Functional Requirements for Decentralized and Self-Sovereign Identities
This work addresses a gap in systematic evaluation for DI/SSI systems, which is incremental as it builds on existing requirements engineering methods.
The paper tackles the lack of reproducible evaluation methods for Decentralized Identity (DI) and Self-Sovereign Identity (SSI) systems by deriving functional requirements from non-functional ones, establishing a foundational step for future development and assessment.
Centralized identity management systems continuously experience security and privacy challenges, motivating the exploration of Decentralized Identity (DI) and Self-Sovereign Identity (SSI) as alternatives. Despite privacy and security benefits to users, the adoption of DI/SSI systems remains limited. One contributing reason is the lack of reproducible approaches to evaluate system compliance with its promised qualities. Derivation of functional requirements (FR) is the first and necessary step to develop such an evaluation approach. Previous literature on DI/SSI significantly lacks the systematic operationalization of existing non-functional requirements (NFR) or SSI principles. This work addresses this research gap by deriving FR for a generalized DI/SSI use case, which encompasses the fundamental operations of the system. The paper details operationalization methodology, introduces a formalized functional model, and presents a comprehensive set of FR, that can be used for future development and evaluation of DI/SSI systems. As a result, establishing the fundamental step toward a reproducible evaluation framework, rooted in established requirements engineering methods.