Rethinking Self-Sovereign Identity Principles: An Actor-Oriented Categorization of Requirements

TL;DR

This paper introduces a user-centered, actor-oriented model for decentralized identity systems, integrating requirements, responsibilities, and dependencies to enhance security and privacy from the user perspective.

Contribution

It presents the first structured model for DI/SSI architectures that incorporates user viewpoints, responsibility, ownership, and actor dependencies.

Findings

Mapped 24 quality requirements to key actors

Developed a dependency model for actor interactions

Enhanced understanding of user roles in DI/SSI systems

Abstract

Centralized identity management systems continuously experience security and privacy challenges, motivating the exploration of Decentralized Identity (DI) and Self-Sovereign Identity (SSI) as user-focused alternatives. Although prior research has consolidated SSI principles and derived quality requirements for DI/SSI systems, it is significantly limited in integrating the user viewpoint. This work addresses this gap by embedding a user perspective into the requirements engineering process for DI/SSI systems. Building on existing SSI principles, composite requirements were decomposed into 24 simple quality or non-functional requirements (NFR). The resulting NFR are systematically mapped to the key actors, namely data owner, issuer, verifier, and system, based on varying degrees of responsibility and ownership. A dependency model is introduced to formalize relationships between actors. Inspired by trust modeling concepts, the model explicitly describes how actors interact and rely on each other for requirements fulfillment. By integrating user-centered requirements, responsibility allocation, ownership specification, and dependency modeling, this work provides the first structured model for DI/SSI system architectures.