Functional Requirements for Decentralized and Self-Sovereign Identities

TL;DR

This paper derives functional requirements for decentralized and self-sovereign identity systems to enable systematic evaluation and improve adoption, addressing a key gap in current research and practice.

Contribution

It introduces a formalized functional model and a comprehensive set of requirements for DI/SSI systems, facilitating reproducible evaluation methods.

Findings

Developed a formalized functional model for DI/SSI

Derived comprehensive functional requirements for system evaluation

Established a foundation for reproducible assessment frameworks

Abstract

Centralized identity management systems continuously experience security and privacy challenges, motivating the exploration of Decentralized Identity (DI) and Self-Sovereign Identity (SSI) as alternatives. Despite privacy and security benefits to users, the adoption of DI/SSI systems remains limited. One contributing reason is the lack of reproducible approaches to evaluate system compliance with its promised qualities. Derivation of functional requirements (FR) is the first and necessary step to develop such an evaluation approach. Previous literature on DI/SSI significantly lacks the systematic operationalization of existing non-functional requirements (NFR) or SSI principles. This work addresses this research gap by deriving FR for a generalized DI/SSI use case, which encompasses the fundamental operations of the system. The paper details operationalization methodology, introduces a formalized functional model, and presents a comprehensive set of FR, that can be used for future development and evaluation of DI/SSI systems. As a result, establishing the fundamental step toward a reproducible evaluation framework, rooted in established requirements engineering methods.