reclaimID: Secure, Self-Sovereign Identities using Name Systems and Attribute-Based Encryption
This addresses the need for decentralized identity control for users, offering a novel solution to reduce reliance on centralized providers.
The paper tackles the problem of centralized digital identity management by proposing reclaimID, an architecture that enables secure, self-sovereign identity sharing using name systems and attribute-based encryption, achieving practical integration with standard services like OpenID Connect.
In this paper we present reclaimID: An architecture that allows users to reclaim their digital identities by securely sharing identity attributes without the need for a centralised service provider. We propose a design where user attributes are stored in and shared over a name system under user-owned namespaces. Attributes are encrypted using attribute-based encryption (ABE), allowing the user to selectively authorize and revoke access of requesting parties to subsets of his attributes. We present an implementation based on the decentralised GNU Name System (GNS) in combination with ciphertext-policy ABE using type-1 pairings. To show the practicality of our implementation, we carried out experimental evaluations of selected implementation aspects including attribute resolution performance. Finally, we show that our design can be used as a standard OpenID Connect Identity Provider allowing our implementation to be integrated into standard-compliant services.