SSI-Federation: facilitating identity federation using self sovereign identity for Web-services

Abstract

Identity federation means entrusting an entity’s online identity verification to an external organization. Identity Federation’s basic concept is that an IdP or Identity provider ensures an entity’s identity to the SP or the Service Provider an entity that provides web service. This is an old concept having the issue of how securely the information will be gathered and stored. To provide security of personal information and to get an overall convenience efficiently Self-sovereign identity or SSI is used. SSI is different from any other verification system due to its peer-to-peer decentralized system with the help of blockchain. This process provides an entity full control of how much personal information they are sharing and who they are sharing it with, with the convenience of service access without login credentials. This reduces the dependency on a specific third party making the process more secure whilst ensuring proper privacy over their data. In SSI like the Identity Federation, there are also two entities other than the user which are Issuers and Verifiers where issuers are trusted credential providers, and the Verifiers are trusted to verify them when requested. Still, the issue here is that there is no connection between the Issuer and the Verifier which concerns the issue of trust among these two entities. We provide a solution to both of these problems by first using SSI as the base model and then enabling the Issuer and Verifier of it to establish trust among themselves before the user requests a service through SSI. For this to succeed the Verifier will also play the role of the SP and the Issuer can be thought of as the IdP. This hybrid system of ours contains an external trust layer over SSI which makes it function like Federated Identity by also keeping the characteristics of SSI with the help of hyperledger-based blockchain technologies.