Blockchain-based Self-Sovereign Identity Solutions - Current State and Future Application (Sommersemester 2020)
Lecturer:
Prof. Dr. Christoph Meinel
(Internet-Technologien und -Systeme)
Tutors:
Andreas Grüner
M.Sc. Alexander Mühle
General Information
- Weekly Hours: 2
- Credits: 3
- Graded:
yes
- Enrolment Deadline: 06.04.2020 - 22.04.2020
- Teaching Form: Seminar
- Enrolment Type: Compulsory Elective Module
- Course Language: English
- Maximum number of participants: 8
Programs, Module Groups & Modules
- IT-Systems Engineering
- IT-Systems Engineering
- ISAE: Internet, Security & Algorithm Engineering
- HPI-ISAE-T Techniken und Werkzeuge
- ISAE: Internet, Security & Algorithm Engineering
- HPI-ISAE-K Konzepte und Methoden
- ISAE: Internet, Security & Algorithm Engineering
- HPI-ISAE-S Spezialisierung
- OSIS: Operating Systems & Information Systems Technology
- HPI-OSIS-K Konzepte und Methoden
- OSIS: Operating Systems & Information Systems Technology
- HPI-OSIS-T Techniken und Werkzeuge
- OSIS: Operating Systems & Information Systems Technology
- HPI-OSIS-S Spezialisierung
- IDMG: Identity Management
- HPI-IDMG-K Konzepte und Methoden
- IDMG: Identity Management
- HDI-IDMG-T Techniken und Werkzeuge
- IDMG: Identity Management
- HPI-IDMG-S Spezialisierung
Description
In traditional identity management the identity provider is a trusted third party for the user and the service provider. Being a trusted third party, the identity provider owns and controls digital identities. This situation has specific drawbacks for the user and the service provider. With the help of blockchain technology, a decentralized identity provider can be implemented that is not a trusted third party anymore. The user gets back the control and ownership about its digital identity. Therefore, such solutions are generally referred to as self-sovereign identity (SSI). Currently, a myriad of projects and initiatives work on different SSI solutions considering distinct blockchains, standardization, protocols, political and ethical advancement, etc.
Topics
The following topics can be chosen for the block seminar. However, additional topics can be proposed during the first session.
Interoperability of SSI Solutions and Networks
Isolated and centralized identity management patterns are only usable within the trust boundary of an organization or company. The further development to federated identity management patterns crossed trust domain boundaries and enabled the use of a digital identity in a wider scope. A single digital identity to be used at any online service is very favorable for the user: a single credential, a single registration process, etc. Along these lines, SSI emerged to provide additionally enhanced privacy and user control. The development of SSI is driven by many projects, blockchains and solutions. There are different identity wallets for the same ecosystem, there several instances of the same blockchain hosted by different parties, etc. That lead to a very fragmented landscape for the user and the service provider. The SSI ecosystem does not comprise a single solution based on a single blockchain network. However, it consists of several solutions and a network of networks on a global scale. A user may need to use, and a service provider may need to support several SSI solutions. Therefore, solutions, concepts and approaches for interoperability between SSI solutions and the underlying networks are needed.
This topic should cover at a minimum:
- Overview/ definition of interoperability levels
- Classification and description of existing interoperability approaches
- Proposal of new interoperability approaches
- Evaluation, advantages, disadvantages of the approaches
A Survey of SSI Solutions
Many projects and initiatives drive the implementation of new SSI solutions based on blockchain technology. There is uPort implemented as smart contracts on the Ethereum blockchain. Besides that, Hyperledger Indy in connection with the Hyperledger Aries project build a set of dedicated blockchains for SSI. Furthermore, Blockchain Helix, ShoCard, SelfKey, Jolocom and further projects exists. A description, classification and evaluation based on defined criteria as part of a survey would drive transparency and understanding in this domain.
This topic should cover at a minimum:
- Holistic research about existing SSI solutions
- Definition of survey scope and comparative criteria
- Description of SSI solutions and evaluation of the criteria
References:
- P. Dunphy and F. A. P. Petitcolas, “A first look at identity management schemes on the blockchain,” IEEE Security Privacy, vol. 16, no. 4, pp. 20–29, July 2018.
- D. v. Bokkem, R. Hageman, G. Koning, L. Nguyen and N. Zarin: Self-Sovereign Identity Solutions: The Necessity of Blockchain Technology. Online: https://arxiv.org/pdf/1904.12816.pdf
Usability of Identity Wallets/ End User Agents
An identity wallet/ end user agent is the central application for a user or an institution to manage its digital identity. The identity wallet is core agent for authentication, verifiable claim retrieval and usage. Additionally, the wallet holds and protects the credential for the digital identity. The various SSI solutions have mainly implemented a mobile app as identity wallet for its users. As identity management in general and specifically SSI is a challenging topic for the layman, therefore usability of the identity wallet is key.
This topic should cover at a minimum:
- Methodologies/ approaches to evaluate/ measure usability
- Overview/ definition of identity wallet types (e.g. mobile, enterprise, web, etc.)
- An analysis of major existing identity wallets with regard to usability and functionality
- Usability deficiencies and improvement proposals for identity wallets
Systematization of the SSI Ecosystem
The current SSI ecosystem is overwhelmingly confusing. Manifold actors, projects, initiatives, standardization bodies, governmental groups, communities, companies, universities and research groups drive distinct SSI solutions, blockchains, protocols, frameworks, interoperability products and further aspects. A systematic study and arrangement of these actors is required to identify common fields of work and research and open gaps to be tackled by the different communities.
This topic should cover at a minimum:
- Comprehensive study of actors, projects, initiatives, blockchains, tools, protocols at a global level
- Taxonomic classification and description of the identified entities and their projects
Security Analysis Methodology for SSI
The self-sovereign identity management paradigm and the underlying blockchain technology are newly emerging concepts. As identity management is a fundamental cornerstone of securing any application and online service, the identity management components must be itself secure. To increase security of the various SSI solutions and of the overall concepts a methodological security analysis is required. For this, existing security analysis schemes, e.g. attack trees, should be applied to SSI and get further developed.
This topic should cover at a minimum:
- Presentation of a general SSI architecture
- Application of existing security analysis methodologies to the general SSI architecture
- Development of a SSI specific security analysis methodology
Controlling Digital Identities at a Service Provider
In identity management schemes, service providers such as organizations and companies are reflected as digital identities. Within the SSI ecosystem, a service provider may check verifiable credentials or issue verifiable credentials to other digital identities. The digital identity of a normal user is controlled by a credential that is hold by the respective user. However, controlling the digital identity of a service provider is significantly more complex. Service provider can be controlled by one person, several persons with different majorities or permissions can be delegated. Within this topic, various concepts and approaches to control digital identities at a service provider by legitimate persons should be investigated, described and evaluated.
This topic should cover at a minimum:
- Comprehensive study of concepts and approaches to control a digital identity at a service provider
- Description and evaluation in terms of advantages and disadvantages of the approaches
Description and Analysis of uPort
uPort was one of the first SSI solutions that has been implemented as a set of smart contracts on the Ethereum blockchain. Additionally, uPort offers a mobile identity wallet as end user application for iOS and Android. A description and in-depth (security) analysis of uPort to describe advantages, areas for improvement, missing features may bring guidance to future development activities.
This topic should cover at a minimum:
- Detailed study of architecture/ technical development/ changes of uPort
- Study of projects/ communities/ engagements where uPort was/is involved
- (Security) analysis of uPort
References:
- C. Lundkvist, R. Heck, J. Torstensson, Z. Mitton, M. Sena: UPORT: A PLATFORM FOR SELF-SOVEREIGN IDENTITY. Online: http://blockchainlab.com/pdf/uPort_whitepaper_DRAFT20161020.pdf
- uPort: https://www.uport.me
Description and Analysis of Hyperledger Indy/ Aries
Evernym/ Sovrin initially created a set of public permissioned blockchains for the purpose of identity management. Later on, the project was made open source as Hyperledger Indy/ Aries. Hyperledger Indy represents a set of blockchains dedicated to SSI. Furthermore, Hyperledger Aries is a client agent to facilitate actions and communication towards Indy. A description and in-depth (security) analysis of Hyperledger Indy/ Aries to describe advantages, areas for improvement, missing features may bring guidance to future development activities.
This topic should cover at a minimum:
- Detailed study of architecture/ technical development/ changes of Hyperledger Indy/ Aries
- Study of projects/ communities/ engagements where Hyperledger Indy/ Aries was/is involved
- (Security) analysis of Hyperledger Indy/ Aries
References:
- Hyperledger Indy: https://www.hyperledger.org/projects/hyperledger-indy
- Hyperledger Aries: https://www.hyperledger.org/projects/hyperledger-aries
Requirements
n/a
Literature
- Mühle, A., Grüner, A., Gayvoronskaya, T., Meinel, C.: A Survey on Essential Components of a Self-Sovereign Identity. Computer Science Review. 80-86 (2018)
- Kupferberg, M.: Blockchain-Based Identity Management: A Survey from the Enterprise and Ecosystem Perspective. IEEE Transactions on Engineering Management. 2019
- Universal Resolver. Online: https://github.com/decentralized-identity/universal-resolver
- Hyperledger Indy. Online: https://www.hyperledger.org/projects/hyperledger-indy
- Hyperledger Aries. Online: https://www.hyperledger.org/projects/hyperledger-aries
- C. Lundkvist, R. Heck, J. Torstensson, Z. Mitton, M. Sena: UPORT: A PLATFORM FOR SELF-SOVEREIGN IDENTITY. Online: http://blockchainlab.com/pdf/uPort_whitepaper_DRAFT20161020.pdf
- uPort. Online: https://www.uport.me
- Decentralized Identifiers (DIDs) v1.0. Online: https://www.w3.org/TR/did-core/
- Verifiable Credentials Data Model 1.0. Online: https://www.w3.org/TR/vc-data-model/
Learning
Within the kick-off session of the seminar, the topics are introduced. During the block session the prepared topics are presented by the participants. Additionally, external presenters will give speeches to topics related to Self-sovereign Identity. The external speakers are published in due course.
Due to Corona, the kick-off session will be done online. Details about the used tool (e.g. Zoom) and connection will be published in due course.
Examination
Evaluation
- 10% Active participation in the seminar
- 45% Presentation
- 30/35 minutes presentation
- 10/15 minutes discussion
- 45% Paper
Paper Guidelines
- 10-12 pages
- Springer Lecture Notes in Computer Science (LNCS) style based on Tex template
- Structure should follow conference papers:
- Introduction
- Related work
- Main sections
- Conclusion and future work
- References
Dates
Course of the Seminar
The seminar will be performed as a block seminar. In the kick-off session, the seminar is opened, an introduction is given, and the topics are presented. Please get familiar with the topics already and ask questions that may exists. Afterwards, the presentations are hold during the subsequent block sessions. The submission of the paper is due to the end of the lecture time of the semester.
Schedule
- 30.04.2020: Kick-off session for introduction and topic presentation
- 03.05.2020: Topic selection (first come, first serve) via email to andreas.gruener@hpi.de
- 01.06.2020: (Optional) Submit presentation draft for review
- 18./19.06.2020: Block session for seminar topic presentations and external presentations
- External presentation 1: Project Lissi
- External presentation 2: uPort/ Decentralized Identity Foundation
- Further external presentations: TBC
- 10.07.2020: (Optional) Submit paper draft for review
- 01.08.2020: Submit final paper
Session Details
- Kick-off Session
- Thursday, 30.04.2020: 15:15 – 16:45 (changed due to later semester start)
- Room: Online (e.g. Zoom) - More details will be published in due course
- Block Session
- Thursday, 18.06.2020: 09:15-16:00
- Friday, 19.06.2020: 09:15-16:00
- Room: TBD
Zurück