| Popis: |
Digital identities, including names and age, provide modern information systems with valuable data. Identity management is a security feature that enables users to manage and utilize their digital identities when interacting with online services. A self-sovereign identity (SSI) system is a cutting-edge identity model that uses blockchain technology to foster peer-to-peer trust in service authentication and authorization. SSI systems typically adhere to a set of functional- and quality-related principles and properties. However, we discovered that the current information security and privacy principles and properties of SSI systems are not compliant with the laws, regulations, and technical standards. A compliance set of principles and properties must be established to support the implementation of SSI systems and to improve security and privacy. In this article, we propose CSSPS, a new compliance SSI system property set that expands upon the missing security and privacy controls specified in applicable laws, regulations, and technical standards. We used systematic comparative analysis and systematic review to identify inconsistent content from a vast collection of applicable sources, and then used them to extend the current properties of the SSI system. The proposed CSSPS increases the consistency of security and privacy controls, and is applicable in accordance with the functionality of real SSI systems, as determined by a qualitative evaluation. The proposed CSSPS contributes to SSI system implementation by facilitating correct implementation, while adhering to applicable information security and privacy sources. In addition, the proposed CSSPS can indirectly enhance the security and privacy of SSI systems. |
