A Systematisation of Knowledge: Connecting European Digital Identities with Web3

TL;DR

This paper clarifies the distinctions between self-sovereign identity and decentralised identity, explores their technological evolution, and discusses their relation to European digital identity regulations and Web3, highlighting gaps for future integration.

Contribution

It systematically differentiates SSI from decentralised identity, analyzes their development in relation to OIDC and eIDAS 2.0, and proposes directions for connecting Web3 with European digital identity frameworks.

Findings

Decentralised identity emerged alongside OpenID Connect.

SSI is linked to blockchain-based solutions.

Incompatibility exists between OIDC under eIDAS 2.0 and Web3.

Abstract

The terms self-sovereign identity (SSI) and decentralised identity are often used interchangeably, which results in increasing ambiguity when solutions are being investigated and compared. This article aims to provide a clear distinction between the two concepts in relation to the revised Regulation as Regards establishing the European Digital Identity Framework (eIDAS 2.0) by providing a systematisation of knowledge of technological developments that led up to implementation of eIDAS 2.0. Applying an inductive exploratory approach, relevant literature was selected iteratively in waves over a nine months time frame and covers literature between 2005 and 2024. The review found that the decentralised identity sector emerged adjacent to the OpenID Connect (OIDC) paradigm of Open Authentication, whereas SSI denotes the sector's shift towards blockchain-based solutions. In this study, it is shown that the interchangeable use of SSI and decentralised identity coincides with novel protocols over OIDC. While the first part of this paper distinguishes OIDC from decentralised identity, the second part addresses the incompatibility between OIDC under eIDAS 2.0 and Web3. The paper closes by suggesting further research for establishing a digital identity bridge for connecting applications on public-permissionless ledgers with data originating from eIDAS 2.0 and being presented using OIDC.