Towards the classification of Self-Sovereign Identity properties

12/08/2021
by   Špela Čučko, et al.
0

Self-Sovereign Identity (SSI) is a novel and emerging, decentralized identity approach that enables entities to fully control and manage their digital identifiers and associated identity data while enhances trust, privacy, security, and many other properties analyzed in this paper. The paper provides an overview of the SSI properties, focusing on an in-depth analysis, furthermore presenting a comprehensive collection of SSI properties that are important for the implementation of the SSI system. In addition, it explores the SSI process flow and highlights the steps in which individual properties are important. After the initial purification and classification phase, we then validated properties among experts in the field of decentralized and self-sovereign identity management using an online questionnaire, which resulted in a final set of classified and verified SSI properties. The results can be used for further work on the definition and standardization of the SSI field.

READ FULL TEXT VIEW PDF
POST COMMENT

Comments

There are no comments yet.

Authors

page 9

11/03/2021

A Survey of Self-Sovereign Identity Ecosystem

Self-sovereign identity is the next evolution of identity management mod...
04/12/2022

A Note on the Blockchain Trilemma for Decentralized Identity: Learning from Experiments with Hyperledger Indy

The challenge to establish and verify human identity over the Internet i...
05/26/2021

Towards a trustful digital world: exploring self-sovereign identity ecosystems

In the current global situation-burdened by, among others, a vast number...
05/17/2022

Self-Sovereign Identity as a Service: Architecture in Practice

Self-sovereign identity (SSI) has gained a large amount of interest. It ...
09/09/2020

Towards a Modelling Framework for Self-Sovereign Identity Systems

Self-sovereign Identity promises to give users control of their own data...
06/26/2020

Trust-by-Design: Evaluating Issues and Perceptions within Clinical Passporting

A substantial administrative burden is placed on healthcare professional...
07/17/2018

A Survey on Essential Components of a Self-Sovereign Identity

This paper provides an overview of the Self-Sovereign Identity (SSI) con...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

1 Introduction

Self-Sovereign Identity (SSI) is an emerging, decentralized identity concept that enables entities (e.g., individuals, organizations, and things) to fully control and manage their digital identity [Xu2020] without dependency on any external authority, eliminating a single point of failure, while enhancing trust, privacy, security [Terzi2020], and many other properties, such as transparency, persistence, interoperability, minimalization, etc. The concept is gaining momentum with the rise of blockchain technology. Its potential in the field of identity management was first recognized in 2015 when Internet Identity Workshop (IIW) started a discussion about blockchain identity [Preukschat2021]. Followed by other initiatives, including C. Allen [Allen2016], who proposed ten guiding principles of SSI. However, SSI is still in its infancy without a consensus on the exact definition, without precisely defined architecture or implementation. Thus, various aspects of SSI have been examined in the literature, including initiatives to describe and formally define the concept [Ferdous2019], essential architectural components [Muhle2018][Kaneriya2020], underlying technology [Haddouti2019] process flows [Ferdous2019], and principles/properties [Ferdous2019][Allen2016][Toth2019][Sovrin2021] important for its implementation. Unfortunately, there are some inconsistencies among identified properties, their naming, and definitions of various authors. Several sets of SSI properties have been defined, but some overlap. Therefore, the aim of this research was to collect defined SSI properties in the literature, analyze them in detail, classify them into meaningful groups and finally, validate the optimized, i.e., final set of properties and the classification by surveying experts in the field of decentralized and self-sovereign identity management. To the best of our knowledge, this is the first such attempt to comprehensively address the properties of SSI, which in our belief, is a crucial part of any young research field, which has still to evolve and requires solid foundations to build (i.e., research) upon.

All in all, this paper combines deductive and inductive approaches while exploring fundamental properties that a SSI should have and strives toward their classification.

Therefore, the contribution of this paper is as follows: (i) an overview and analysis of SSI properties from the literature, (ii) a comprehensive collection of SSI properties, (iii) the classification of the properties, (iv) the validation of the final set of SSI properties.

The remainder of this paper is structured as follows. In section 2, general concepts of SSI, its properties, and process flow are outlined. Furthermore, related work regarding SSI properties is presented, while differences to our work are also highlighted. Section 3 consists of multiple subsections and discusses conducted analysis. Subsection 3.1 offers a list of collected properties that are classified in Subsection 3.2 and connected to steps in the general SSI process flow in Subsection 3.3. Section 4 validates the final set of properties and proposed classification. The research methodology is described in Subsection 4.1, and respective results are presented and discussed in Subsection 4.2. The penultimate Section 5 represents the final state. It reflects the findings of the validation phase and summarizes the final properties, their definitions, and classification. Last but not least, Section 6 presents conclusions and future work.

2 Background and Related work

Self-Sovereign Identity (SSI) is a decentralized identity approach that provides the means for digital identification, allowing entities (e.g., individuals/users, organizations, and things) to fully control their digital identity. SSI has emerged with the rise of blockchain technology that can facilitate some desired features of digital identity, minimize or even fully eliminate reliance on any external authority, and solve some problems that traditional identity management systems entail. As identifiers and associated identity data are no longer stored in centralized third-party repositories, eliminating a single point of failure, reducing the threat to privacy, enhancing security, and minimizing vulnerabilities connected to personal data misuse, data breaches, and identity-related cybercrimes [Bernabe2019]. Furthermore, SSI is user-centric [Muhle2018], presenting a shift of power and control from central authorities to decentralized entities, such as users, i.e., identity holders, who must be central to the administration of their own identity and information flow during digital interactions [Avellaneda2019][Dunphy2018] and are responsible for storing their credentials in user agents, i.e., wallets. SSI enables an exchange of claims and credentials without an intermediary, allowing users to attain verifiable credentials from third-party issuers and/or make assertions about themselves, and present them to the relying party, i.e., verifies, requesting proof of identity. Thus, claims and credentials must be verifiable to be trusted.

Some of the main objectives of the SSI system are to (i) enhance user’s full control in digital interactions involving the exchange of personally identifiable information (PII), (ii) ensure security and privacy, as well as enable partial but yet verifiable disclosure of information, (iii) ensure that PII is shared only with the consent of its bearer (iv) prevent altering the data and (v) ensure the adequacy of data that can be trusted and verified by the relying party [Gans2020].

Various aspects of SSI have been examined in the literature, including the properties of SSI, reflecting the main objectives mentioned above. The reason for this is certainly the fact that presenting the properties of a concept is one of the best possible ways to objectively describe and encompass it. If generalized, research addressing the SSI properties can be differentiated into three groups, while each is related to our study to a certain extend. Some are related directly (b), while others are related indirectly (a, c). (a) First of all, there is some groundwork where researchers propose SSI principles/properties. (b) Secondly, there are studies, classifying properties or reviewing, analyzing, and commenting on proposed properties, either rejecting or confirming them or suggesting new ones. (c) Finally, some studies use the proposed properties as evaluation criteria to verify that the identity system is indeed SSI. The second group (b) is related to our study the most. However, neither has validated properties nor their classification among experts in the field of decentralized and self-sovereign identity management.

Allen [Allen2016] has proposed ten guiding principles of SSI, laying out the foundation for implementation of the concept, stating that the key properties of SSI system are Existence, Control, Access, Transparency, Persistence, Portability, Interoperability, Consent, Minimalization, and Protection. The aforementioned SSI properties can be connected to steps in the general SSI process flow that is presented in Figure 1. In addition, the main actors involved in the process can also be observed and include user (identity holder), issuer (identity attributes provider), and verifier (service provider) that interact with each other. All actors should be able to generate and manage multiple unique decentralized identifiers (DID) independently of any third party [Wagner2018] (Existence) and acquire identity attributes (verifiable claims and credentials, VCs) from third-party issuers (Access). Moreover, identifiers (Existence) and associated personal data can be securely and autonomously stored and managed (Control) by identity subjects, while attained attestations can be presented freely when proof of identity is required (Control, Consent, Minimalization) [Bernabe2019]. Furthermore, with the use of decentralized technologies and cryptographic primitives, security and privacy (Protection) are enhanced, and Transparency and data Minimalization can be achieved.

Figure 1: The general SSI process flow and connected properties proposed by C. Allen [Allen2016].

The Sovrin Foundation summarized and grouped Allen’s principles into three sections (i) Security (Protection, Persistence, Minimalization), (ii) Controllability (Existence, Persistence, Control, Consent), and (iii) Portability (Interoperability, Transparency, Access). Highlighting that in essence, (i) identity information must be kept secure, while (ii) the users remain in control of their data and must be able to determine who can access it, moreover, (iii) identity must be available, widely usable, and portable, not tied to a single identity provider [Sovrin2017]. The Sovrin Foundation [Sovrin2021] has also listed twelve foundational SSI principles. As presented in Table 1, some proposed properties are similar to Allens’. In addition, they have extended principle Control by adding the possibility of employing and/or delegating control to agents and guardians of entities’ choice while also highlighting the importance of (i) Decentralization, (ii) Equity and Inclusion, (iii) Usability, Accessibility and Consistency (iv) Verifiability and Authenticity.

Stokkink and Pouwelse [Stokkink2018] concluded that most of the properties proposed by Allen can be intrinsically achieved by leveraging a personalized blockchain structure. However, some open challenges concerning Portability, Interoperability, Minimalization, and Protection remain and refer to the claim structures. Meanwhile, the authors have also highlighted the need for the additional requirement for SSI, as claims need to be provable in order to be valid. Which coincides with the property Verifiability and Authenticity already mentioned by Sovirn.

Toth and Anderson-Priddy [Toth2019] reviewed and evaluated the work of Cameron, Allen, W3C Verifiable Claims Working Group, and Sovrin. They validated nine proposed properties and suggested five additional properties, namely (i) Usability, (ii) Counterfeit Prevention, (iii) Identity Verification, (iv) Identity Assurance, and (v) Secure Transactions, addressing situations dealing with the loss of digital identities. On the other hand, they argue that Existence, Transparency, and Protection proposed by Allen require further discussion and should be set aside, as Existence is self-evident, and Transparency might not always be possible. To reason and validate the final set of properties, they were applied to SSI architecture.

Furthermore, Ferdous et al. [Ferdous2019] examined SSI properties in detail by critically analyzing existing definitions and extracting properties aiming to propose a formal definition of the concept. They have classified properties into five categories, (i) Foundational (Existence, Autonomy, Ownership, Access, Single source), (ii) Security (Protection, Availability, Persistence), (iii) Controllability (Choosability, Disclosure, Consent), (iv) Flexibility (Portability, Interoperability, Minimisation), and (vi) Sustainability (Transparency, Standard, Cost), providing their taxonomy. In addition, the authors have presented several use cases involving SSI and highlighted the essential life cycles of an identity management system.

The aforementioned properties can be viewed as a set of requirements that SSI systems should achieve. Therefore, they can be used as evaluation criteria for determining, if an identity system is self-sovereign or not. Thus, as already mentioned, some work regarding the assessment of digital identity solutions exists in the literature [Ferdous2019][Haddouti2019][Stokkink2018][Soltani2018][Bokkem2019]. Soltani et al. [Soltani2018] have assessed their proposed client onboarding framework (KYC2) against various criteria, including SSI principles by Allen [Allen2016]. Bokkem et al. [Bokkem2019] have conducted a comparative study, reviewing and evaluating several blockchains and non-blockchain SSI solutions based on properties described by Allen [Allen2016], accompanied with the Provability property proposed by Stokkink and Pouwelse [Stokkink2018]. They concluded that blockchain technology is a good foundation for SSI implementation but is not explicitly required. Systems utilizing blockchain technology, however, meet more SSI properties. Similarly, Ferdous et al. [Ferdous2019] investigated whitepapers and technical documents of four SSI systems, namely uPort, Jolocom, Sovrin, and Blockcerts, analyzing if they satisfy different SSI properties.

Ferdous et al. and Bokkem et al. [Ferdous2019][Bokkem2019] noted that according to evaluation criteria, i.e., SSI properties, identity systems characterized as SSI in most cases do not fully satisfy all identified properties, or the latter is not clear from the documentation. However, according to Bokkem et al. [Bokkem2019], some meet all the criteria [Allen2016][Stokkink2018], including Sora, ShoCard, SelfKey, LifeID, therefore are self-sovereign.

3 Analysis

In contrast to the aforementioned studies based on research by a handful of individuals (usually researchers), we focused on the opinion of experts in the field of decentralized and self-sovereign identity management, occupying different positions within different domain areas. We wanted to gain a broader view of the perception of the concept, its importance and determine which properties are the most important, even mandatory, for the implementation of SSI. Therefore, we have analyzed and classified identified properties, explored the SSI process, and conducted a questionnaire with the objective to (i) investigate the perceived level of importance of each identified SSI property, (ii) determine a set of the least and the most important properties, i.e., non-negotiables, and (iii) verify the appropriate classification/grouping of properties.

In addition, most of the studies presented in the previous section, use, critique, or extend Allen’s principles [Allen2016] that present their research starting point. In contrast, Ferdous [Ferdous2019] has derived properties from records and unofficial definitions of SSI published mainly on forums.

On the other hand, our study takes into account already defined properties. We optimize them and use them in the questionnaire, consequently dealing with a larger set of properties.

3.1 Properties

Literature review and our preliminary research showed inconsistencies among identified properties, their naming, and definitions of various authors. Therefore, we gathered a list of predefined properties presented in the previous section. For each, we collected all the definitions, analyzed them in detail, and extracted key features. Afterwards, some properties were grouped, some were eliminated, and some were added, as we observed that properties of different authors overlap. A final set of properties, accompanied by their definitions/summarizations, was defined and is presented in Table 2.

Table 1 shows the results of the analysis, including similarities and differences in naming between defined sets of properties. We have combined the overlapping ones. Therefore, properties that describe the same thing and are named differently were treated as one while we have adopted more appropriate naming. Each table row represents one property according to the similarity of collected definitions, while differences in naming can be observed between different authors. Consequently, properties (i) Existence and Representation, (ii) Ownership and Control, (iii) Accessibility and Availability, (iv) Security and Protection, and (v) Decentralization and Autonomy were combined. On the other hand, property Equity and Inclusion was eliminated, while properties Recoverability and Compatibility with legacy systems were added. Thus, our rationale is explained below.

Allen [Allen2016] Sovrin [Sovrin2021] Toth and Anderson-Priddy [Toth2019] Stokkink and Pouwelse [Stokkink2018] Ferdous et al. [Ferdous2019] Final set of properties
Existence Representation Existence* Existence Existence (and Representation)
Control Control Control* Control* Ownership Ownership and
& Agency Choosability Control
Access Usability, Access* Access* Access Accessibility and
Accessibility, and Consistency Availability Availability
Transparency Transparency Transparency* Transparency Transparency
Persistence Persistence* Persistence* Persistence Persistence
Portability Portability Portability* Portability* Portability Portability
Interoperability Interoperability Interoperability* Interoperability* Interoperability Interoperability
Consent Participation Consent* Consent* Consent Consent
Minimalization Privacy and Minimalization* Minimalization* Disclosure Privacy and
Minimal Minimisation Minimal
Disclosure Disclosure
Protection Security Secure identity Protection* Protection Security and
transfer Protection
Secure
transactions
Counterfeit
prevention
Decentralization Autonomy Decentralization and Autonomy
Equity and
Inclusion
Verifiability and Identity Provability Verifiability and
Authenticity verification Authenticity
Identity
assurance
Usability, Usability Usability and
Accessibility, and Consistency User Experience
Single Source Single source
Standard Standard
Cost Cost
Recoverability
Compatibility (with legacy systems)

* = Coincides with Allen’s principle [Allen2016].

Table 1: Comparison of identified properties in various sources.

Recoverability was derived from Availability, defined by Ferdous et al. [Ferdous2019], since we believe it is the important property itself and has already been recognized as crucial challenge that needs to be tackled [Muhle2018][Soltani2019][Naik2020a][Bernabe2019][Aydar2019]. While traditional, central, and federated identity models provide key-management approaches based on a trusted third party, under the SSI model, the responsibility for key and wallets management is under the control of identity holders [Soltani2019], allowing self-sovereignty but poses risks and challenges that can greatly influence user experience and the adoption of SSI solutions. With control, a lot of responsibility is transferred to users, that can not rely on the support of central authorities in case of problems (e.g., forgotten private keys, phone loss, digital wallet vulnerability, etc.). Therefore, one of the key challenges is related to the development of appropriate and effective mechanisms for managing and recovering decentralized identities, as the lack of appropriate protocols for their management and recovery can lead to vulnerability, data loss, and fraud [Soltani2019][Bernabe2019].

Property Compatibility with legacy systems, was derived from property Interoperability, defined by Ferdous et al. [Ferdous2019] addressing compatibility with existing government systems, e.g., Federal Public Key Infrastructures (FPKI). We believe legacy systems will become obsolete and gradually be replaced by SSI systems, but their compatibility with SSI is more convenient in the early stages of adoption. Therefore, mentioned properties should be separated, as properties are not contingent on each other while carrying different levels of importance. However, both can facilitate wider acceptance.

We have explained only the reasons for adding new properties. The remaining properties are presented in Table 2 and will not be addressed further at this point since they have been analyzed in detail by other authors and are quite self-explanatory.

Property Definition*
Existence and Representation Entities must have an independent existence. They should be able to create as many identities as required without the intervention of a third party.
Decentralization and Autonomy Entities must have full autonomy over their identity data without relying on any third party (centralized system). They should be responsible for managing all operations related to their identity and data (creating, storing, updating, sharing, removing).
Ownership and Control Entities must own and fully control their digital identities and the involved data (e. g. self-asserted claims or claims provided by third parties, identifiers, encryption keys). They should be able to control the usage/sharing of their identity data and delegating control to autonomous agents and/or guardians of their choice.
Privacy and Minimal Disclosure Entities should be able to protect their privacy by utilizing selective disclosure and data minimization. They should be able to disclose the minimum amount of identity data required for any particular interaction.
Single source Entities should be the single source of truth regarding their identities. They should be able to create self-asserted claims, accumulate claims from third parties, and distribute them when required. Third parties shouldn’t be able to exchange entities’ data without their knowledge and consent.
Consent Entities should be able to give deliberate and well-understood consent for the usage/sharing of their identity data (e. g. consenting to accept data, related to their identity).
Security and Protection Digital identity should be secure and well protected with reliable cryptographic mechanisms. Entities must be properly authenticated and authorized prior, to be able to use their digital identity. Any identity information must be transmitted/transferred via a secure channel to prevent cyber attacks.
Verifiability and Authenticity Entities must be able to reliably prove their identity. They must provide verifiable proof of authenticity of digital identity data. Relying parties should be able to verify that digital identities are controlled by their owners and haven’t been tampered with.
Accessibility and Availability Entities must have unrestricted access to their identity information. They must be able to retrieve claims and assertions (self-asserted or provided by a third party) that constitute their identity and must be accessible and available from different platforms when required.
Recoverability Identity must be robust enough to be recoverable.
Usability and User Experience The usability of agents and other identity system components should be maximized. User interfaces should allow entities to intuitively, reliably, and effectively control, manage, and use their identities. It should offer a consistent user experience, hide underlying complexity, and should be easy to use.
Transparency

The identity system and algorithms must be transparent enough for every involved entity. They should be free, open-source, well-known, and independent of any particular architecture. Entities should be well aware of all their partial identities and their corresponding interactions.

Standard Identities must be based on open standards to ensure maximal portability, interoperability, and persistence. Entities should be represented, exchanged, secured, protected, and verified using open, public, and royalty-free standards.
Persistence Identities must be persistent and should exist for at least as long as it is required by their owner. Longevity and the dynamic nature require firm separation between identity and its claims that can be modified or removed as appropriate.
Portability Identities must be portable. Entities should be able to securely move or transfer their identity data to agents or systems of their choice. Portability ensures entities’ control over their data and improves persistence over time.
Interoperability Identities must be as widely usable/available as possible and not limited to a specific domain. Global identities might increase persistence and identity autonomy.
Compatibility with legacy systems Identity should be backward compatible with legacy identity systems to ensure quicker acceptance.
Cost The cost of identity creation, management, and adoption should be minimized.
Table 2: Self-Sovereign Identity properties and their definitions.

* Due to their use in the questionnaire, we tried to shorten the definitions as much as possible, but we tried to keep their essence.

3.2 Classification

Existing classifications [Ferdous2019][Sovrin2017] offer different views on SSI properties. However, they do not cover the entire set of properties identified by our analysis, so they should be adjusted accordingly. Additionally, the Foundational category proposed by Ferdus et al. includes properties that we believe should initially be redistributed among other defined categories and highlighted as key properties.

Hence, after the analysis, 18 properties were obtained and classified into five categories, namely, (i) Controllability, (ii) Privacy, (iii) Security, (iv) Usability and User Experience (UX), and (v) Adoption and Sustainability. The properties belonging to each category are presented in Table 3.

Controllability Privacy Security Usability and UX Adoption and Sustainability
Existence and Privacy and Minimal Security and Accessibility and Transparency
Representation Disclosure Protection Availability
Decentralization and Single source Verifiability and Recoverability Standard
Autonomy Authenticity
Ownership and Consent Usability and User Persistence
Control Experience
Portability
Interoperability
Compatibility with
legacy systems
Cost
Table 3: SSI properties classification.

(i) The category Controllability combines properties that allow entities to gain control over their identity and includes the following: Existence and Representation, Decentralization and Autonomy, Ownership and Control. The latter is essential as SSI is a decentralized identity approach that enables entities to fully control their digital identities without reliance on any external authority. (ii) Properties grouped under the Privacy category allow individuals to maintain privacy while interacting with third parties over the internet by providing or disclosing the minimum identity information required for specific interaction. Meanwhile, the latter can only be shared with consent from its identity holder/subject. Therefore it includes properties Privacy and Minimal Disclosure, Single source, and Consent. (iii) The properties grouped in the Security category are dealing with the security of identity data. The category focuses mainly on authentication and authorization while providing security in every step of digital interaction, dealing with identity data. It includes Security and Protection, and Verifiability and Authenticity. (iv) Usability and User Experience mainly address user interfaces, e.g., agents, their design, usability, availability, accessibility, and ease of use. The category includes properties that can significantly affect the differentiation between successful and unsuccessful systems according to users’ experience. (v) Properties group under category Adoption and Sustainability can ensure quicker and wider acceptance of SSI. Since Transparency and Standard instill trust in people while ensuring Portability, Interoperability, and Persistence. Minimal cost and Compatibility with legacy systems are convenient and desirable, especially in the early stages of adoption.

3.3 Process flow

In addition to identified properties and their classification, we have found some use cases of SSI applied in various domains [Ferdous2019][DIDusecase]. By analyzing and observing them, we have noticed that the process can be generalized. Moreover, properties can be connected to specific steps in the process flow.

Therefore, in this section, we explore the general SSI process flow in terms of (i) identifier (DID) generation [DIDs], (ii) acquisition of verifiable credentials (VCs) from identity issuers [VCs], (iii) storage of VCs, and (iv) interaction with verifiers through verifiable presentations (VPs) to determine in which steps identified properties are paramount. The process and connected properties are presented in Figure 2.

Figure 2: The general SSI process flow and connected properties.

Each interaction requires establishing a pairwise, secure DID connection between interacting parties. Therefore, DID creation is a crucial step, as DIDs are identifiers, enabling verifiable decentralized identity. Empowering entities (e.g. individuals, organizations, and things) with Existence and Representation while providing Verifiability and Authenticity.

Afterwards, the user, i.e, identity holder can either (i) request to access the service or (ii) request assertion (verifiable credential consisting of one or several claims) from identity issuers. (i) When acquiring service, the proof request is indeed needed. Allowing the service provider to proceed with identification and verification. If the identity holder has all the required credentials, he/she can proceed with the process by submitting a verifiable presentation that enhances privacy and allow users to disclose only the minimum amount of identity data required for the interaction. Hence, verifiable presentations facilitate Ownership and Control, Privacy and Minimal Disclosure, Consent, and are retrieved and validated by the service provider, where thorough Verifiability and Authenticity are required. (ii) Otherwise, he/she must obtain the appropriate assertions (VCs) from trustworthy issuers. VCs are then stored in the user’s digital wallet, i.e., agent, along with identifiers, and can be presented as needed. Meanwhile, remaining under the user’s control, reinforcing autonomy and ownership of identity and associated identity data. Storing identity data by users themselves largely preserves the following properties: Ownership and Control, Decentralization and Autonomy, and enable Accessibility and Availability allowing unrestricted access and control of its own data. While the Availability must also be ensured when interacting with issuers in the process of obtaining assertions.

Transferring identity data from one wallet to another enables Portability while repeating the whole process of obtaining credentials and accessing services from another device endows Interoperability. That is also crucial for the interaction between different digital wallets and agents in possession of each entity.

In the event of problems, such as forgotten private keys, phone loss, digital wallet vulnerability, etc., Recoverability enables users to successfully recover identity data without having to reacquire previously obtained credentials.

Security and Protection, Usability, and a good User Experience must be ensured throughout the entire SSI process.

On the other hand, some properties cannot be applied to a specific process step, so there is a noticeable demarcation between process properties and general properties that include Transparency, Standard, Persistence, Compatibility with legacy systems, and Cost. Thus general process properties are omitted from Figure 2.

4 Expert validation

4.1 Methodology

A set of 18 properties and their classification obtained and presented in the previous section was used in the questionnaire, which is the main research method used in this study.

A two-part questionnaire about Self-Sovereign Identity (SSI) was conducted from 1st April to 21st May 2021 among experts in the field of decentralized and self-sovereign identity management. The experts were carefully chosen through dedicated projects, groups, organizations, and/or forums, dealing with the topic of decentralized and/or self-sovereign identities. Its aim was to gain a broader insight into the perception of the SSI concept and its properties. Moreover, it was used to validate the final set of properties and the categorization by experts.

Objectives: The goal of the survey was to investigate if identified properties, their naming, and definition, as well as proposed classification, are consistent with the opinion of the respondents. Moreover, the goal was to determine the perceived level of importance of identified properties, determine the most and least important properties, and provide their classification according to perceived relevance and scope. Furthermore, while obtaining experts’ opinions, the goal was to identify additional concerns, inconsistencies, misunderstandings, and properties that might have been overlooked.

Questionnaire structure: The questionnaire consisted of two parts. The first part was dedicated to obtaining demographic data in order to provide an appropriate profile of respondents, while the second part dealt with SSI properties and their classification. For each property, a definition (Table 2) was given at the beginning to provide the context and proper understanding. It was followed by three questions related to the level of importance and classification. With the first one, we were trying to measure the perceived level of importance of each property with the Likert scale consisting of the following Likert items (i) Not important (Irrelevant), (ii) Slightly important (Unnecessary), (iii) Moderately important (Useful), (iv) Important (Desirable), (v) Very important (Mandatory). The second question was addressing classification as we were trying to determine if our classification (Table 3) is appropriate or not. Thus, the respondents had the opportunity to agree with the proposed classification or select another category (Privacy, Security, Usability and UX, Adoption and Sustainability, Controllability, Flexibility, Other). Moreover, the respondents were able to choose more categories listed or propose a new one. The last, open-ended question allowed the respondents to express their opinions, concerns, ask questions or leave comments regarding a change in categorization, naming, or definition suggestion. After the first set of questions related to a specific property, a general question followed in which respondents had to choose the top five properties that they find most important for the field of SSI.

Participants and procedures: The questionnaire was designed using an online surveying tool (1ka.si) and was available between 1st April and 21st May 2021. It was sent to the experts in the field of decentralized and self-sovereign identity management via email and was also posted on online platforms in relevant groups to increase its reach. Moreover, the appropriate profile of respondents was guaranteed by employing an extra set of questions regarding demographic data addressing respondents’ work experience, job position, the field of work, experience in the field of IdM and SSI, and place of residence. That approach ensured that they have at least some experience in the field of decentralized and self-sovereign identity management.

Forty-four respondents participated in the survey. Among them, 12 (27,3 %) dropped out before answering questions regarding SSI and were excluded from the analysis. The survey was partially answered by 5 (11,4 %) and fully by 27 (61,4 %), 32 (72,7 %) respondents in total. Thus, the latter was taken into account accordingly.

The majority of the respondents have IT (11 respondents - 34 %) and research (10 respondents - 31 %) related positions, followed by business-related (5 respondents 18 %) ones. More than half of the respondents (18 respondents, 56 %) work in the IT field while remaining work in the field of Science, Healthcare, Education, Government and Public Service, Business, Sales, Management, Agriculture, and Retail.

Regarding the number of years of experience in the field of IdM, 6 (18,8 %) respondents have less than a year of experience, while the majority (13 respondents - 40,6 %) have from 1 to 5 years of experience. Four (12,5 %) from 6 to 10 years, five (15,6 %) from 11 to 20 years and four (12,5 %) more than 20 years of experience IdM.

Limitations: The study is limited to 18 properties that were included in the questionnaire and presented in Section 3.1. It is also limited to classification presented in Section 3.2. However, an additional category, namely Flexibility, was offered as it was introduced beforehand by [Ferdous2019]. Moreover, participants were able to suggest new categories and/or choose multiple categories. The number of respondents that took part in the questionnaire (32) presents another limitation. Therefore, a larger number of respondents would mean a greater validity of the results and a greater possibility of generalization. Nevertheless, as the field of SSI is a young research field, we were striving to receive truly experts in it, thus not forcing the increase of respondents by broadening the experts’ scope. Although, further discussion and research will be needed to be able to offer bulletproof/solid classification. Therefore we defined the results as towards the classification.

4.2 Results and discussion

4.2.1 Perceived level of importance

Concerning the perceived level of importance (Table 4), the average values for most properties are above the value of 4.00 (varying between 4.00 and 4.86), which means that most consider these properties to be either important (desirable) or very important (mandatory). The exceptions are Cost (AVG = 3.96) and Compatibility with legacy systems (AVG = 3.67), with an average value of less than 4.00. Cost is mostly perceived as important (desirable) or very important (mandatory) property, while Compatibility with legacy systems is perceived as either important (desirable) or moderately important (useful).

Property Top 5 1 2 3 4 5 AVG SD Rank* Rank**
Security and Protection 13 0 0 1 2 26 4.86 0.44
48.15% 0.00% 0.00% 3.45% 6.90% 89.66%
Verifiability and 15 0 0 1 4 23 4.79 0.50
Authenticity 55.56% 0.00% 0.00% 3.57% 14.29% 82.14%
Privacy and Minimal 16 0 0 1 5 23 4.76 0.51
Disclosure 59.26% 0.00% 0.00% 3.45% 17.24% 79.31%
Standard 8 0 0 2 7 18 4.59 0.64
29.63% 0.00% 0.00% 7.41% 25.9% 66.67%
Consent 7 0 1 2 6 20 4.55 0.78
25.93% 0.00% 3.45% 6.90% 20.69% 68.97%
Recoverability 4 0 0 2 9 16 4.52 0.64
14.81% 0.00% 0.00% 7.41% 33.33% 59.26%
Ownership and Control 15 2 0 1 5 21 4.48 1.09
55.56% 6.90% 0.00% 3.45% 17.24% 72.41%
Portability 4 0 0 4 10 13 4.33 0.73
14.81% 0.00% 0.00% 14.81% 37.04% 48.15%
Accessibility and 3 0 1 4 7 15 4.33 0.88
Availability 11.11% 0.00% 3.70% 14.81% 25.93% 55.56%
Persistence 0 0 1 4 7 15 4.33 0.88
0.00% 0.00% 3.70% 14.81% 25.93% 55.56%
Interoperability 13 0 0 3 13 11 4.30 0.67
48.15% 0.00% 0.00% 11.11% 48.15% 40.74%
Usability and User 7 1 0 0 15 11 4.30 0.82
Experience 25.93% 3.70% 0.00% 0.00% 55.56% 40.74%
Transparency 4 1 0 2 12 12 4.26 0.90
14.81% 3.70% 0.00% 7.41% 44.44% 44.44%
Existence and 5 2 1 1 11 17 4.25 1.11
Representation 18.52% 6.25% 3.13% 3.13% 34.38% 53.13%
Decentralization and 14 3 0 4 7 15 4.07 1.28
Autonomy 51.85% 10.34% 0.00% 13.79% 24.14% 51.72%
Single source 1 2 1 5 8 13 4.00 1.20
3.70% 6.90% 3.45% 17.24% 27.59% 44.83%
Cost 3 1 2 4 10 10 3.96 1.09
11.11% 3.70% 7.41% 14.81% 37.04% 37.04%
Compatibility with 0 0 1 10 13 3 3.67 0.73
legacy systems 0.00% 0.00% 3.70% 37.04% 48.15% 11.11%

1 = Not important (Irrelevant); 2 = Slightly important (Unnecessary); 3 = Moderately important (Useful); 4 = Important (Desirable);

5 = Very important (Mandatory); AVG = Average; SD = Standard Deviation

** = Rank based on the average level of importance [1-5], taking into account standard deviation

*** = Rank based on 5 most important properties

  Most important properties   Least important properties

Table 4: Importance level of identified SSI properties versus top five most important properties chosen.
Figure 3: Perceived level of importance of properties.

The majority, precisely more than half of the respondents consider the following properties to be very important (mandatory): Security and Protection (26 - 89.66%), Verifiability and Authenticity (23 - 82.14%), Privacy and Minimal Disclosure (23 - 79.31%), Ownership and Control (21 - 72.41%), Consent (20 - 68.97%), Standard (18 - 66.67%), Recoverability (16 - 59.26%), Persistence (15 - 55.56%), Accessibility and Availability (15 - 55.56%), Existence and Representation (17 - 53.13%) and Decentralization and Autonomy (15 - 51.72%), while, Portability, Interoperability, Transparency, Cost, Single source, Usability and User Experience are almost equally distributed between being important and very important.

In general, most respondents believe that identified properties are moderately important (useful), important (desirable), or very important (mandatory). However, there are some negligible outliers. Thus, some variability may be observed. The largest deviations occur in the perceived level of importance of properties Decentralization and Autonomy (SD = 1.28), Single source (SD = 1.20), Existence and Representation (SD = 1.11), Cost (SD = 1.09), and Ownership and Control (SD = 1.09). While the smallest deviation is at Security and Protection (SD = 0.44), Verifiability and Authenticity (SD = 0.50), Privacy and Minimal Disclosure (SD = 0.51).

According to the average value (AVG), taking into account the standard deviation (SD), the properties can be arranged in order according to the perceived level of importance, as shown in Table 4 (Rank*), despite the extremely small differences between the average values. Thus, the five most important properties are (i) Security and Protection (AVG = 4.86, SD = 0.44), (ii) Verifiability and Authenticity (AVG = 4.79, SD = 0.50), (iii) Privacy and Minimal Disclosure (AVG = 4.76, SD = 0.51), (iv) Standard (AVG = 4.59, SD = 0.64), and (v) Consent (AVG = 4.55, SD = 0.78).

Properties can be also ranked according to a selection of five properties that respondents find most important (i. e. Top 5) for SSI systems.The sequence is displayed in Table 4 (Rank**). Therefore, the most important properties according to this metric are (i) Privacy and Minimal Disclosure (16 - 59.26% respondents), (ii) Verifiability and Authenticity (15 - 55.56% respondents), (iii) Ownership and Control (15 - 55.56% respondents), (iv) Decentralization and Autonomy (14 - 51.85% respondents), (v) Security and Protection (13 - 48.15% respondents) and (vi) Interoperability (13 - 48.15% respondents). Followed by Standard and Consent that are among top 5 properties of Rank*. The most and least important properties as well as their intersection are presented in Figure 4.

Figure 4: The most and least important properties of both rankings.

A high correlation between both rankings can be observed ( = 0.6). While there is no deviation between the ranking of four properties (Verifiability and Authenticity, Transparency, Single source, Compatibility with legacy systems), the minor differences between both ranks of other properties exist and can be observed in Table 4.

The inconsistency in the ranking is extremely prominent for property Decentralization and Autonomy. The property ranks 15th in terms of the first ranking (Rank*) and 4th in the second ranking (Rank**), with an astonishing 11th place difference. This could be related to the already mentioned variability (SD = 1.28). The property was ranked among the 5 most important by 51.85% of respondents. On the other hand, 10.34% of respondents believe that it is not important (irrelevant), and 13.79% that it is only moderately important (useful).

Hence, according to the first ranking based on the perceived level of importance, property Decentralization and Autonomy falls into the five least important properties. On the other hand, according to the second ranking, based on the selection of most important properties, it is considered as being one of the five important properties of SSI.

Regardless, minor differences between the average values (SD = 0.31) suggest that in general, all of the properties are important to some extent and must be considered before SSI system implementation.

4.2.2 Classification

Regarding classification, the majority of the respondents agree with the proposed categorization of individual properties, presented in Table 3. All agree with the categorization of Ownership and Control, Privacy and Minimal Disclosure, Security and Protection, Verifiability and Authenticity, Usability and User Experience, Standard, Portability, Interoperability, Compatibility with legacy systems, and Cost, while 96.30% of respondents concur with the proposed categorization of the rest properties (Table 5), meaning that one individual does not agree with properties placements. Overall, these outliers represent 4 individuals (out of 32 respondents) who have chosen a combination of the remaining categories instead of the proposed category.

This indicates confirmation or agreement with our categorization. However, the respondents chose several categories on average (AVG = 1.84, SD = 1.14) instead of one, which is not surprising since respondents had the option to change the proposed category by choosing one or several categories or propose a new one.

Property C1 C2 C3 C4 C5 C6 C7 AVG SD 1
Existence and 31 17 6 5 6 5 2 2.25 1.48 19
Representation 96.88% 53.13% 18.75% 15.63% 18.75% 15.63% 6.25% 59.38%
Decentralization and 28 16 10 6 7 4 2 2.52 1.33 20
Autonomy 96.55% 55.17% 34.48% 20.69% 24.14% 13.79% 6.90% 68.97%
Ownership and 29 14 12 5 3 3 0 2.28 1.31 18
Control 100.00% 48.28% 41.38% 17.24% 10.34% 10.34% 0.00% 62.07 %
Privacy and Minimal 10 29 7 3 3 3 0 1.90 1.21 15
Disclosure 34.48% 100.00% 24.14% 10.34% 10.34% 10.34% 0.00% 51.72%
Single source 9 28 6 3 2 3 1 1.79 1.01 14
31.03% 96.55% 20.69% 10.34% 6.90% 10.34% 3.45% 48.28%
Consent 15 28 5 5 8 2 0 2.17 1.23 19
51.72% 96.55% 17.24% 17.24% 27.59% 6.90% 0.00% 65.52%
Security and 3 3 29 3 6 0 0 1.52 1.18 6
Protection 10.34% 10.34% 100.00% 10.34% 20.69% 0.00% 0.00% 20.69%
Verifiability and 5 2 28 4 6 3 1 1.75 1.32 12
Authenticity 17.86% 7.14% 100.00% 14.29% 21.43% 10.71% 3.57% 42.86%
Accessibility and 7 0 1 26 6 3 0 1.59 0.80 12
Availability 25.93% 0.00% 3.70% 96.30% 22.22% 11.11% 0.00% 44.44%
Recoverability 6 1 11 26 11 5 0 2.22 1.22 19
22.22% 3.70% 40.74% 96.30% 40.74% 18.52% 0.00% 70.37%
Usability and User 2 3 3 27 10 4 0 1.81 1.24 13
Experience 7.41% 11.11% 11.11% 100.00% 37.04% 14.81% 0.00% 48.15%
Transparency 3 5 8 4 26 4 0 1.85 1.32 11
11.11% 18.52% 29.63% 14.81% 96.30% 14.81% 0.00% 40.74%
Standard 2 1 5 3 27 5 0 1.59 0.89 10
7.41% 3.70% 18.52% 11.11% 100.00% 18.52% 0.00% 37.04%
Persistence 4 4 3 2 26 2 0 1.52 0.98 7
14.81% 14.81% 11.11% 7.41% 96.30% 7.41% 0.00% 25.93%
Portability 6 1 0 7 27 7 0 1.78 1.09 11
22.22% 3.70% 0.00% 25.93% 100.00% 25.93% 0.00% 40.74%
Interoperability 3 0 2 6 27 7 0 1.67 0.96 10
11.11% 0.00% 7.41% 22.22% 100.00% 25.93% 0.00% 37.04%
Compatibility with 3 0 1 5 27 5 0 1.52 0.94 8
legacy systems 11.11% 0.00% 3.70% 18.52% 100.00% 18.52% 0.00% 29.63%
Cost 2 0 2 3 27 2 0 1.33 0.96 4
7.41% 0.00% 7.41% 11.11% 100.00% 7.41% 0.00% 14.81%

C1 = Controllability; C2 = Privacy; C3 = Security; C4 = Usability and UX; C5 = Adoption and Sustainability; C6 = Flexibility;

C7 = Other; AVG = The average number of chosen categories; SD = Standard Deviation of chosen categories; 1 = More than one category chosen

  Agreement with our categorization

Table 5: Categorization of SSI properties according to proposed categories.

The greatest variability in chosen categorization is observed in Existence and Representation (AVG = 2.25, SD = 1.48), Decentralization and Autonomy (AVG = 2.52, SD = 1.33), Verifiability and Authenticity (AVG = 1.75, SD = 1.32), Transparency (AVG = 1.85, SD = 1.32), and Ownership and Control (AVG = 2.28, SD = 1.31), where the biggest discrepancies occur. On the other hand, less variability and thus greater agreement is detected in the categorization of properties Accessibility and Availability (AVG = 1.59, SD = 0.80), Standard (AVG = 1.59, SD = 0.89), Compatibility with legacy systems (AVG = 1.52, SD = 0.94), Cost (AVG = 1.33, SD = 0.96), Interoperability (AVG = 1.67, SD = 0.96) and Persistence (AVG = 1.52, SD = 0.98), where more than 55.50% of respondents have chosen only one category.

The results reflect the nature of the properties that intertwine and complement each other, making their clear demarcation and categorization difficult. For some properties, the complementarity is particularly prominent, reflecting in several chosen classification categories. This is especially noticeable with the following properties, Recoverability (70.37%), Decentralization and Autonomy (68.97%), Consent (65.52%), Ownership and Control (62.07%), Existence and Representation (59.38%), and Privacy and Minimal Disclosure (51.72%), where more than half of the respondents chose several categories.

For the following properties: Security and Protection, Verifiability and Authenticity, Accessibility and Availability, Transparency, Standard, Persistence, Portability, Interoperability, Compatibility with legacy systems, and Cost, the choice of one category prevails. More than 90% of respondents agree with our categorization, while the choice of the remaining categories is less than 30%. For other properties, in addition to the proposed category, 30% or more respondents choose one or two additional categories, while the choice of the remaining categories is less than 30%. Distribution between chosen categories is as follows: Existence and Representation (Controllability - 96.88%, Privacy - 53.13%), Decentralization and Autonomy (Controllability - 96.55%, Privacy - 55.17%, Security - 34.48%), Ownership and Control (Controllability - 100.00%, Privacy - 48.28%, Security - 41.38%), Privacy and Minimal Disclosure (Controllability - 34.48%, Privacy - 100.00%), Single source (Controllability - 31.03%, Privacy - 96.55%), Consent (Controllability - 51.72%, Privacy - 96.55%), Recoverability (Security - 40.74%, Usability and User Experience - 96.30%, Adoption and Sustainability - 40.74%), Usability and User Experience (Usability and User Experience - 100.00%, Adoption and Sustainability - 37.04%).

The precise distribution of categories to which respondents believe each property belongs can be observed in Table 5 and is visually presented in Figure 5.

Figure 5: Classification of properties based on respondents opinion.

4.2.3 Discussing properties

The definitions presented in Table 2 were intentionally abbreviated as much as possible due to their use in the questionnaire. In this section, we want to enhance them in accordance with the results and comments of the respondents. As we obtained valuable insights from experts in the field of IdM and SSI, expressing their concerns and possible misunderstandings of an individual property.

Below you can find properties that have either (i) required an extension or correction of the definition or (ii) have required additional discussion reflecting obtained results, while other properties are intentionally omitted.

Definitions are italicized in quotation marks. Changes are bold, while parts that need to be removed are crossed out. Afterward, a discussion in added in normal fonts.

Existence and Representation: ”Entities must have an independent existence. They should be able to create as many identities as required without the intervention of a third party.”
Entities should be allowed to generate/create identifiers (DIDs) for each interaction separately. This increases controllability, flexibility, and privacy as multiple identifiers reduce linkability while enabling entities to present themselves differently in different contexts. Security is also increased since dependency on trusted third parties is reduced. Moreover, entities can self-assert unlimited number of identities (verifiable presentations) without any third party involvement. However, trusted third parties are needed for issuing verifiable credentials and validation of ”true” identities, reducing fraud and impersonation. Note that identifier must not be confused and equated with identity.

Decentralization and Autonomy: ”Entities must have full autonomy over their identity data without relying on any third party (centralized system). They should be capable of being responsible for managing all operations related to their identity and data (creating, storing, updating, sharing, removing).”
While decentralization refers to the absence of central systems, autonomy refers to the management of identities (e. g., control over distribution/data disclosure/number of identities an entity possesses). Respondents noted a common misunderstanding of this principle. Thus, further discussion is needed at this point. In this definition, creation refers to identifiers and self-asserted credentials. As mentioned earlier, in order to attain a trusted identity, verifiable credentials still have to be obtained from third-party issuers. To prevent misunderstandings, we emphasize, an entity cannot issue itself, e.g., passports or other documents issued by government bodies or other institutions. It should also be emphasized that autonomy is not about individuals being completely independent of external third parties, but rather about being autonomous in creating identifiers and self-asserted credentials and being autonomous in interactions with other parties. Therefore, after obtaining verifiable credentials from trusted issuers, entities can autonomously store them, generate verifiable presentations and present them to third parties without issuers being aware of their usage, similar to the physical world.
Due to the above, it would make sense to separate autonomy and decentralization into two separate properties.

Another thing that should be pointed out is whether we should talk about full decentralization at all, as every credential issuer uses and relies on centralized systems and can not operate without them. Therefore, decentralization should be about minimizing and removing the strict dependence on a third party, not eliminating it entirely.

Ownership and Control: ”Entities must own and fully control their digital identities and the involved data (e. g. self-asserted claims or claims provided by third parties, identifiers, encryption keys). They should be able to control the usage/sharing of their identity data and delegating control to autonomous agents and/or guardians of their choice.”
We agree with the respondents that control and ownership should not be associated since data is controlled by individuals but owned by organizations (except self-asserted credentials). For instance, an education credential, driving license, passport, credit card, etc., are issued and owned by third-party institutions (issuers). But the subject of the credentials should be able to control how those credentials are stored and shared, which increases privacy and security. SSI enhances control, not ownership, therefore, the property should be corrected accordingly.

Privacy and Minimal Disclosure: ”Entities should be able to protect their privacy by utilizing selective disclosure and data minimization. They should be able to disclose the minimum amount of identity data required for any particular interaction.”
However, respondents point out the subjectivity of this property since the minimally required data set for particular interaction depends on the perception of participating parties and the risk of a particular transaction. Thus some formalization/rules must be enforced. Minimal Disclosure is also connected with Security and Controllability, since entities are in control over which data they are willing to share with third parties.

Single source: ”Entities should be the single source of truth regarding their identities. They should be able to create self-asserted claims, accumulate claims from third parties, control and distribute them when required. Third parties shouldn’t be able to exchange entities’ data without their knowledge and consent.”
However, it should be noted that some exceptions and concerns exist. First of all, the statement is predominantly true for individuals and businesses, not for things. Secondly, in some cases is either preferred or required to involve a trusted third party for (the help with) managing identity data (e. g., elderly, non-tech savvy people, minors, disabled people, pets, things, etc.) on behalf of the subject. Therefore, the subject of the credential is not always the controller. Thirdly, it is hard to enforce full copy protections and control the usage of data once a third party gathers it. Lastly, it is challenging to prevent governments and law enforcement from exchanging personally identifiable information (PII) about citizens and criminals. On the other side, commercial third parties should abide by the stated objective, which should be reinforced by legalization. Otherwise, exploitation of PII is inevitable.

Consent: ”Entities should be able to give deliberate and well-understood consent for the usage/sharing of their identity data (e. g. consenting to accept data, related to their identity). In addition, they should be able to withdraw/revoke that consent at a later date.
However, the statement is predominantly true for individuals and businesses, not for things. It affects privacy, allowing flexibility, and can positively influence the adoption by users.

Security and Protection: ”Digital identity should be secure and well protected with reliable cryptographic mechanisms. Entities must be properly authenticated and authorized prior, to be able to use their digital identity. Any identity information must be transmitted/transferred via a secure channel to prevent cyber attacks.”
Moreover, the rights of entities should be protected. Therefore, mechanisms that provide hard evidence regarding interaction, with sufficient assurance about the identity of both parties, should be available. Thus, the rights of entities can be protected by employing the appropriate precautions. Protecting entities from being sued or protect them from facing claims regarding interactions they had not taken part in or were forced/coerced to take part in. Thus, we believe Security and Protection should be separated into two properties, as Security is focusing on technology while Protection is addressing protection of entities and their rights.

Recoverability: ”Identity must be robust enough to be recoverable.”
However, concerns regarding potential security vulnerability were expressed. They are addressing the possibility of attackers obtaining secrets required for recovering identity information. Concerns are also related to the portability of identity information from one device to another. As recoverability often introduces a security risk, beforehand risk assessment is required. On the other hand, this property can be totally omitted if obtaining verifiable credentials is so simplified that it does not impose an excessive burden on entities, thus recovering identity could be done by starting over.

Usability and User Experience: ”The usability of agents and other identity system components should be maximized. User interfaces should allow entities to intuitively, reliably, and effectively control, manage, and use their identities. It should offer a consistent user experience, hide underlying complexity, and should be easy to use.”
A system that is not easy to use and is not useful will not be used, either widely adopted, while poor user interface/user experience can also contribute to human errors affecting security.

Persistence: ”Identities must be persistent and should exist for at least as long as it is required by their owner. Longevity and the dynamic nature require firm separation between identity identifiers and its claims that can be modified or removed as appropriate.”
As mentioned above, an identifier should not be equated with identity since identity consists of an identifier and connected identity data, requiring a change in definition.

Portability: ”Identities must be portable. Entities should be able to securely move or transfer their identity data to agents or systems of their choice. Portability ensures entities’ control over their data and improves persistence over time.”
However, concerns regarding the potential risk of fraud were expressed. Respondents believe that it should not be allowed to duplicate / port identity data to multiple platforms as portability could potently enable identity sharing that would allow multiple entities to use the same identity in different places at the same time.

Interoperability: ”Identities must be as widely usable/available as possible and not limited to a specific domain. Global identities Interoperability might increase persistence and identity autonomy and can be best achieved with standardization.
In the above definition, with the term ”global identity” we were trying to suggest that entities can create identities that can be used anywhere and are not limited to a specific domain. To prevent misunderstandings identified with a questionnaire, the term was replaced.

Compatibility with legacy systems: ”Identity should be backward compatible with legacy identity systems to ensure quicker acceptance.”
However, we agree with the respondent about legacy systems becoming obsolete and being replaced by SSI systems in the future. Therefore, we believe this property is useful, but definitely not mandatory.

Cost: ”The cost of identity creation, management, and adoption should be minimized. The benefits of SSI must substantially outweigh the costs, otherwise, adoption might be hindered.
Therefore, addressing transactions fees when using public blockchains, like bitcoin, should be considered. To minimize costs, the majority of data should be stored off-chain. While specialized blockchains, like Hyperledger Indy can be used for storing encrypted proof.

Based on the results obtained from the questionnaire and based on the above analysis, we have prepared a final list of properties, their definition, and classification.

5 Discussion

This section presents a final set of SSI properties, their definition, and classification, after combining the results of deductive and inductive approaches. Properties defined in subsection 3.1 and their classification, provided in subsection 3.2, are adjusted according to the findings of the validation phase and are presented in Table 6.

Property Definition Classification
Existence and Representation Entities must have an independent existence. They should be able to create as many identities as required without the intervention of a third party. Controllability, Privacy
Decentralization SSI system should not rely on any third-party centralized system. Controllability, Privacy, Security
Autonomy Entities must have full autonomy over their identity data without relying on any third party. They should be capable of being responsible for managing all operations related to their identity and data (creating, storing, updating, sharing, removing). Controllability, Privacy, Security
Control Entities must fully control their digital identities and the involved data (e. g. self-asserted claims or claims provided by third parties, identifiers, encryption keys). They should be able to control the usage/sharing of their identity data and delegating control to autonomous agents and/or guardians of their choice. Controllability, Privacy, Security
Privacy and Minimal Disclosure Entities should be able to protect their privacy by utilizing selective disclosure and data minimization. They should be able to disclose the minimum amount of identity data required for any particular interaction. Controllability, Privacy
Single source Entities should be the single source of truth regarding their identities. They should be able to create self-asserted claims, accumulate claims from third parties, control and distribute them when required. Third parties shouldn’t be able to exchange entities’ data without their knowledge and consent. Controllability, Privacy
Consent Entities should be able to give deliberate and well-understood consent for the usage/sharing of their identity data (e. g. consenting to accept data, related to their identity). In addition, they should be able to withdraw/revoke that consent at a later date. Controllability, Privacy
Security Digital identity should be secure and well protected with reliable cryptographic mechanisms. Entities must be properly authenticated and authorized prior, to be able to use their digital identity. Any identity information must be transmitted/transferred via a secure channel to prevent cyber attacks. Security
Protection The rights of entities should be protected by employing the appropriate precautions. Therefore, mechanisms that provide hard evidence regarding interaction, with sufficient assurance about the identity of both parties, should be available. Security
Verifiability and Authenticity Entities must be able to reliably prove their identity. They must provide verifiable proof of authenticity of digital identity data. Relying parties should be able to verify that digital identities are controlled by their owners and haven’t been tampered with. Security
Accessibility and Availability Entities must have unrestricted access to their identity information. They must be able to retrieve claims and assertions (self-asserted or provided by a third party) that constitute their identity and must be accessible and available from different platforms when required. Usability and UX
Recoverability Identity must be robust enough to be recoverable. Security, Usability and UX, Adoption and Sustainability
Usability and User Experience The usability of agents and other identity system components should be maximized. User interfaces should allow entities to intuitively, reliably, and effectively control, manage, and use their identities. It should offer a consistent user experience, hide underlying complexity, and should be easy to use. Usability and UX, Adoption and Sustainability
Transparency The identity system and algorithms must be transparent enough for every involved entity. They should be free, open-source, well-known, and independent of any particular architecture. Entities should be well aware of all their partial identities and their corresponding interactions. Adoption and Sustainability
Standard Identities must be based on open standards to ensure maximal portability, interoperability, and persistence. Entities should be represented, exchanged, secured, protected, and verified using open, public, and royalty-free standards. Adoption and Sustainability
Persistence Identities must be persistent and should exist for at least as long as it is required by their owner. Longevity and the dynamic nature require firm separation between identifiers and its claims that can be modified or removed as appropriate. Adoption and Sustainability
Portability Identities must be portable. Entities should be able to securely move or transfer their identity data to agents or systems of their choice. Portability ensures entities’ control over their data and improves persistence over time. Adoption and Sustainability
Interoperability Identities must be as widely usable/available as possible and not limited to a specific domain. Interoperability might increase persistence and identity autonomy and can be best achieved with standardization. Adoption and Sustainability
Compatibility with legacy systems Identity should be backward compatible with legacy identity systems to ensure quicker acceptance. Adoption and Sustainability
Cost The cost of identity creation, management, and adoption should be minimized. The benefits of SSI must substantially outweigh the costs, otherwise, adoption might be hindered. Adoption and Sustainability
Table 6: Self-Sovereign Identity final list of properties, their definitions and classification.

Underlined classification categories were originally proposed in section 2 by us. Other listed categories were additionally chosen by more than 30% of the experts.

6 Conclusion

With the growing interest in decentralized technologies in academia and industry, the number of proposed decentralized identity solutions is increasing rapidly. However, they do not always comply with the criteria that a Self-Sovereign Identity (SSI) system should possess. Furthermore, inconsistencies about the notion and importance of various SSI properties exist. Thus, this study aims to clarify any misunderstandings and distinguish between essential properties of SSI and properties that can be neglected, according to the perception of experts in the field of identity management and SSI. In addition, properties are classified into five categories, and a general SSI process is presented, highlighting process steps in which individual properties are important.

The results of our research show that majority of the identified SSI properties are perceived as being important (desirable) or very important (mandatory), with an average value above 4.00 (varying between 4.00 and 4.86) by the experts in the field of IdM and SSI. Security and Protection (AVG = 4.86), Verifiability and Authenticity (AVG = 4.79), Privacy and Minimal Disclosure (AVG = 4.76), Ownership and Control (AVG = 4.48) are considered as being mandatory. The exceptions (with an average below 4.0) are Cost (AVG = 3.96) and Compatibility with legacy systems (AVG = 3.67), which linger between being useful and desirable.

Regardless, we believe that whilst the implementation of the SSI solution, it is necessary to strive to meet as many SSI properties as possible while finding a balance between properties, requirements, and needs of each system individually. As mentioned in Section 2, meeting all the SSI properties is a challenging task. Most of the existing research that has analyzed systems, defined as SSI, do not fulfill all the properties, indicating that meeting all the properties is not always possible. Therefore, it is imperative to determine the essential properties that must be fulfilled to be labeled self-sovereign. At this point, our ranking and definition of the most important and least important properties come into play. According to our research, the most important properties are Security and Protection, Verifiability and Authenticity, Privacy and Minimal Disclosure, Ownership and Contol, Interoperability, Standard, and Consent. While the least important are Compatibility with legacy systems, Single source, Cost, Persistence, Accessibility and Availability, and Existence and Representation.

Regarding classification, the majority (95%) of the respondents agree with the proposed categorization (Controllability, Privacy, Security, Usability and User Experience, Adoption and Sustainability). However, several categories per property have been chosen on average, reflecting the nature of the properties that intertwine and complement each other, making their clear demarcation and categorization difficult. This is especially evident in the categories with the greatest variability.

In addition to large overlaps between SSI properties, there is still ambiguity regarding the understanding of the concept. Respondents’ comments indicate inconsistencies in the interpretation of individual properties. This is especially noticeable with properties Existence and Representation, Decentralization and Autonomy, Ownership and Control, and Single source, where the greatest variability regarding the perceived level of importance as well as variability in their classification is observed.

It should also be noted that presented properties primarily address situations dealing with individuals. Therefore future research should rethink and adapt principles to meet the needs and requirements of things and organizations/businesses. Moreover, it would be useful to determine which properties are eligible for each entity type (e.g., things, organizations/businesses, etc.) while highlighting similarities and differences. In addition, our future research might include improving this study by conducting an improved survey questionnaire that would (i) include a larger set of respondents and would (ii) involve our final, refined set of SSI properties.

7 Acknowledgments

This work was supported by the Slovenian Research Agency (Research Core Funding) under Grant P2-00577, and by the European Union’s Horizon 2020 research and innovation program under grant agreement No 870635 (DE4A).