Self-Sovereign Identity as a Service: Architecture in Practice

TL;DR

This paper introduces a practical architecture for Self-Sovereign Identity as a Service (SSIaaS) leveraging distributed ledger technology, enabling easier adoption of decentralized digital identity management with demonstrated feasibility.

Contribution

It proposes a comprehensive architecture for SSIaaS, including service concepts, architectural patterns, and a practical platform implementation called Selfid.

Findings

Feasibility of the proposed SSIaaS architecture demonstrated.

Architectural patterns enable customizable SSI services.

Practical platform Selfid validates the approach.

Abstract

Self-sovereign identity (SSI) has gained a large amount of interest. It enables physical entities to retain ownership and control of their digital identities, which naturally forms a conceptual decentralized architecture. With the support of the distributed ledger technology (DLT), it is possible to implement this conceptual decentralized architecture in practice and further bring technical advantages such as privacy protection, security enhancement, high availability. However, developing such a relatively new identity model has high costs and risks with uncertainty. To facilitate the use of the DLT-based SSI in practice, we formulate Self-Sovereign Identity as a Service (SSIaaS), a concept that enables a system, especially a system cluster, to readily adopt SSI as its identity model for identification, authentication, and authorization. We propose a practical architecture by elaborating the service concept, SSI, and DLT to implement SSIaaS platforms and SSI services. Besides, we present an architecture for constructing and customizing SSI services with a set of architectural patterns and provide corresponding evaluations. Furthermore, we demonstrate the feasibility of our proposed architecture in practice with Selfid, an SSIaaS platform based on our proposed architecture.