Rethinking Self-Sovereign Identity Principles: An Actor-Oriented Categorization of Requirements
This work addresses security and privacy challenges in identity management for users and stakeholders by providing a structured model for DI/SSI system architectures, though it appears incremental as it builds on existing principles.
The paper tackles the lack of user perspective in requirements engineering for Decentralized Identity (DI) and Self-Sovereign Identity (SSI) systems by decomposing SSI principles into 24 simple quality or non-functional requirements and mapping them to key actors with a dependency model.
Centralized identity management systems continuously experience security and privacy challenges, motivating the exploration of Decentralized Identity (DI) and Self-Sovereign Identity (SSI) as user-focused alternatives. Although prior research has consolidated SSI principles and derived quality requirements for DI/SSI systems, it is significantly limited in integrating the user viewpoint. This work addresses this gap by embedding a user perspective into the requirements engineering process for DI/SSI systems. Building on existing SSI principles, composite requirements were decomposed into 24 simple quality or non-functional requirements (NFR). The resulting NFR are systematically mapped to the key actors, namely data owner, issuer, verifier, and system, based on varying degrees of responsibility and ownership. A dependency model is introduced to formalize relationships between actors. Inspired by trust modeling concepts, the model explicitly describes how actors interact and rely on each other for requirements fulfillment. By integrating user-centered requirements, responsibility allocation, ownership specification, and dependency modeling, this work provides the first structured model for DI/SSI system architectures.