Designing the future identity: authentication and authorization through self-sovereign identity

Master thesis (2019)

Authors

V.J.E. Gerard Electrical Engineering, Mathematics and Computer Science

Contributors

D.H.J. Epema Data-Intensive Systems - EEMCS (supervisor 1)
Faculty
Electrical Engineering, Mathematics and Computer Science
Copyright: © 2019 Valentin Gerard
Distributed Systems Identity Blockchain Use Cases
More Info
expand_more

Published Date

30-08-2019

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Electrical Engineering, Mathematics and Computer Science

Abstract

The apparition of the Internet was a revolution that allowed to connect people all around the world. It was a disruptive technology that helped to shape the modern society as we know it today. However, to trust a person we interact with but we are not able to see is difficult. In order to trust people in this huge network, different digital identity models have been built to attempt to authenticate its users. Still, as the technology and our use of it evolved, the complexity of digital identity increased and problems started to appear. The two main problems are the aggregation of personal information in the databases of powerful IT companies and the user experience that is more complicated than it should be. Those two problems are linked and are caused by identity models that were not designed in a user-centric approach. Each organization uses its own identity system to authenticate their users, which causes the fragmentation of the user’s digital identity that have to register and create identity for all the organizations he is interacting with. Self-sovereign identity is an emerging identity model that makes use of distributed ledger technologies and cryptography to solve these problems. The goal of this model is to return digital identities in the hand of users by placing them at the center of the model. Unifying all their personal information under one identity would greatly improve their experience and help them to have a better control on how it is used by the organizations they’re interacting with. In our first research question, we first examine if the self-sovereign architecture can provide an identity that can be trusted by people and organizations alike. We found that the trust that we can accord to this model is highly related to our capacity to safely manage the different cryptographic keys that are used to secure wallets where user’s information is stored and to secure the communication channels between the different identity owners. The storage of these keys is the subject of our second research question. To understand better the mechanisms, we implement a prototype using the Hyperledger Indy blockchain to discover how these keys and the credentials associated to the digital identity are stored and managed in this ecosystem. We then use the prototype to authenticate a user and make use of its credentials to authorize or deny the access to specific resources on the system to make the link with identity and access management in our third research question.