A Decentralised Digital Identity Architecture

Current architectures to validate, certify, and manage identity are based on centralised, top-down approaches that rely on trusted authorities and third-party operators. We approach the problem of digital identity starting from a human rights perspective, with a primary focus on identity systems in the developed world. We assert that individual persons must be allowed to manage their personal information in a multitude of different ways in different contexts and that to do so, each individual must be able to create multiple unrelated identities. Therefore, we first define a set of fundamental constraints that digital identity systems must satisfy to preserve and promote privacy as required for individual autonomy. With these constraints in mind, we then propose a decentralised, standards-based approach, using a combination of distributed ledger technology and thoughtful regulation, to facilitate many-to-many relationships among providers of key services. Our proposal for digital identity differs from others in its approach to trust in that we do not seek to bind credentials to each other or to a mutually trusted authority to achieve strong non-transferability. Because the system does not implicitly encourage its users to maintain a single aggregated identity that can potentially be constrained or reconstructed against their interests, individuals and organisations are free to embrace the system and share in its benefits.Comment: 30 pages, 10 figures, 3 table

Next Generation Business Ecosystems: Engineering Decentralized Markets, Self-Sovereign Identities and Tokenization

Digital transformation research increasingly shifts from studying information systems within organizations towards adopting an ecosystem perspective, where multiple actors co-create value. While digital platforms have become a ubiquitous phenomenon in consumer-facing industries, organizations remain cautious about fully embracing the ecosystem concept and sharing data with external partners. Concerns about the market power of platform orchestrators and ongoing discussions on privacy, individual empowerment, and digital sovereignty further complicate the widespread adoption of business ecosystems, particularly in the European Union. In this context, technological innovations in Web3, including blockchain and other distributed ledger technologies, have emerged as potential catalysts for disrupting centralized gatekeepers and enabling a strategic shift towards user-centric, privacy-oriented next-generation business ecosystems. However, existing research efforts focus on decentralizing interactions through distributed network topologies and open protocols lack theoretical convergence, resulting in a fragmented and complex landscape that inadequately addresses the challenges organizations face when transitioning to an ecosystem strategy that harnesses the potential of disintermediation. To address these gaps and successfully engineer next-generation business ecosystems, a comprehensive approach is needed that encompasses the technical design, economic models, and socio-technical dynamics. This dissertation aims to contribute to this endeavor by exploring the implications of Web3 technologies on digital innovation and transformation paths. Drawing on a combination of qualitative and quantitative research, it makes three overarching contributions: First, a conceptual perspective on \u27tokenization\u27 in markets clarifies its ambiguity and provides a unified understanding of the role in ecosystems. This perspective includes frameworks on: (a) technological; (b) economic; and (c) governance aspects of tokenization. Second, a design perspective on \u27decentralized marketplaces\u27 highlights the need for an integrated understanding of micro-structures, business structures, and IT infrastructures in blockchain-enabled marketplaces. This perspective includes: (a) an explorative literature review on design factors; (b) case studies and insights from practitioners to develop requirements and design principles; and (c) a design science project with an interface design prototype of blockchain-enabled marketplaces. Third, an economic perspective on \u27self-sovereign identities\u27 (SSI) as micro-structural elements of decentralized markets. This perspective includes: (a) value creation mechanisms and business aspects of strategic alliances governing SSI ecosystems; (b) business model characteristics adopted by organizations leveraging SSI; and (c) business model archetypes and a framework for SSI ecosystem engineering efforts. The dissertation concludes by discussing limitations as well as outlining potential avenues for future research. These include, amongst others, exploring the challenges of ecosystem bootstrapping in the absence of intermediaries, examining the make-or-join decision in ecosystem emergence, addressing the multidimensional complexity of Web3-enabled ecosystems, investigating incentive mechanisms for inter-organizational collaboration, understanding the role of trust in decentralized environments, and exploring varying degrees of decentralization with potential transition pathways

OpenDSU: Digital Sovereignty in PharmaLedger

Distributed ledger networks, chiefly those based on blockchain technologies, currently are heralding a next generation of computer systems that aims to suit modern users' demands. Over the recent years, several technologies for blockchains, off-chaining strategies, as well as decentralised and respectively self-sovereign identity systems have shot up so fast that standardisation of the protocols is lagging behind, severely hampering the interoperability of different approaches. Moreover, most of the currently available solutions for distributed ledgers focus on either home users or enterprise use case scenarios, failing to provide integrative solutions addressing the needs of both. Herein we introduce the OpenDSU platform that allows to interoperate generic blockchain technologies, organised - and possibly cascaded in a hierarchical fashion - in domains. To achieve this flexibility, we seamlessly integrated a set of well conceived OpenDSU components to orchestrate off-chain data with granularly resolved and cryptographically secure access levels that are nested with sovereign identities across the different domains. Employing our platform to PharmaLedger, an inter-European network for the standardisation of data handling in the pharmaceutical industry and in healthcare, we demonstrate that OpenDSU can cope with generic demands of heterogeneous use cases in both, performance and handling substantially different business policies. Importantly, whereas available solutions commonly require a pre-defined and fixed set of components, no such vendor lock-in restrictions on the blockchain technology or identity system exist in OpenDSU, making systems built on it flexibly adaptable to new standards evolving in the future.Comment: 18 pages, 8 figure

Estudio bibliométrico de la producción científica sobre identidad auto-soberana

Context: Self-sovereign identity (SSI) enables the creation of user-centric, privacy-by-design, secure, and decentralized identity-management systems. The aim of this paper is to carry out a bibliometric analysis of the scientific production on SSI during the period 2017-2022.Method: A complete bibliometric analysis of all publications on SSI indexed in Scopus and Web of Science was carried out. A corpus of 143 articles was examined by processing their bibliographic metadata on a bibliometric tool. In order to do this, the Bibliometrix packageand the R programming language were used.Results: A bibliometric characterization of the publications on SSI was obtained for the 2017 − 2022 period. The most important keywords used in these publications were identified, as well as their use tendencies throughout this period. Moreover, the most influential authors in the area and the most relevant publication sources were also identified.Conclusions: The results of the bibliometric analysis show that Lotka’s and Bradford’s laws apply for academic publications on SSI, which means that the most relevant publications in this area are concentrated in a relatively small group of authors and journals. Paul Jenkins, Nitin Naik, Yang Liu and Aijun An were the most impactful authors, and Lecture notes in computer science, Frontiers in blockchain and IEEE were the most influential journals. Finally, the keyword analysis showed that Blockchain, Authentication, Identity management, Electronic document identification systems, and Digital identity are currently the most relevant concepts for SSI.Contexto: La identidad auto-soberana (SSI, por sus siglas en inglés) permite la creación de sistemas de gestión de identidad centrados en el usuario, con privacidad desde el diseño, seguros y descentralizados. El objetivo de este artículo es realizar un análisis bibliométrico de la producción científica sobre SSI durante el período 2017 − 2022.Método: Se realizó una análisis bibliométrico completo de las publicaciones sobre SSI indexadas en Scopus y Web of Science. Se examinó un corpus de 143 artículos mediante el procesamiento de sus metadatos bibliográficos en una herramienta de análisis bibliométrico. Para ello, el paquete Bibliometrix y el lenguaje de programación R fueron usados.Resultados: Se obtuvo una caracterización bibliométrica de las publicaciones sobre SSI durante el período 2017 − 2022. Se identificaron las palabras clave más importantes, así como las tendencias de uso de las mismas en este periodo. Además, se determinaron los autores de mayor influencia en el área y las fuentes de publicación más relevantes.Conclusiones: Los resultados del análisis bibliométrico completo muestran que la ley de Lotka y la ley de Bradford se cumplen en las publicaciones sobre SSI. Esto quiere decir que las publicaciones de mayor alcance e impacto están concentradas en unos pocos autores y revistas. Paul Jenkins, Nitin Naik , Yang Liu y Aijun An resultaron ser los autores más representativos, y Lecture notes in computer science, IEEE Access y Frontiers in blockchain resultaron ser las revistas más influyentes. Finalmente, el análisis de las palabras clave mostró que Blockchain, Authentication, Identity management, Electronic document identification systems y Digital identity son actualmente los conceptos más importantes para la investigación sobre SSI

An Interoperable Access Control System based on Self-Sovereign Identities

The extreme growth of the World Wide Web in the last decade together with recent scandals related to theft or abusive use of personal information have left users unsatisfied withtheir digital identity providers and concerned about their online privacy. Self-SovereignIdentity (SSI) is a new identity management paradigm which gives back control over personal information to its rightful owner - the individual. However, adoption of SSI on theWeb is complicated by the high overhead costs for the service providers due to the lackinginteroperability of the various emerging SSI solutions. In this work, we propose an AccessControl System based on Self-Sovereign Identities with a semantically modelled AccessControl Logic. Our system relies on the Web Access Control authorization rules usedin the Solid project and extends them to additionally express requirements on VerifiableCredentials, i.e., digital credentials adhering to a standardized data model. Moreover,the system achieves interoperability across multiple DID Methods and types of VerifiableCredentials allowing for incremental extensibility of the supported SSI technologies bydesign. A Proof-of-Concept prototype is implemented and its performance as well as multiple system design choices are evaluated: The End-to-End latency of the authorizationprocess takes between 2-5 seconds depending on the used DID Methods and can theoretically be further optimized to 1.5-3 seconds. Evaluating the potential interoperabilityachieved by the system shows that multiple DID Methods and different types of VerifiableCredentials can be supported. Lastly, multiple approaches for modelling required Verifiable Credentials are compared and the suitability of the SHACL language for describingthe RDF graphs represented by the required Linked Data credentials is shown