A Self-Sovereign Identity Approach to Decentralized Access Control with Transitive Delegations
Authors: 
Pieter-Jan Vrielynck, Tim Van hamme, Rawad Ghostin, Bert Lagaisse, Davy Preuveneers, Wouter JoosenAuthors Info & Claims
Pieter-Jan Vrielynck, Tim Van hamme, Rawad Ghostin, Bert Lagaisse, Davy Preuveneers, Wouter JoosenAuthors Info & ClaimsPages 139 - 147
Abstract
In this paper, we introduce a new decentralized access control framework with transitive delegation capabilities that tackles the performance and scalability limitations of the existing state-of-the-art solutions. In order to accomplish this, the proposed solution is anchored in the self-sovereign identity (SSI) paradigm, which embodies a distributed identity management system. By adopting this paradigm, we obviate slow cryptographic premises such as identity-based encryption (IBE) that were used in prior work. Furthermore, we enhance the existing verifiable credentials (VCs) from this paradigm by introducing our own decentralized permission objects to support the concept of transitive delegations. This concept allows delegates to further delegate their access to resources with the same or fewer privileges to other entities within the framework. This renders our solution suitable for diverse scenarios, including applications in decentralized building access management. To the best of our knowledge, we are the first to introduce the concept of transitive delegations in this paradigm. Finally, our performance experiments show a performance enhancement of three orders of magnitude compared to the prevailing state-of-the-art solutions.
References
[1]
Dhiah el Diehn I. Abou-Tair and Ala' Khalifeh. 2022. Distributed Self-Sovereign-Based Access Control System. IEEE Security & Privacy, Vol. 20, 6 (2022), 35--42. https://doi.org/10.1109/MSEC.2022.3148906
[2]
Michael P Andersen, Sam Kumar, Moustafa AbdelBaky, Gabe Fierro, John Kolb, Hyung-Sin Kim, David E Culler, and Raluca Ada Popa. 2019. WAVE: A decentralized authorization framework with transitive delegation. In Proceedings of the 28th USENIX Security Symposium. Univ. of California, Berkeley, CA (United States), USENIX Association, 2560 Ninth St. Suite 215 Berkeley, CAUnited States, 1375 -- 1392.
[3]
Rafael Belchior, Benedikt Putz, Guenther Pernul, Miguel Correia, André Vasconcelos, and Sérgio Guerreiro. 2020. SSIBAC: self-sovereign identity based access control. In 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE, IEEE, Guangzhou, China, 1935--1943.
[4]
Sam Curren, Tobias Looker, and Oliver Terbu. 2022. DIDComm Messaging v2.0. DIF-Ratified Specification. DIF. https://identity.foundation/didcomm-messaging/spec/v2.0/.
[5]
Md Sadek Ferdous, Farida Chowdhury, and Madini O Alassafi. 2019. In search of self-sovereign identity leveraging blockchain technology. IEEE access, Vol. 7 (2019), 103059--103079.
[6]
Django Software Foundation. 2023a. Django Python web framework. https://www.djangoproject.com Retrieved March 11th, 2023 from
[7]
The Hyperledger Foundation. 2023b. Hyperledger Indy. https://www.hyperledger.org/use/hyperledger-indy Retrieved March 11th, 2023 from
[8]
Mike Jones, John Bradley, and Nat Sakimura. 2015. JSON Web Token (JWT). Internet Standards Track document. Internet Engineering Task Force (IETF). https://www.rfc-editor.org/rfc/rfc7519.
[9]
Ookla LLC. 2023. Speedtest Global Index - Median Country Speeds January 2023. https://www.speedtest.net/global-index Retrieved March 15th, 2023 from
[10]
Jakob Nielsen. 1993. Response Times: The 3 Important Limits. Technical Report. Nielsen Norman Group. Retrieved on March 8th, 2023 from https://www.nngroup.com/articles/response-times-3-important-limits/.
[11]
Government of British Columbia's Digital Trust Team. 2023. Hyperledger Aries Cloud Agent - Python. https://github.com/hyperledger/aries-cloudagent-python
[12]
Alex Preukschat and Drummond Reed. 2021. Self-sovereign identity. Manning Publications, Shelter Island, NY, USA.
[13]
Sara Rouhani and Ralph Deters. 2019. Blockchain Based Access Control Systems: State of the Art and Challenges. In IEEE/WIC/ACM International Conference on Web Intelligence (Thessaloniki, Greece) (WI '19). Association for Computing Machinery, New York, NY, USA, 423--428. https://doi.org/10.1145/3350546.3352561
[14]
Hafida Saidi, Nabila Labraoui, Ado Adamou Abba Ari, Leandros A Maglaras, and Joel Herve Mboussam Emati. 2022. DSMAC: Privacy-aware Decentralized Self-Management of data Access Control based on blockchain for health data. IEEE Access, Vol. 10 (2022), 101011--101028.
[15]
Manu Sporny, ave Longley, Markus Sabadello, Drummond Reed, Orie Steele, and Christopher Allen. 2022a. Decentralized Identifiers (DIDs) v1.0. W3C recommendation. W3C. https://www.w3.org/TR/did-core/.
[16]
Manu Sporny, Grant Noble, Dave Longley, Daniel C. Burnett, Brent Zundel, and Kyle Den Hartog. 2022b. Verifiable Credentials Data Model v1.1. W3C recommendation. W3C. https://www.w3.org/TR/vc-data-model/.
[17]
Kalman C. Toth and Alan Anderson-Priddy. 2019. Self-Sovereign Digital Identity: A Paradigm Shift for Identity. IEEE Security & Privacy, Vol. 17, 3 (2019), 17--27. https://doi.org/10.1109/MSEC.2018.2888782
[18]
Pieter-Jan Vrielynck, Emad Heydari Beni, Kristof Jannes, Bert Lagaisse, and Wouter Joosen. 2022. DeFIRED: Decentralized Authorization with Receiver-Revocable and Refutable Delegations. In Proceedings of the 15th European Workshop on Systems Security (Rennes, France) (EuroSec '22). Association for Computing Machinery, New York, NY, USA, 57--63. https://doi.org/10.1145/3517208.3523759
[19]
Min Xiao, Zhongyue Ma, and Tao Li. 2021. Privacy-Preserving and Scalable Data Access Control Based on Self-sovereign Identity Management in Large-Scale Cloud Storage. In Security, Privacy, and Anonymity in Computation, Communication, and Storage, Guojun Wang, Bing Chen, Wei Li, Roberto Di Pietro, Xuefeng Yan, and Hao Han (Eds.). Springer International Publishing, Cham, 1--18.
Index Terms
- A Self-Sovereign Identity Approach to Decentralized Access Control with Transitive Delegations
Recommendations
An Evaluation of Role Based Access Control Towards Easier Management Compared to Tight Security
ICFNDS '17: Proceedings of the International Conference on Future Networks and Distributed SystemsRole-based access control (RBAC) is a widely-used protocol to design and build an access control for providing the system security regarding authorization. Even though in the context of internet resources access, the authentication and access control ...
Domain Administration of Task-role Based Access Control for Process Collaboration Environments
IAS '09: Proceedings of the 2009 Fifth International Conference on Information Assurance and Security - Volume 01The fast evolving workflow technologies facilitate organizations to interact and cooperate with each other to achieve their business goals by process collaborations. Task-role based access control is an important security mechanism to protect data and ...
Towards Attribute-Centric Access Control: an ABAC versus RBAC argument
Recent developments in attribute-based access control have fueled the conventional debate regarding the pros and cons of Attributes-based access control ABAC versus Role-based access control RBAC. However, existing arguments have been primarily focused ...
Comments
Information & Contributors
Information
Published In
June 2024
205 pages
Copyright © 2024 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 25 June 2024
Check for updates
Author Tags
Qualifiers
- Short-paper
Conference
SACMAT 2024
Sponsor:
SACMAT 2024: The 29th ACM Symposium on Access Control Models and Technologies
May 15 - 17, 2024
TX, San Antonio, USA
Acceptance Rates
Overall Acceptance Rate 177 of 597 submissions, 30%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 93Total Downloads
- Downloads (Last 12 months)93
- Downloads (Last 6 weeks)15
Reflects downloads up to 15 Oct 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in