Papers
Topics
Authors
Recent
2000 character limit reached

A Universal System for OpenID Connect Sign-ins with Verifiable Credentials and Cross-Device Flow (2401.09488v1)

Published 16 Jan 2024 in cs.CR and cs.SE

Abstract: Self-Sovereign Identity (SSI), as a new and promising identity management paradigm, needs mechanisms that can ease a gradual transition of existing services and developers towards it. Systems that bridge the gap between SSI and established identity and access management have been proposed but still lack adoption. We argue that they are all some combination of too complex, locked into specific ecosystems, have no source code available, or are not sufficiently documented. We propose a comparatively simple system that enables SSI-based sign-ins for services that support the widespread OpenID Connect or OAuth 2.0 protocols. Its handling of claims is highly configurable through a single policy and designed for cross-device authentication flows involving a smartphone identity wallet. For external interfaces, we solely rely on open standards, such as the recent OpenID for Verifiable Credentials standards. We provide our implementation as open-source software intended for prototyping and as a reference. Also, we contribute a detailed technical discussion of our particular sign-in flow. To prove its feasibility, we have successfully tested it with existing software and realistic hardware.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (21)
  1. F. Schardong and R. Custódio, “Self-Sovereign Identity: A Systematic Review, Mapping and Taxonomy,” Sensors, vol. 22, no. 15, p. 5641, Jan. 2022.
  2. C. Allen, “The path to self-sovereign identity,” 2016, (Accessed 21-11-2023). [Online]. Available: http://www.lifewithalacrity.com/2016/04/the-path-to-self-soverereign-identity.html
  3. OpenID Foundation, “OpenID Connect Core 1.0 incorporating errata set 1,” https://openid.net/specs/openid-connect-core-1_0.html, 2014, (Accessed 02-12-2023).
  4. K. Yasuda, T. Lodderstedt, D. Chadwick, K. Nakamura, and J. Vercammen, “Openid for verifiable credentials,” https://openid.net/wordpress-content/uploads/2022/06/OIDF-Whitepaper_OpenID-for-Verifiable-Credentials-V2_2022-06-23.pdf, 2022, (Accessed 02-12-2023).
  5. M. Sporny, D. Longley, and D. Chadwick, “Verifiable Credentials Data Model v1.1,” https://www.w3.org/TR/vc-data-model/, 2022, (Accessed 03-12-2023).
  6. M. Sporny, D. Longley, M. Sabadello, D. Reed, O. Steele, and C. Allen, “Decentralized Identifiers (DIDs) v1.0,” https://www.w3.org/TR/did-core/, 2022, (Accessed 03-12-2023).
  7. D. Hardt, “The OAuth 2.0 Authorization Framework,” RFC 6749, Oct. 2012. [Online]. Available: https://www.rfc-editor.org/info/rfc6749
  8. O. Terbu, T. Lodderstedt, K. Yasuda, and T. Looker, “OpenID for Verifiable Presentations - draft 18,” https://openid.net/specs/openid-4-verifiable-presentations-1_0-ID2.html, 2023, (Accessed 03-12-2023).
  9. K. Yasuda and M. Jones, “Self-Issued OpenID Provider v2,” https://openid.net/specs/openid-connect-self-issued-v2-1_0-ID1.html, 2022, (Accessed 03-12-2023).
  10. A. Grüner, A. Mühle, and C. Meinel, “Analyzing Interoperability and Portability Concepts for Self-Sovereign Identity,” in 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom).   Shenyang, China: IEEE, Oct. 2021, pp. 587–597.
  11. H. Yildiz, A. Küpper, D. Thatmann, S. Göndör, and P. Herbke, “A Tutorial on the Interoperability of Self-sovereign Identities,” Aug. 2022.
  12. A. Grüner, A. Mühle, and C. Meinel, “An Integration Architecture to Enable Service Providers for Self-sovereign Identity,” in 2019 IEEE 18th International Symposium on Network Computing and Applications (NCA).   Cambridge, MA, USA: IEEE, Sep. 2019, pp. 1–5.
  13. ——, “ATIB: Design and Evaluation of an Architecture for Brokered Self-Sovereign Identity Integration and Trust-Enhancing Attribute Aggregation for Service Provider,” IEEE Access, vol. 9, pp. 138 553–138 570, 2021.
  14. Z. A. Lux, D. Thatmann, S. Zickau, and F. Beierle, “Distributed-Ledger-based Authentication with Decentralized Identifiers and Verifiable Credentials,” Jun. 2020.
  15. S. Hong and H. Kim, “VaultPoint: A Blockchain-Based SSI Model that Complies with OAuth 2.0,” Electronics, vol. 9, no. 8, p. 1231, Aug. 2020.
  16. H. Yildiz, C. Ritter, L. T. Nguyen, B. Frech, M. M. Martinez, and A. Küpper, “Connecting Self-Sovereign Identity with Federated and User-centric Identities via SAML Integration,” in 2021 IEEE Symposium on Computers and Communications (ISCC).   IEEE, Sep. 2021.
  17. D. Longley and M. Sporny, “Status List 2021 — w3.org,” https://www.w3.org/community/reports/credentials/CG-FINAL-vc-status-list-2021-20230102/, 2023, (Accessed 01-12-2023).
  18. D. McGrogan, G. Cohen, O. Steele, W. Chang, D. Chadwick, J. Hensley, N. Klomp, and A. Kesselman, “DIF Presentation Exchange 2.0.0,” https://identity.foundation/presentation-exchange/spec/v2.0.0/, 2022, (Accessed 03-12-2023).
  19. F. Hoops, A. Mühle, F. Matthes, and C. Meinel, “A taxonomy of decentralized identifier methods for practitioners,” in 2023 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPS).   IEEE, 2023, pp. 57–65.
  20. W. Chang, C. Lehner, J. Caballero, and J. Thorstensson, “did:pkh method specification,” https://github.com/w3c-ccg/did-pkh/blob/main/did-pkh-method-draft.md, 2023, (Accessed 03-12-2023).
  21. Veramo Core Team, “Ethr did method specification,” https://github.com/decentralized-identity/ethr-did-resolver/blob/master/doc/did-method-spec.md, 2022, (Accessed 03-12-2023).
Citations (2)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
Slide Deck Streamline Icon: https://streamlinehq.com

Whiteboard

Dice Question Streamline Icon: https://streamlinehq.com

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now
Lightbulb Streamline Icon: https://streamlinehq.com

Continue Learning

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now
List To Do Tasks Checklist Streamline Icon: https://streamlinehq.com

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets

Sign up for free to view the 2 tweets with 2 likes about this paper.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up for Free