A User-Centric Identity Management Framework based on the W3C Verifiable Credentials and the FIDO Universal Authentication Framework

Laborde, Romain; Oglaza, Arnaud; Wazan, Samer; Barrère, François; Benzekri, Abdelmalek; Chadwick, David; Venant, Rémi

doi:10.1109/ccnc46108.2020.9045440

Cited by 21 publications

(12 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Although the W3C Verifiable Credential (VC) data model specification [9] is relatively recent and still evolving, it has already received a spike of attention. Works like [3,7] propose the usage of Verifiable Credentials empowered with other technologies like biometric authentication with FIDO. These solutions, however, are not optimal for privacy heavy scenarios, as they have problems achieving minimal disclosure and unlinkability.…”

Section: Related Workmentioning

confidence: 99%

Towards a standardized model for privacy-preserving Verifiable Credentials

García-Rodríguez

Moreno

Bernabé

et al. 2021

Proceedings of the 16th International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

Lack of standardization and the subsequent difficulty of integration has been one of the main reasons for the scarce adoption of privacy-preserving Attribute-Based Credentials (p-ABC). Integration with the W3C's Verifiable Credentials (VC) specification would help by encouraging homogenization between different p-ABC schemes and bringing them all closer to other digital credentials.What is more, p-ABCs can help to solve privacy issues that have been identified in applications of VCs to use cases like vaccination passports. However, there has not been much work focusing on the collaboration between p-ABCs and VCs. We address this topic by establishing initial steps for extra standardization of elements that will help with the integration of p-ABCs into the standard. Namely, we propose a data model for predicates, which are a staple of p-ABC systems, and tools and guidelines to ease the adaptation process like a validation meta-schema. These ideas have been applied in a proof-of-concept implementation of the OLYMPUS distributed p-ABC scheme paired with serialization following the VC data model. CCS Concepts: • Security and privacy → Pseudonymity, anonymity and untraceability.

show abstract

Section: Related Workmentioning

confidence: 99%

Towards a standardized model for privacy-preserving Verifiable Credentials

García-Rodríguez

Moreno

Bernabé

et al. 2021

Proceedings of the 16th International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

show abstract

“…Secure identity registration on distributed ledgers [19] are other decentralized systems along with confidentiality preserving landscapes using blind signatures. Besides, several setups and researchers collaborating with technological experts are concentrating on the improvement of identity methods such as Evernym, Uport [8], [20], Shocard [21], Civic [22], Jolocom [23], Bitnation [24] and Sovrin [8] to solve the digital identity problem. We also propose PKI based DDSSI identity system where we use a Bitcoin system along with the combination of privacy [25] and reputation with the collaboration of BC [26].…”

Section: Blockchain and Bitcoinmentioning

confidence: 99%

Blockchain-Based Decentralized Digital Self-Sovereign Identity Wallet for Secure Transaction

Islam¹,

Nasir²,

Hasan³

et al. 2021

Adv. sci. technol. eng. syst. j.

View full text Add to dashboard Cite

“…(2) UAF -Both [45] and [84] provide an analysis of the UAF protocol from a cryptographic and security perspective respectively. In [73] an attack against the protocol is performed whereas [71] and [107] explore the protocol's applicability, leveraging of UAF in order to provide authentication as well as identification. [106] discusses a TEE-based implementation of the UAF's Transaction Confirmation feature.…”

Section: Survey Of Fido-related Scientific Publicationsmentioning

confidence: 99%

How many FIDO protocols are needed? Surveying the design, security and market perspectives

Angelogianni,

Politis,

Xenakis

2021

Preprint

View full text Add to dashboard Cite

Unequivocally, a single man in possession of a strong password is not enough to solve the issue of security. Studies indicate that passwords have been subjected to various attacks, regardless of the applied protection mechanisms due to the human factor. The keystone for the adoption of more efficient authentication methods by the different markets is the trade-off between security and usability. To bridge the gap between user friendly interfaces and advanced security features, the Fast Identity Online (FIDO) alliance defined a number of authentication protocols. Although FIDO's biometric based authentication is not a novel concept, still daunts end users and developers, which maybe a contributor factor obstructing FIDO's complete dominance of the digital authentication market.This paper traces the evolution of FIDO protocols, by identifying the technical characteristics and security requirements of the FIDO protocols throughout the different versions while providing a comprehensive study on the different markets (e.g., digital banking, social networks, e-government, etc.), applicability, easy of use, extensibility and future security considerations. From the analysis we conclude that there is currently no dominant version of a FIDO protocol and more importantly, earlier FIDO protocols are still applicable to emerging vertical services.CCS Concepts: • Security and privacy → Security protocols.

show abstract

A User-Centric Identity Management Framework based on the W3C Verifiable Credentials and the FIDO Universal Authentication Framework

Abstract: The version in the Kent Academic Repository may differ from the final published version. Users are advised to check http://kar.kent.ac.uk for the status of the paper. Users should always cite the published version of record.

Cited by 21 publications

References 8 publications

Towards a standardized model for privacy-preserving Verifiable Credentials

Towards a standardized model for privacy-preserving Verifiable Credentials

Blockchain-Based Decentralized Digital Self-Sovereign Identity Wallet for Secure Transaction

How many FIDO protocols are needed? Surveying the design, security and market perspectives

Contact Info

Product

Resources

About