🤖 AI Summary
This work addresses the lack of reproducible evaluation methodologies in decentralized identity (DI) and self-sovereign identity (SSI) systems, which stems from the failure to translate their core security and privacy principles into explicit functional requirements. For the first time, this study systematically operationalizes SSI principles through requirements engineering and formal modeling techniques, yielding a verifiable set of functional requirements and a comprehensive functional model that spans common use cases. The resulting requirements specification and formal model establish a foundational framework for DI/SSI system evaluation, thereby filling a critical gap in the current landscape and providing a rigorous basis for future system development and reproducible assessments.
📝 Abstract
Centralized identity management systems continuously experience security and privacy challenges, motivating the exploration of Decentralized Identity (DI) and Self-Sovereign Identity (SSI) as alternatives. Despite privacy and security benefits to users, the adoption of DI/SSI systems remains limited. One contributing reason is the lack of reproducible approaches to evaluate system compliance with its promised qualities. Derivation of functional requirements (FR) is the first and necessary step to develop such an evaluation approach. Previous literature on DI/SSI significantly lacks the systematic operationalization of existing non-functional requirements (NFR) or SSI principles. This work addresses this research gap by deriving FR for a generalized DI/SSI use case, which encompasses the fundamental operations of the system. The paper details operationalization methodology, introduces a formalized functional model, and presents a comprehensive set of FR, that can be used for future development and evaluation of DI/SSI systems. As a result, establishing the fundamental step toward a reproducible evaluation framework, rooted in established requirements engineering methods.