Abstract
The traditional protected web services rely on a user authentication process. The utilisation of an identifier (e.g. username, email address and so on) and credential (e.g. password) still remains the most widely deployed user authentication process, even though such an authentication process is one of the major sources of security breaches. Moreover, in this traditional setting, the management and sharing of user identity information is cumbersome with limited user controls over their identity data. In recent times, SSI has emerged as a new mechanism for managing and exchanging identity information in a more user-centric and privacy-friendly way. There are many explorations of SSI in different application domains, however, its utility for the web mostly remains unexplored. In this work, we present SSI4Web, a framework for integrating Self-sovereign Identity (SSI) for providing web services in a secure passwordless manner with much more user control and greater flexibility. We provide its architecture, discuss its implementation details, sketch out its use-case with an analysis of its advantages and limitations.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Katsini, C. , Belk, M., Fidas, C., Avouris, N., Samaras, G.: Security and usability in knowledge-based user authentication: a review. In: Proceedings of the 20th Pan-Hellenic conference on informatics, pp. 1–6 (2016)
Bonneau, J., Herley, C., Van Oorschot, P.C., Stajano, F.: The quest to replace passwords: a framework for comparative evaluation of web authentication schemes. In: IEEE Symposium on Security and Privacy, pp. 553–567 (2012)
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. Tech. Rep. Manubot (2019)
Chowdhury, M.J.M., Ferdous, M.S., Biswas, K., Chowdhury, N., Kayes, A., Alazab, M., Watters, P.: A comparative analysis of distributed ledger technology platforms. IEEE Access 7(1), 167 930–167 943 (2019)
Mühle, A., Grüner, A., Gayvoronskaya, T., Meinel, C.: A survey on essential components of a self-sovereign identity. Comput. Sci. Rev. 30, 80–86 (2018)
Ferdous, M.S., Chowdhury, F., Alassafi, M.O.: In search of self-sovereign identity leveraging blockchain technology. IEEE Access 7, 103 059–103 079 (2019)
Ferdous, M.S.: User-controlled identity management systems using mobile devices. PhD. Thesis. University of Glasgow (2015)
Shuaib, M., Alam, S., Alam, M.S., Nasir, M.S.: Self-sovereign identity for healthcare using blockchain. Mater. Today: Proc. (2021)
Kulabukhova, N., Ivashchenko, A., Tipikin, I., Minin, I.: Self-sovereign identity for iot devices. In: International Conference on Computational Science and Its Applications, pp. 472–484. Springer (2019)
Hong, S., Kim, H.: Vaultpoint: a blockchain-based ssi model that complies with oauth 2.0. Electronics 9(8), 1231 (2020)
Yildiz, H., Ritter, C., Nguyen, L.T., Frech, B., Martinez, M.M., Küpper, A.: Connecting self-sovereign identity with federated and user-centric identities via saml integration. In: IEEE Symposium on Computers and Communications (ISCC), pp. 1–7. IEEE (2021)
Shostack, A.: Threat modeling: Designing for security. Wiley (2014)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)
Verifiable Credentials Data Model 1.0. Accessed: 27 Apr 2022. [Online]. Available: https://www.w3.org/TR/vc-data-model/
Hyperledger Aries. Accessed: 10 Nov 2021. [Online]. Available: https://www.hyperledger.org/use/hyperledger-aries
Hyperledger Indy. Accessed: 10 Nov 2021. [Online]. Available: https://www.hyperledger.org/use/hyperledger-indy
Hyperledger Aries Cloud Agent—Python. Accessed 05 Dec 2021. [Online]. Available: https://github.com/hyperledger/aries-cloudagent-python
Node.js. Accessed: 10 Nov 2021. [Online]. Available: https://nodejs.org/en/
Aries Mobile Agent React Native. Accessed: 01 Nov 2021. [Online]. Available: https://github.com/hyperledger/aries-mobile-agent-react-native
Indicio Public Mediator. Accessed: 01 Nov 2021. [Online]. Available: https://indicio-tech.github.io/mediator/
Josang, A., AlZomai, M., Suriadi, S.: Usability and privacy in identity management architectures. ACSW Front. 2007, 143–152 (2007)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Ferdous, M.S., Ionita, A., Prinz, W. (2023). SSI4Web: A Self-sovereign Identity (SSI) Framework for the Web. In: Prieto, J., Benítez Martínez, F.L., Ferretti, S., Arroyo Guardeño, D., Tomás Nevado-Batalla, P. (eds) Blockchain and Applications, 4th International Congress . BLOCKCHAIN 2022. Lecture Notes in Networks and Systems, vol 595. Springer, Cham. https://doi.org/10.1007/978-3-031-21229-1_34
Download citation
DOI: https://doi.org/10.1007/978-3-031-21229-1_34
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-21228-4
Online ISBN: 978-3-031-21229-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)