interID -- An Ecosystem-agnostic Verifier-as-a-Service with OpenID Connect Bridge

• URL: http://arxiv.org/abs/2602.14871v1
• Date: Mon, 16 Feb 2026 16:02:51 GMT
• Title: interID -- An Ecosystem-agnostic Verifier-as-a-Service with OpenID Connect Bridge
• Authors: Hakan Yildiz, Axel Küpper,
• Abstract summary: interID is an ecosystem-agnostic platform unifying credential verification across Hyperledger Aries/Indy, EBSI, and EUDI ecosystems.<n>We extend interID with an OIDC bridge providing Verifier-as-a-Service, enabling SSI verification through standard OIDC flows.
• Score: 0.3437656066916039
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Self-Sovereign Identity (SSI) enables user-controlled, cryptographically verifiable credentials. As EU regulations mandate EUDI Wallet acceptance by 2027, SSI adoption becomes a compliance necessity. However, each SSI Verifier exposes different APIs with distinct request parameters, response formats, and claim structures, requiring custom wrappers and dedicated infrastructure, contrasting with OpenID Connect (OIDC) where standardized protocols enable seamless integration. interID is an ecosystem-agnostic platform unifying credential verification across Hyperledger Aries/Indy, EBSI, and EUDI ecosystems. We extend interID with an OIDC bridge providing Verifier-as-a-Service, enabling SSI verification through standard OIDC flows. Organizations receive ID Tokens with verified credential attributes without implementing Verifier-specific logic or deploying infrastructure. The multi-tenant architecture leverages Keycloak with strict tenant isolation. Key innovations include PKCE support, scope-to-proof-template mappings translating OIDC scopes into ecosystem-specific verification requests, and a security analysis identifying novel attack surfaces at the intersection of OIDC, SSI, and multi-tenant architectures, threats covered by neither RFC 6819 nor existing SSI analyses alone. Our evaluation demonstrates security equivalence to production identity providers through threat modeling identifying 11 attack vectors, including seven beyond RFC 6819's scope. Integration analysis shows organizations can adopt SSI authentication with comparable effort to adding traditional federated providers. By combining familiar OIDC patterns with SaaS deployment, our work lowers integration and operational barriers, enabling regulatory compliance through configuration rather than custom development.

Related papers

• Interoperable Architecture for Digital Identity Delegation for AI Agents with Blockchain Integration [0.0]
  We introduce a unified framework that enables bounded, auditable, and least-privilege delegation across heterogeneous identity ecosystems.<n>The framework includes four key elements: Delegation Grants (DGs), first-class authorization artefacts that encode revocable transfers of authority with enforced scope reduction.<n>It also includes a layered reference architecture that separates trust anchoring, credential and proof validation, policy evaluation, and protocol mediation via a Trust Gateway.
  arXiv  Detail & Related papers  (2026-01-21T13:29:23Z)
• Binding Agent ID: Unleashing the Power of AI Agents with accountability and credibility [46.323590135279126]
  BAID (Binding Agent ID) is a comprehensive identity infrastructure establishing verifiable user-code binding.<n>We implement and evaluate a complete prototype system, demonstrating the practical feasibility of blockchain-based identity management and zkVM-based authentication protocol.
  arXiv  Detail & Related papers  (2025-12-19T13:01:54Z)
• Zero Trust Security Model Implementation in Microservices Architectures Using Identity Federation [0.0]
  The article itself is a case on the need of the Zero Trust Security Model of micro services ecosystem.<n>It is proposed that the solution framework will be based on industry-standard authentication and authorization and end-to-end trust identity technologies.<n>The research results overlay that the federated identity combined with the Zero Trust basics not only guarantee the rules relating to authentication and authorization but also fully complies with the latest DevSecOps standards of microservice deployment.
  arXiv  Detail & Related papers  (2025-11-07T02:03:05Z)
• Bridging the Mobile Trust Gap: A Zero Trust Framework for Consumer-Facing Applications [51.56484100374058]
  This paper proposes an extended Zero Trust model designed for mobile applications operating in untrusted, user-controlled environments.<n>Using a design science methodology, the study introduced a six-pillar framework that supports runtime enforcement of trust.<n>The proposed model offers a practical and standards-aligned approach to securing mobile applications beyond pre-deployment controls.
  arXiv  Detail & Related papers  (2025-08-20T18:42:36Z)
• Fortifying the Agentic Web: A Unified Zero-Trust Architecture Against Logic-layer Threats [1.3029461861316425]
  This paper presents a Unified Security Architecture that fortifies the Agentic Web through a Zero-Trust IAM framework.<n>This architecture is built on a foundation of rich, verifiable agent identities using Decentralized IDs (DIDs) and Verifiable Credentials (VCs)<n>Security is operationalized through a multi-layered Trust Fabric.
  arXiv  Detail & Related papers  (2025-08-17T06:52:39Z)
• Endorsement-Driven Blockchain SSI Framework for Dynamic IoT Ecosystems [0.39462888523270856]
  Self-Sovereign Identity (SSI) offers significant potential for managing identities in the Internet of Things (IoT)<n>Existing SSI frameworks limit issuance credential and revocation to trusted entities, such as IoT manufacturers.<n>We propose a blockchain-based SSI framework that allows any individual with a verifiable trust linkage to act as a credential issuer.
  arXiv  Detail & Related papers  (2025-07-14T02:03:14Z)
• Zero-Trust Foundation Models: A New Paradigm for Secure and Collaborative Artificial Intelligence for Internet of Things [61.43014629640404]
  Zero-Trust Foundation Models (ZTFMs) embed zero-trust security principles into the lifecycle of foundation models (FMs) for Internet of Things (IoT) systems.<n>ZTFMs can enable secure, privacy-preserving AI across distributed, heterogeneous, and potentially adversarial IoT environments.
  arXiv  Detail & Related papers  (2025-05-26T06:44:31Z)
• Substation Bill of Materials: A Novel Approach to Managing Supply Chain Cyber-risks on IEC 61850 Digital Substations [44.99833362998488]
  Substation Bill of Materials (Subs-BOM) is capable of modeling all the IEDs in a DS and their relationships from a cybersecurity perspective.<n>Subs-BOM provides energy utilities with an accurate and complete inventory of the devices, the firmware they are running, and the services that are deployed into the DS.
  arXiv  Detail & Related papers  (2025-03-25T13:28:36Z)
• HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
  Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs) TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks. We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
  arXiv  Detail & Related papers  (2024-01-17T00:56:23Z)
• A Universal System for OpenID Connect Sign-ins with Verifiable Credentials and Cross-Device Flow [4.006745047019997]
  Self-Sovereign Identity (SSI) is a new and promising identity management paradigm. We propose a comparatively simple system that enables SSI-based sign-ins for services that support the widespread OpenID Connect or OAuth 2.0 protocols.
  arXiv  Detail & Related papers  (2024-01-16T16:44:30Z)
• Combining Decentralized IDentifiers with Proof of Membership to Enable Trust in IoT Networks [44.99833362998488]
  The paper proposes and discusses an alternative (mutual) authentication process for IoT nodes under the same administration domain. The main idea is to combine the Decentralized IDentifier (DID)-based verification of private key ownership with the verification of a proof that the DID belongs to an evolving trusted set.
  arXiv  Detail & Related papers  (2023-10-12T09:33:50Z)
• FedSOV: Federated Model Secure Ownership Verification with Unforgeable Signature [60.99054146321459]
  Federated learning allows multiple parties to collaborate in learning a global model without revealing private data. We propose a cryptographic signature-based federated learning model ownership verification scheme named FedSOV.
  arXiv  Detail & Related papers  (2023-05-10T12:10:02Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.