SSIBAC: Self-Sovereign Identity Based Access Control

Ineffective data management practices pose serious issues to individuals and companies, e.g., risk of identity theft and online exposure. Self-sovereign identity (SSI) is a new identity management approach that ensures users have full control of their personal data. In this work, we alleviate data breach and user privacy problems by showing how SSI can fit within the context of established enterprise identity and access management technologies. In light of recent endeavors, we explore the use of decentralized identifiers, verifiable credentials, and blockchains that support SSI. We propose Self-Sovereign Identity Based Access Control (SSIBAC), an access control model for cross-organization identity management. SSIBAC leverages conventional access control models and blockchain technology to provide decentralized authentication, followed by centralized authorization. The access control process does not require storing user sensitive data. A prototype was implemented and evaluated, processing 55,000 access control requests per second with a latency of 3 seconds.