Master's Thesis Carsten Sehlke

Abstract

In the physical world, we are pretty used to identity management. We receive, keep, and share our ID cards and paper-based certificates on many occasions in our life.
Moving this credential life-cycle into the digital world while keeping it tamper-proofed, privacy-enabling, and putting the holder in complete control of the credential has not been easy. Therefore, many people came up with various approaches to tackle this issue.
This thesis develops a proof of concept integrated into the student information management system CAMPUSonline for issuing digitally verifiable credentials based on the ELMO data structure and transferring them to a student’s wallet. Further, we collect requirements specific to this CAMPUSonline integration and analyze currently available wallet software for verifiable credentials and their approaches for transferring these credentials from an organization’s application to the end-user’s wallet.
The result serves as a proof of concept implementation for issuing university degree certificates as digital credentials with self-sovereign identity ideals in mind. Furthermore, it highlights possible adaptions for a production-ready implementation and the limitations this prototype still has.

Keywords: Self-Sovereign Identity; Decentralized Identifier; Verifiable Credential; Digital Credential; ELMO; European Learning Model; CAMPUSonline; Student Information Management System; University Diploma Issuance Process

Research Questions

1. What implementation-specific requirements emerge from the process-specific ones for transforming the local student information system?
2. What is the current state of the art for issuing digitally verifiable credentials to clients?
   
   • What protocols for transferring verifiable credentials exist?
   • What kind of wallet software to store and manage verifiable credentials exists?
3. What data in the student information system CAMPUSonline is relevant, where is it located, and how can it be accessed?
4. What does it need to develop a module for the existing student information systems CAMPUSonline to issue verifiable credentials?
   
   1. What kind of additional hardware is necessary for this transformation?
   2. What kind of additional software is necessary for this transformation?
   3. Which configuration changes to the existing system are necessary, e.g., to the firewall or network settings?
   4. How is the verifiable credential delivered to the student's wallet?
5. To what extent does the implemented solution enable the automated issuance process of university degrees as verifiable credentials?
   
   1. What are the limitations of the prototype system?