On the Compliance of Self-Sovereign Identity with GDPR Principles: A Critical Review
- URL: http://arxiv.org/abs/2409.03624v1
- Date: Thu, 5 Sep 2024 15:35:53 GMT
- Title: On the Compliance of Self-Sovereign Identity with GDPR Principles: A Critical Review
- Authors: Abubakar-Sadiq Shehu,
- Abstract summary: Self-sovereign identity (SSI) was introduced as an IdM model to reduce the possibility of data breaches.
SSI is a decentralised IdM, where the data owner has sovereign control of personal data stored in their digital wallet.
This paper provides an evolution to IdMs and reviews state-of-the-art SSI frameworks.
- Score: 0.0
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Identity Management Systems (IdMs) have complemented how users are identified, authenticated, and authorised on e-services. Among the methods used for this purpose are traditional IdMs (isolated, centralised and federated) that mostly rely on identity providers (IdPs) to broker trust between a user and service-providers (SPs). An IdP also identifies and authenticates a user on-behalf of the SP, who then determines the authorisation of the user. In these processes, both SP and IdP collect, process or store private users' data, which can be prone to breach. One approach to address the data breach is to relieve the IdP, and return control and storage of personal data to the owner. Self-sovereign identity (SSI) was introduced as an IdM model to reduce the possibility of data breaches by offering control of personal data to the owner. SSI is a decentralised IdM, where the data owner has sovereign control of personal data stored in their digital wallet. Since SSI is an emerging technology, its components and methods require careful evaluation. This paper provides an evolution to IdMs and reviews the state-of-the-art SSI frameworks. We explored articles in the literature that reviewed blockchain solutions for General Data Protection Regulation (GDPR). We systematically searched recent SSI and blockchain proposals, evaluated the compliance of the retrieved documents with the GDPR privacy principles, and discussed their potentials, constraints, and limitations. This work identifies potential research gaps and opportunities.
Related papers
- SLVC-DIDA: Signature-less Verifiable Credential-based Issuer-hiding and Multi-party Authentication for Decentralized Identity [15.346928617367338]
Verifiable Credential techniques are used to facilitate decentralized DID-based access control across multiple entities.
Existing DID schemes generally rely on a distributed public key infrastructure that also causes challenges.
This paper proposes a Permanent-Hiding (PIH)-based DID-based multi-party authentication framework with a signature-less VC model, named SLVC-DIDA.
arXiv Detail & Related papers (2025-01-19T13:58:01Z) - Distributed Identity for Zero Trust and Segmented Access Control: A Novel Approach to Securing Network Infrastructure [4.169915659794567]
This study assesses security improvements achieved when distributed identity is employed with ZTA principle.
The study suggests adopting distributed identities can enhance overall security postures by an order of magnitude.
The research recommends refining technical standards, expanding the use of distributed identity in practice, and its applications for the contemporary digital security landscape.
arXiv Detail & Related papers (2025-01-14T00:02:02Z) - Towards an identity management solution on Arweave [0.0]
This paper explores the potential of using Arweave network to develop an identity management solution.
By harnessing Arweave's permanent storage, our solution offers users Self-Sovereign Identity (SSI) framework.
arXiv Detail & Related papers (2024-12-18T14:01:31Z) - Balancing Confidentiality and Transparency for Blockchain-based Process-Aware Information Systems [46.404531555921906]
We propose an architecture for blockchain-based PAISs aimed at preserving both confidentiality and transparency.
Smart contracts enact, enforce and store public interactions, while attribute-based encryption techniques are adopted to specify access grants to confidential information.
arXiv Detail & Related papers (2024-12-07T20:18:36Z) - Towards Credential-based Device Registration in DApps for DePINs with ZKPs [46.08150780379237]
We propose a credential-based device registration (CDR) mechanism that verifies device credentials on the blockchain.
We present a general system model, and technically evaluate CDR using zkSNARKs with Groth16 and Marlin.
arXiv Detail & Related papers (2024-06-27T09:50:10Z) - SoK: Trusting Self-Sovereign Identity [7.018013919723054]
Digital identity is evolving from centralized systems to a decentralized approach known as Self-Sovereign Identity (SSI)
This paper systematically analyzes trust in SSI in light of its components and threats posed by various actors in the system.
arXiv Detail & Related papers (2024-04-10T04:28:50Z) - Combining Decentralized IDentifiers with Proof of Membership to Enable Trust in IoT Networks [44.99833362998488]
The paper proposes and discusses an alternative (mutual) authentication process for IoT nodes under the same administration domain.
The main idea is to combine the Decentralized IDentifier (DID)-based verification of private key ownership with the verification of a proof that the DID belongs to an evolving trusted set.
arXiv Detail & Related papers (2023-10-12T09:33:50Z) - User-Centric Health Data Using Self-sovereign Identities [69.50862982117127]
This article presents the potential use of the issuers Self-Sovereign Identities (SSI) and Distributed Ledger Technologies (DLT) to improve the privacy and control of health data.
The paper lists the prominent use cases of decentralized identities in the health area, and discusses an effective blockchain-based architecture.
arXiv Detail & Related papers (2021-07-26T17:09:52Z) - Second layer data governance for permissioned blockchains: the privacy
management challenge [58.720142291102135]
In pandemic situations, such as the COVID-19 and Ebola outbreak, the action related to sharing health data is crucial to avoid the massive infection and decrease the number of deaths.
In this sense, permissioned blockchain technology emerges to empower users to get their rights providing data ownership, transparency, and security through an immutable, unified, and distributed database ruled by smart contracts.
arXiv Detail & Related papers (2020-10-22T13:19:38Z) - GDPR: When the Right to Access Personal Data Becomes a Threat [63.732639864601914]
We examine more than 300 data controllers performing for each of them a request to access personal data.
We find that 50.4% of the data controllers that handled the request, have flaws in the procedure of identifying the users.
With the undesired and surprising result that, in its present deployment, has actually decreased the privacy of the users of web services.
arXiv Detail & Related papers (2020-05-04T22:01:46Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.