2.2SEMar 25
Functional Requirements for Decentralized and Self-Sovereign IdentitiesDaria Schumm, Burkhard Stiller
Centralized identity management systems continuously experience security and privacy challenges, motivating the exploration of Decentralized Identity (DI) and Self-Sovereign Identity (SSI) as alternatives. Despite privacy and security benefits to users, the adoption of DI/SSI systems remains limited. One contributing reason is the lack of reproducible approaches to evaluate system compliance with its promised qualities. Derivation of functional requirements (FR) is the first and necessary step to develop such an evaluation approach. Previous literature on DI/SSI significantly lacks the systematic operationalization of existing non-functional requirements (NFR) or SSI principles. This work addresses this research gap by deriving FR for a generalized DI/SSI use case, which encompasses the fundamental operations of the system. The paper details operationalization methodology, introduces a formalized functional model, and presents a comprehensive set of FR, that can be used for future development and evaluation of DI/SSI systems. As a result, establishing the fundamental step toward a reproducible evaluation framework, rooted in established requirements engineering methods.
3.7SEMar 24
Rethinking Self-Sovereign Identity Principles: An Actor-Oriented Categorization of RequirementsDaria Schumm, Burkhard Stiller
Centralized identity management systems continuously experience security and privacy challenges, motivating the exploration of Decentralized Identity (DI) and Self-Sovereign Identity (SSI) as user-focused alternatives. Although prior research has consolidated SSI principles and derived quality requirements for DI/SSI systems, it is significantly limited in integrating the user viewpoint. This work addresses this gap by embedding a user perspective into the requirements engineering process for DI/SSI systems. Building on existing SSI principles, composite requirements were decomposed into 24 simple quality or non-functional requirements (NFR). The resulting NFR are systematically mapped to the key actors, namely data owner, issuer, verifier, and system, based on varying degrees of responsibility and ownership. A dependency model is introduced to formalize relationships between actors. Inspired by trust modeling concepts, the model explicitly describes how actors interact and rely on each other for requirements fulfillment. By integrating user-centered requirements, responsibility allocation, ownership specification, and dependency modeling, this work provides the first structured model for DI/SSI system architectures.