Are you an EPFL student looking for a semester project?
Work with us on data science and visualisation projects, and deploy your project as an app on top of Graph Search.
With self-sovereign identity (SSI), we stand at a crossroads that is leading society to a new kind of digital identity. Under this new paradigm, users no longer have to remember a username and a password; instead they gain full power on the information that is issued to them by trusted entities. From their perspective, using SSI therefore consists in carrying a digital wallet, typically in the form of a smartphone application, where so-called verifiable credentials can be stored in a secure environment behind biometrical identifi- cation. However, this high user responsibility raises the first challenge of SSI: wallets are vulnerable and people are prone to losing access to them for various reasons. Therefore, data should be properly backed up, so that credentials can be recovered without altering user experience. In practical terms, having such a new model for digital identity enables many potential use cases, either by digitalizing existing processes from the physical world or by creating new possibilities thanks to the power of combining data. Consequently, it becomes hard to decide which use cases should be prioritized, let alone which of them are well-aligned with the principles of SSI. Therefore, this work establishes a set of requirements, according to which potential use cases of SSI can be assessed qualitatively. Additionally, a threat model for SSI systems is presented, identifying possible attacks on such use cases in order to help developers take design decisions about their implementations. Finally, this work focuses on an educational use case and explores a proof of concept implementation based on hyperledger Indy, which is a decentralized network specifically built for identity purposes; and ACA-Py, which is a framework that provides an interface to communicate with Indy underneath. In this context, there are also a couple of issues related to the versioning of functionalities, the beta status of wallet applications and credential schema formats. This highlights the fact that SSI is not yet ready for a public rollout, but it also motivates research and development to put a strong emphasis on it in the coming few years.
Salvatore Aprea, Barbara Galimberti