On the Compliance of Self-Sovereign Identity with GDPR Principles: A Critical Review
- URL: http://arxiv.org/abs/2409.03624v1
- Date: Thu, 5 Sep 2024 15:35:53 GMT
- Title: On the Compliance of Self-Sovereign Identity with GDPR Principles: A Critical Review
- Authors: Abubakar-Sadiq Shehu,
- Abstract summary: Self-sovereign identity (SSI) was introduced as an IdM model to reduce the possibility of data breaches.
SSI is a decentralised IdM, where the data owner has sovereign control of personal data stored in their digital wallet.
This paper provides an evolution to IdMs and reviews state-of-the-art SSI frameworks.
- Score: 0.0
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Identity Management Systems (IdMs) have complemented how users are identified, authenticated, and authorised on e-services. Among the methods used for this purpose are traditional IdMs (isolated, centralised and federated) that mostly rely on identity providers (IdPs) to broker trust between a user and service-providers (SPs). An IdP also identifies and authenticates a user on-behalf of the SP, who then determines the authorisation of the user. In these processes, both SP and IdP collect, process or store private users' data, which can be prone to breach. One approach to address the data breach is to relieve the IdP, and return control and storage of personal data to the owner. Self-sovereign identity (SSI) was introduced as an IdM model to reduce the possibility of data breaches by offering control of personal data to the owner. SSI is a decentralised IdM, where the data owner has sovereign control of personal data stored in their digital wallet. Since SSI is an emerging technology, its components and methods require careful evaluation. This paper provides an evolution to IdMs and reviews the state-of-the-art SSI frameworks. We explored articles in the literature that reviewed blockchain solutions for General Data Protection Regulation (GDPR). We systematically searched recent SSI and blockchain proposals, evaluated the compliance of the retrieved documents with the GDPR privacy principles, and discussed their potentials, constraints, and limitations. This work identifies potential research gaps and opportunities.
Related papers
- Towards Credential-based Device Registration in DApps for DePINs with ZKPs [46.08150780379237]
We propose a credential-based device registration (CDR) mechanism that verifies device credentials on the blockchain.
We present a general system model, and technically evaluate CDR using zkSNARKs with Groth16 and Marlin.
arXiv Detail & Related papers (2024-06-27T09:50:10Z) - SSI4IoT: Unlocking the Potential of IoT Tailored Self-Sovereign Identity [5.025528181278946]
Self-Sovereign Identity (SSI) techniques move control of digital identity from conventional identity providers to individuals.
Existing applications of SSI mainly focus on creating person-to-person and person-to-service relationships.
arXiv Detail & Related papers (2024-05-03T20:31:52Z) - Secure and Privacy-Preserving Authentication for Data Subject Rights Enforcement [0.0]
We propose an architecture that enables DCs to authenticate DSs with the help of independent Identity Providers.
Our work contributes to a more standardized and privacy-preserving way of authenticating DSs, which will benefit both DCs and DSs.
arXiv Detail & Related papers (2024-04-24T13:17:52Z) - SoK: Trusting Self-Sovereign Identity [7.018013919723054]
Digital identity is evolving from centralized systems to a decentralized approach known as Self-Sovereign Identity (SSI)
This paper systematically analyzes trust in SSI in light of its components and threats posed by various actors in the system.
arXiv Detail & Related papers (2024-04-10T04:28:50Z) - Personalized Federated Learning with Attention-based Client Selection [57.71009302168411]
We propose FedACS, a new PFL algorithm with an Attention-based Client Selection mechanism.
FedACS integrates an attention mechanism to enhance collaboration among clients with similar data distributions.
Experiments on CIFAR10 and FMNIST validate FedACS's superiority.
arXiv Detail & Related papers (2023-12-23T03:31:46Z) - Combining Decentralized IDentifiers with Proof of Membership to Enable Trust in IoT Networks [44.99833362998488]
The paper proposes and discusses an alternative (mutual) authentication process for IoT nodes under the same administration domain.
The main idea is to combine the Decentralized IDentifier (DID)-based verification of private key ownership with the verification of a proof that the DID belongs to an evolving trusted set.
arXiv Detail & Related papers (2023-10-12T09:33:50Z) - User-Centric Health Data Using Self-sovereign Identities [69.50862982117127]
This article presents the potential use of the issuers Self-Sovereign Identities (SSI) and Distributed Ledger Technologies (DLT) to improve the privacy and control of health data.
The paper lists the prominent use cases of decentralized identities in the health area, and discusses an effective blockchain-based architecture.
arXiv Detail & Related papers (2021-07-26T17:09:52Z) - Second layer data governance for permissioned blockchains: the privacy
management challenge [58.720142291102135]
In pandemic situations, such as the COVID-19 and Ebola outbreak, the action related to sharing health data is crucial to avoid the massive infection and decrease the number of deaths.
In this sense, permissioned blockchain technology emerges to empower users to get their rights providing data ownership, transparency, and security through an immutable, unified, and distributed database ruled by smart contracts.
arXiv Detail & Related papers (2020-10-22T13:19:38Z) - A Distributed Trust Framework for Privacy-Preserving Machine Learning [4.282091426377838]
This paper outlines a distributed infrastructure which is used to facilitate peer-to-peer trust between distributed agents.
We detail a proof of concept using Hyperledger Aries, Decentralised Identifiers (DIDs) and Verifiable Credentials (VCs)
arXiv Detail & Related papers (2020-06-03T18:06:13Z) - GDPR: When the Right to Access Personal Data Becomes a Threat [63.732639864601914]
We examine more than 300 data controllers performing for each of them a request to access personal data.
We find that 50.4% of the data controllers that handled the request, have flaws in the procedure of identifying the users.
With the undesired and surprising result that, in its present deployment, has actually decreased the privacy of the users of web services.
arXiv Detail & Related papers (2020-05-04T22:01:46Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.