-
A Tutorial on the Interoperability of Self-sovereign Identities
Authors:
Hakan Yildiz,
Axel Küpper,
Dirk Thatmann,
Sebastian Göndör,
Patrick Herbke
Abstract:
Self-sovereign identity is the latest digital identity paradigm that allows users, organizations, and things to manage identity in a decentralized fashion without any central authority controlling the process of issuing identities and verifying assertions. Following this paradigm, implementations have emerged in recent years, with some having different underlying technologies. These technological…
▽ More
Self-sovereign identity is the latest digital identity paradigm that allows users, organizations, and things to manage identity in a decentralized fashion without any central authority controlling the process of issuing identities and verifying assertions. Following this paradigm, implementations have emerged in recent years, with some having different underlying technologies. These technological differences often create interoperability problems between software that interact with each other from different implementations. Although a common problem, there is no common understanding of self-sovereign identity interoperability. In the context of this tutorial, we create a definition of interoperability of self-sovereign identities to enable a common understanding. Moreover, due to the decentralized nature, interoperability of self-sovereign identities depends on multiple components, such as ones responsible for establishing trust or enabling secure communication between entities without centralized authorities. To understand those components and their dependencies, we also present a reference model that maps the required components and considerations that build up a self-sovereign identity implementation. The reference model helps address the question of how to achieve interoperability between different implementations.
△ Less
Submitted 8 August, 2022;
originally announced August 2022.
-
Blade: A Blockchain-supported Architecture for Decentralized Services
Authors:
Sebastian Göndör,
Hakan Yildiz,
Martin Westerkamp,
Axel Küpper
Abstract:
Decentralized services and applications provide a multitude of advantages for their users, such as improved privacy, control, and independence from third parties. Anyhow, decentralization comes at the cost of certain disadvantages, such as increased application complexity or communication overhead. This aggravates the development and deployment of decentralized services and applications. In this p…
▽ More
Decentralized services and applications provide a multitude of advantages for their users, such as improved privacy, control, and independence from third parties. Anyhow, decentralization comes at the cost of certain disadvantages, such as increased application complexity or communication overhead. This aggravates the development and deployment of decentralized services and applications. In this paper we present Blade, a software platform that aims to ease the effort of development, deployment, and administration of decentralized services by implementing reusable solutions for recurring challenges developers are facing when designing decentralized service architectures. This includes functionality for e.g. identity management, access control, request handling, verification of authenticity and integrity, discovery, or routing. Blade implements all this functionality in a Blade server instance, which can be deployed on a lightweight device, such as a NAS, Raspberry Pi, or router at home. This allows users without expert knowledge to run a Blade instance with already existing hardware with little overhead. Blade supports polyglot Blade modules that implement extended functionality, such as interfaces, frontends, and business logic of decentralized applications, e.g. a decentralized instant messaging service or an online social network. Based on the Oracle GraalVM, Blade modules can be implemented in a variety of programming languages and utilize the functionality provided by the Blade server instance. Blade modules are published in a Ethereum-based decentralized marketplace from where they can be installed directly via the Blade instances...
△ Less
Submitted 29 July, 2022;
originally announced July 2022.
-
Full-text Search for Verifiable Credential Metadata on Distributed Ledgers
Authors:
Zoltán András Lux,
Felix Beierle,
Sebastian Zickau,
Sebastian Göndör
Abstract:
Self-sovereign Identity (SSI) powered by distributed ledger technologies enables more flexible and faster digital identification workflows, while at the same time limiting the control and influence of central authorities. However, a global identity solution must be able to handle myriad credential types from millions of issuing organizations. As metadata about types of digital credentials is reada…
▽ More
Self-sovereign Identity (SSI) powered by distributed ledger technologies enables more flexible and faster digital identification workflows, while at the same time limiting the control and influence of central authorities. However, a global identity solution must be able to handle myriad credential types from millions of issuing organizations. As metadata about types of digital credentials is readable by everyone on the public permissioned ledger with Hyperledger Indy, anyone could find relevant and trusted credential types for their use cases by looking at the records on the blockchain. To this date, no efficient full-text search mechanism exists that would allow users to search for credential types in a simple and efficient fashion tightly integrated into their applications. In this work, we propose a full-text search framework based on the publicly available metadata on the Hyperledger Indy ledger for retrieving matching credential types. The proposed solution is able to find credential types based on textual input from the user by using a full-text search engine and maintaining a local copy of the ledger. Thus, we do not need to rely on information about credentials coming from a very large candidate pool of third parties we would need to trust, such as the website of a company displaying its own identifier and a list of issued credentials. We have also proven the feasiblity of the concept by implementing and evaluating a prototype of the full-text credential metadata search service.
△ Less
Submitted 6 September, 2019;
originally announced September 2019.
-
Towards Psychometrics-based Friend Recommendations in Social Networking Services
Authors:
Felix Beierle,
Kai Grunert,
Sebastian Göndör,
Viktor Schlüter
Abstract:
Two of the defining elements of Social Networking Services are the social profile, containing information about the user, and the social graph, containing information about the connections between users. Social Networking Services are used to connect to known people as well as to discover new contacts. Current friend recommendation mechanisms typically utilize the social graph. In this paper, we a…
▽ More
Two of the defining elements of Social Networking Services are the social profile, containing information about the user, and the social graph, containing information about the connections between users. Social Networking Services are used to connect to known people as well as to discover new contacts. Current friend recommendation mechanisms typically utilize the social graph. In this paper, we argue that psychometrics, the field of measuring personality traits, can help make meaningful friend recommendations based on an extended social profile containing collected smartphone sensor data. This will support the development of highly distributed Social Networking Services without central knowledge of the social graph.
△ Less
Submitted 17 November, 2017; v1 submitted 30 May, 2017;
originally announced May 2017.
-
Cross-Domain Discovery of Communication Peers. Identity Mapping and Discovery Services (IMaDS)
Authors:
Ingo Friese,
Rebecca Copeland,
Sebastian Göndör,
Felix Beierle,
Axel Küpper,
Ricardo Lopes Pereira,
Jean-Michel Crom
Abstract:
The upcoming WebRTC-based browser-to-browser communication services present new challenges for user discovery in peer-to-peer mode. Even more so, if we wish to enable different web communication services to interact. This paper presents Identity Mapping and Discovery Service (IMaDS), a global, scalable, service independent discovery service that enables users of web-based peer-to-peer applications…
▽ More
The upcoming WebRTC-based browser-to-browser communication services present new challenges for user discovery in peer-to-peer mode. Even more so, if we wish to enable different web communication services to interact. This paper presents Identity Mapping and Discovery Service (IMaDS), a global, scalable, service independent discovery service that enables users of web-based peer-to-peer applications to discover other users whom to communicate with. It also provides reachability and presence information. For that, user identities need to be mapped to any compatible service identity as well as to a globally unique, service-independent identity. This mapping and discovery process is suitable for multiple identifier formats and personal identifying properties, but it supports user-determined privacy options. IMaDS operates across different service domains dynamically, using context information. Users and devices have profiles containing context and other specific information that can be discovered by a search engine. The search results reveal the user's allocated globally unique identifier (GUID), which is then resolved to a list of the user's service domains identities, using a DHT-based directory service. Service-specific directories allow tracking of active endpoints, where users are currently logged on and can be contacted.
△ Less
Submitted 17 November, 2017; v1 submitted 28 April, 2017;
originally announced April 2017.
