM) landscape, this paper shines a spotlight on the critical aspect of usability limitations inherent in the Self-Sovereign Identity (SSI) paradigm. While SSI holds the promise of returning control and privacy to individuals, it presents challenges in terms of user experience for the layman, particularly concerning the management of cryptographic keys, credentials, and the evaluation of service provider requests for private information. To tackle these inherent limitations of SSI, this paper introduces a new digital identity model named Fiduciary Identity. It is constructed over the fiduciary relationship, a poorly explored topic in IAM. The fiduciary acts on behalf of the user, simplifying interactions and enhancing usability, bridging the gap between the potential advantages of SSI and the practicality of everyday digital life. The innovative concept of the fiduciary identity acts as a bridge toward achieving a user-centric, secure, and privacy-preserving IAM ecosystem.
References
[1]
Christopher Allen. 2016. The path to self-sovereign identity. Available online: http://www.lifewithalacrity.com/2016/04/the-path-to-self-soverereign-identity.html (accessed on 04 June 2023).
[2]
Chirag Arora. 2019. Digital health fiduciaries: protecting user privacy when sharing health data. Ethics and Information Technology 21, 3 (2019), 181--196.
[3]
Jack M Balkin. 2015. Information fiduciaries and the first amendment. U.C. Davis Law Review 49 (2015), 1183.
[4]
Jan Camenisch and Anna Lysyanskaya. 2002. Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials. In Advances in Cryptology --- CRYPTO 2002, Moti Yung (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 61--76.
[5]
Deborah A DeMott. 1988. Beyond metaphor: An analysis of fiduciary obligation. Duke Law Journal (1988), 879.
[6]
Dick Hardt. 2012. The OAuth 2.0 Authorization Framework.
[7]
John Hughes and Eve Maler. 2005. Security Assertion Markup Language (SAML) V2.0 Technical Overview. Available online: https://www.oasis-open.org/committees/download.php/14361/sstc-saml-tech-overview-2.0-draft-08.pdf (accessed on 04 June 2023).
[8]
M Asif Khawaja, Fang Chen, and Nadine Marcus. 2014. Measuring cognitive load using linguistic features: implications for usability evaluation and adaptive interaction design. International Journal of Human-Computer Interaction 30, 5 (2014), 343--368.
[9]
Michael Kuperberg. 2019. Blockchain-Based Identity Management: A Survey From the Enterprise and Ecosystem Perspective. IEEE Transactions on Engineering Management 67, 4 (2019), 1--20.
[10]
Jeonghyuk Lee, Jaekyung Choi, Hyunok Oh, and Jihye Kim. 2021. Privacy-preserving Identity Management System. Cryptology ePrint Archive, Report 2021/1459 (2021).
[11]
Jeonghyuk Lee, Jungyeon Hwang, Jaekyung Choi, Hyunok Oh, and Jihye Kim. 2019. SIMS: Self-Sovereign Identity Management System with Preserving Privacy in Blockchain. IACR Cryptology ePrint Archive 2019/1241 (2019).
[12]
Alexander Mühle, Andreas Grüner, Tatiana Gayvoronskaya, and Christoph Meinel. 2018. A survey on essential components of a self-sovereign identity. Computer Science Review 30 (11 2018), 80--86.
[13]
David Recordon and Drummond Reed. 2006. OpenID 2.0: a platform for user-centric identity management. In Proceedings of the second ACM workshop on Digital identity management. ACM, Alexandria, USA, 11--16.
[14]
Leonard I Rotman. 2011. Fiduciary Law's Holy Grail: Reconciling Theory and Practice in Fiduciary Jurisprudence. Boston University Law Review 91 (2011), 921.
[15]
Karen Scarfone and Murugiah Souppaya. 2009. Guide to Enterprise Password Management. Available online: https://csrc.nist.gov/publications/detail/sp/800-118/archive/2009-04-21 (accessed on 04 June 2023).
[16]
Martin Schanzenbach., Thomas Kilian., Julian Schütte., and Christian Banse. 2019. ZKlaims: Privacy-preserving Attribute-based Credentials using Non-interactive Zero-knowledge Techniques. In Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - SECRYPT,. INSTICC, SciTePress, Prague, Czech Republic, 325--332.
[17]
Frederico Schardong and Ricardo Custódio. 2022. Self-Sovereign Identity: A Systematic Review, Mapping and Taxonomy. Sensors 22, 15 (2022), 5641.
[18]
C. P. Schnorr. 1990. Efficient Identification and Signatures for Smart Cards. In Advances in Cryptology --- CRYPTO' 89 Proceedings, Gilles Brassard (Ed.). Springer New York, New York, NY, 239--252.
[19]
J. C. Shepherdson and H. E. Sturgis. 1963. Computability of Recursive Functions. J. ACM 10, 2 (April 1963), 217--255.
[20]
Manu Sporny, Dave Longley, and David Chadwick. 2017. Verifiable Credentials Data Model 1.0. Available online: https://www.w3.org/TR/vc-data-model/ (accessed on 04 June 2023).
[21]
Shuhaili Talib, Nathan L Clarke, and Steven M Furnell. 2010. An Analysis of Information Security Awareness within Home and Work Environments. In 2010 International Conference on Availability, Reliability and Security. IEEE, IEEE, Krakow, Poland, 196--203.
[22]
Débora Pandolfi Álves. 2007. Equivalência de Máquinas Universais: Demonstração, Análise e Simulação.
Index Terms
- From Self-Sovereign Identity to Fiduciary Identity: A Journey Towards Greater User Privacy and Usability
Recommendations
Privacy-Preserving eID Derivation for Self-Sovereign Identity Systems
Information and Communications SecurityAbstractAs centralized identity management solutions amass identity data, they increasingly become attractive targets for cyber attacks, which entail consequences for users that range from service disruptions to exposure of sensitive user data. Self-...
Privacy-enhanced distributed revocable identity management scheme based self-sovereign identity
AbstractIn recent years, the rapid proliferation of digital services and resources on Industrial Internet has imposed higher demands on universality and privacy of identity management. Particularly with the advent of the digital economy, prudent users are ...
Privacy in Digital Identity Systems: Models, Assessment, and User Adoption
Electronic GovernmentAbstractThe use of privacy protection measures is of particular importance for existing and upcoming users’ digital identities. Thus, the recently adopted EU Regulation on Electronic identification and trust services (eIDAS) explicitly allows the use of ...
Comments
Information & Contributors
Information
Published In
April 2024
1898 pages
Copyright © 2024 Copyright is held by the owner/author(s). Publication rights licensed to ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 21 May 2024
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
SAC '24
Sponsor:
Acceptance Rates
Overall Acceptance Rate 1,650 of 6,669 submissions, 25%
Upcoming Conference
SAC '25
- Sponsor:
- sigapp
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 58Total Downloads
- Downloads (Last 12 months)58
- Downloads (Last 6 weeks)14
Reflects downloads up to 08 Mar 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in