Skip to main content
SpringerLink
Log in

Prison Break: From Proprietary Data Sources to SSI Verifiable Credentials

  • Conference paper
  • First Online:
Advanced Information Networking and Applications (AINA 2023)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 654))

  • 545 Accesses

Abstract

Despite extensive efforts, smaller companies and organisations often fail to be GDPR compliant. GDPR demands that the data subject’s information is available to the data subject in a simple and structured way. One option to provide the data with additional benefits is issuing verifiable credentials (VCs) following the W3C standard and, thus, introducing the data provider as an issuer into a Self-Sovereign Identity (SSI) system. We show that this can be achieved with limited overhead by introducing a middleware component, which is only loosely coupled with the existing ecosystem. To enhance user acceptance, we define our design goals as usability, security, and privacy, which we manage to achieve partially. During our work, we identified several challenges, such as revocation, verifiability of verifiers, and legal regulations, which provide options for future research in developing Self-Sovereign Identity solutions towards real-world applicability.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 229.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 299.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.w3.org/TR/vc-data-model/.

  2. 2.

    OpenIDConnect is a widely used extension of the oAuth 2.0 protocol.

  3. 3.

    open.hpi.de.

  4. 4.

    w3c-ccg.github.io/vc-api/.

  5. 5.

    keycloak.org.

  6. 6.

    https://w3id.org/wallet.

  7. 7.

    https://github.com/digitalcredentials/learner-credential-wallet.

  8. 8.

    https://www.json.org/.

  9. 9.

    https://json-ld.org/.

  10. 10.

    https://w3c-ccg.github.io/vc-json-schemas/.

References

  1. Bolgouras, V., Angelogianni, A., Politis, I., Xenakis, C.: Trusted and secure self-sovereign identity framework. In: Proceedings of the 17th International Conference on Availability, Reliability and Security, pp. 1–6 (2022)

    Google Scholar 

  2. Brown, P.W.: Digital signatures: can they be accepted as legal signatures in EDI? In: Proceedings of the 1st ACM Conference on Computer and Communications Security, pp. 86–92 (1993)

    Google Scholar 

  3. Chotkan, R., Decouchant, J., Pouwelse, J.: Distributed attestation revocation in self-sovereign identity. In: 2022 IEEE 47th Conference on Local Computer Networks (LCN), pp. 414–421. IEEE (2022)

    Google Scholar 

  4. Emura, K., Takayasu, A., Watanabe, Y.: Generic constructions of revocable hierarchical identity-based encryption. Cryptology ePrint Archive (2021)

    Google Scholar 

  5. EU: Regulation (EU) 2016/679 of the European parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/EC (general data protection regulation). Technical report, European Union (2016)

    Google Scholar 

  6. Garlan, D.: Software architecture: a roadmap. In: Proceedings of the Conference on the Future of Software Engineering, pp. 91–101 (2000)

    Google Scholar 

  7. GDPR.EU: 2019 GDPR small business survey. Technical report, Proton AG (2019). https://gdpr.eu/wp-content/uploads/2019/05/2019-GDPR.EU-Small-Business-Survey.pdf

  8. Ge, A., Wei, P.: Identity-based broadcast encryption with efficient revocation. In: Lin, D., Sako, K. (eds.) PKC 2019. LNCS, vol. 11442, pp. 405–435. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17253-4_14

    Chapter  Google Scholar 

  9. Grüner, A., Mühle, A., Meinel, C.: An integration architecture to enable service providers for self-sovereign identity. In: 2019 IEEE 18th International Symposium on Network Computing and Applications (NCA), pp. 1–5. IEEE (2019)

    Google Scholar 

  10. Jamshidi, P., Pahl, C., Mendonça, N.C., Lewis, J., Tilkov, S.: Microservices: the journey so far and challenges ahead. IEEE Softw. 35(3), 24–35 (2018)

    Article  Google Scholar 

  11. Kuperberg, M., Klemens, R.: Integration of self-sovereign identity into conventional software using established IAM protocols: a survey. Open Identity Summit 2022 (2022)

    Google Scholar 

  12. Martinez Jurado, V., Vila, X., Kubach, M., Henderson Johnson Jeyakumar, I., Solana, A., Marangoni, M.: Applying assurance levels when issuing and verifying credentials using trust frameworks. Open Identity Summit 2021 (2021)

    Google Scholar 

  13. Mühle, A., Grüner, A., Gayvoronskaya, T., Meinel, C.: A survey on essential components of a self-sovereign identity. Comput. Sci. Rev. 30, 80–86 (2018)

    Article  Google Scholar 

  14. Mühle, A., Hoops, F., Assaf, K., Meinel, C.: Manuscript: universal statuslist: making a case for more middleware in self-sovereign identity (2023)

    Google Scholar 

  15. Pattiyanon, C., Aoki, T.: Compliance SSI system property set to laws, regulations, and technical standards. IEEE Access 10, 99370–99393 (2022)

    Article  Google Scholar 

  16. Polat, H., Du, W.: SVD-based collaborative filtering with privacy. In: Proceedings of the 2005 ACM Symposium on Applied Computing, pp. 791–795 (2005)

    Google Scholar 

  17. Sartor, S., Sedlmeir, J., Rieger, A., Roth, T.: Love at first sight? A user experience study of self-sovereign identity wallets. In: ECIS 2022 Proceedings (2022)

    Google Scholar 

  18. Schardong, F., Custódio, R.: Self-sovereign identity: a systematic review, mapping and taxonomy. Sensors 22(15), 5641 (2022)

    Article  Google Scholar 

  19. Schmidt, K., Mühle, A., Grüner, A., Meinel, C.: Clear the fog: towards a taxonomy of self-sovereign identity ecosystem members. In: 2021 18th International Conference on Privacy, Security and Trust (PST), pp. 1–7. IEEE (2021)

    Google Scholar 

  20. Venters, C., et al.: The blind men and the elephant: Towards an empirical evaluation framework for software sustainability. J. Open Res. Softw. 2(1) (2014)

    Google Scholar 

  21. Venters, C.C., et al.: Software sustainability: research and practice from a software architecture viewpoint. J. Syst. Softw. 138, 174–188 (2018)

    Article  Google Scholar 

  22. Yu, T., Xie, H., Liu, S., Ma, X., Jia, X., Zhang, L.: CertRevoke: a certificate revocation framework for named data networking. In: Proceedings of the 9th ACM Conference on Information-Centric Networking, pp. 80–90 (2022)

    Google Scholar 

Download references

Acknowledgements

This work has been funded through the Federal Ministry for Education and Research (BMBF) under grant M534800. We want to thank our partners at the TU Munich and the German Academic Exchange Service (DAAD) for the discussions on the topic.

Author information

Authors and Affiliations

  1. Hasso Plattner Institute, Potsdam, Germany

    Katja Assaf, Alexander Mühle, Daniel Köhler & Christoph Meinel

Authors
  1. Katja Assaf
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alexander Mühle
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Daniel Köhler
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Christoph Meinel
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Katja Assaf .

Editor information

Editors and Affiliations

  1. Department of Information and Communication Engineering, Faculty of Information Engineering, Fukuoka Institute of Technology, Fukuoka, Japan

    Leonard Barolli

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Assaf, K., Mühle, A., Köhler, D., Meinel, C. (2023). Prison Break: From Proprietary Data Sources to SSI Verifiable Credentials. In: Barolli, L. (eds) Advanced Information Networking and Applications. AINA 2023. Lecture Notes in Networks and Systems, vol 654. Springer, Cham. https://doi.org/10.1007/978-3-031-28451-9_31

Download citation

Publish with us

Policies and ethics

Search

Navigation