Identity management on the internet has been a problem since its origin, as there is no identity layer implemented. Nowadays, centralized institutions have a lot of power, such as Certifying Authorities (CAs) or identity providers (IDP), which makes them an attractive target to attack and manipulate the system or to control the identifiers of their users or customers. With the rise of blockchain technology, a new concept of identity management is evolving called Self-Sovereign Identity (SSI). This thesis provides an overview of the Self-Sovereign Identity ecosystem, its involved components, and implemented systems based on the DID methods to create a decentralized identity infrastructure on the internet.
The thesis starts with investigating the evolution of online identities, beginning with centralized-, federated-, and user-centric identities, before it eventually evolved into the concept of Self-Sovereign Identity. Afterwards, this concept is presented, including the problems of today’s conventional online identities, the purpose of SSI, its principles, and use cases.
The components of SSI will be described in detail, evaluated, and visualized in a components architecture. These include standards like decentralized identifiers (DIDs), verifiable credentials (VCs), and verifiable presentations (VPs). Further, the concepts of a decentralized public key infrastructure (DPKI) and a decentralized key management system (DKMS) are introduced. Additionally, this thesis deals in detail with the trust infrastructure of SSI.
Additionally, this thesis focuses on SSI systems and their underlying DID methods. To provide an overview of existing identity systems, the SSI ecosystem is analyzed on its currently existing DID methods. Based on the presented DID methods, representative DID methods are selected and examined for further analysis and evaluation of the system. To analyze the DID methods and their systems, criteria are defined to emphasize the differences of each DID method. The results from the analysis are then used for evaluating the DID methods.