Self-Sovereign Identity in Research and Education
| Thesis type | Master Thesis |
| Supervisor | Erwin Kupris |
| Starting date | As soon as possible |
| Skills | LaTeX, Git, Any programming language |
| Language | English (preferred), German |
| Industry cooperation | not possible |
| Publish date | 2023-03-13 |
Problem and context
Identity and Access Management (IAM) has the goal to only allow the right entities to access the right resources at the right time and for the right reasons. Therefore, IAM handles everything surrounding digital identities and their usage. This includes, but is not limited to, concepts such as Identification, Authentication, Authorization, Federation, and Provisioning.
In Federations, users can access services offered by other organizations using their home-organization’s credentials. A popular example of a federated sevices in the context of higher education is eduroam which allows students to access WiFi hotspots across the world. Federated Identity Management (FIM) widens a service provider’s potential user-base without having to manage digital identities themselves. Addtionally, users can access more services without the need to create and maintain separate accounts and credentials. [1] FIM is especially useful in the R&E (Research and Education) area because it enables seamless collaboration between researchers from different R&E institutions [2].
In an effort to create privacy-preserving and decentralized identity management, the concept of SSI (Self-Sovereign Identity) emerged [3]. Its general goal is to enable the users to control their own identity and how associated data is shared with service providers without having to rely on large, central identity providers. Related technologies were proposed and standardized by the OpenID foundation and the W3C and include Verifiable Credentials [4], Verifiable Presentations [5], and Self-Issued OpenID providers [6].
Goals
The application of SSI in Research and Education insitutions as well as its fundamental differences to traditional digital identities should be evaluated. The thesis can focus on a number of sub-topics, including, but not limited to:
- Evaluating the applicability of SSI in FIM (Federated Identity Management)
- Implementing a PoC service issuing SSIs to students
- Evaluating security and privacy considerations of SSI
- Possibility to publish a resulting research paper
Thesis proposals for adjacent topics are welcome. Get in touch if you have further questions.
Literature
- https://www.okta.com/identity-101/what-is-federated-identity/
- https://refeds.org/
- https://www.w3.org/TR/did-core/
- https://www.w3.org/TR/vc-data-model/
- https://openid.net/specs/openid-4-verifiable-presentations-1_0.html
- https://openid.net/specs/openid-connect-self-issued-v2-1_0.html