TPL: A Trust Policy Language

Mödersheim, Sebastian; Schlichtkrull, Anders; Wagner, Georg; More, Stefan; Alber, Lukas

doi:10.1007/978-3-030-33716-2_16

Cited by 9 publications

(3 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Thus, when receiving the VP of a person stating that she has an account on an unrecognized bank, a query to the bank federation's list of trusted banks is enough to decide if the VP can be trusted or not. In contrast, in [5] the trust policy language (TPL) [100], a declarative language for specifying trust rules without worrying about low-level aspects, was adapted to work in SSI. The TPL has been extended with SSI-related concepts such as DID and VC, allowing for the specification of rules to check VPs.…”

Section: Frederico Schardong and Ricardo Custódiomentioning

confidence: 99%

Self-Sovereign Identity: A Systematic Review, Mapping and Taxonomy

Schardong¹,

Custódio²

2021

Preprint

View full text Add to dashboard Cite

Self-Sovereign Identity is a user-centric identity model. In this model, the user maintains and controls their data. When requested by a service provider, user data is sent directly by the user, without the intermediation of third parties. Thus, in Self-Sovereign Identity, the participation of known identity providers for proof of identity is reduced, which increases user privacy. This identity model has attracted the attention of researchers and organizations around the world. All this interest increased the number of scientific articles published on the subject. The analysis of published materials showed that ideas and proposals are very diverse and dispersed.Although there are few systematic reviews, they lack methodological rigor and are limited to a small subset of published works.This study presents a rigorous systematic mapping and systematic literature review covering theoretical and practical advances in Self-Sovereign Identity. We identified and aggregated evidence from publications to answer four research questions, resulting in a classification scheme used to categorize and review publications. Open challenges are also discussed, providing recommendations for future work.

show abstract

Section: Frederico Schardong and Ricardo Custódiomentioning

confidence: 99%

Self-Sovereign Identity: A Systematic Review, Mapping and Taxonomy

Schardong¹,

Custódio²

2021

Preprint

View full text Add to dashboard Cite

show abstract

“…The Trust Policy Language (TPL) [ 192 ], a declarative language for specifying trust rules without concern for low-level details, was adapted to work in SSI in [ 145 ]. The TPL has been enhanced with SSI-related concepts such as DID and VC, allowing the specification of rules to validate VPs.…”

Section: Rq-1: What Practical Problems Have Been Introduced and Solved?mentioning

confidence: 99%

Self-Sovereign Identity: A Systematic Review, Mapping and Taxonomy

Schardong

Custódio

2022

Sensors

View full text Add to dashboard Cite

Self-Sovereign Identity (SSI) is an identity model centered on the user. The user maintains and controls their data in this model. When a service provider requests data from the user, the user sends it directly to the service provider, bypassing third-party intermediaries. Thus, SSI reduces identity providers’ involvement in the identification, authentication, and authorization, thereby increasing user privacy. Additionally, users can share portions of their personal information with service providers, significantly improving user privacy. This identity model has drawn the attention of researchers and organizations worldwide, resulting in an increase in both scientific and non-scientific literature on the subject. This study conducts a comprehensive and rigorous systematic review of the literature and a systematic mapping of theoretical and practical advances in SSI. We identified and analyzed evidence from reviewed materials to address four research questions, resulting in a novel SSI taxonomy used to categorize and review publications. Additionally, open challenges are discussed along with recommendations for future work.

show abstract

“…On one side, the user (prover) provides their own credentials as input to the system. On the other side, the verifier often requires more information to authenticate those credentials, such as their revocation status or the trustworthiness of their issuer (Alber et al, 2021;Mödersheim et al, 2019). Since the verifier needs to trust this additional information, it is usually collected directly from respective authorities and registries.…”

Section: Introductionmentioning

confidence: 99%

Offline-verifiable Data from Distributed Ledger-based Registries

Heher

Walluschek

2022

Proceedings of the 19th International Conference on Security and Cryptography

Self Cite

View full text Add to dashboard Cite

Trust management systems often use registries to authenticate data, or form trust decisions. Examples are revocation registries and trust status lists. By introducing distributed ledgers (DLs), it is also possible to create decentralized registries. A verifier then queries a node of the respective ledger, e.g., to retrieve trust status information during the verification of a credential. While this ensures trustworthy information, the process requires the verifier to be online and the ledger node available. Additionally, the connection from the verifier to the registry poses a privacy issue, as it leaks information about the user's behavior. In this paper, we resolve these issues by extending existing ledger APIs to support results that are trustworthy even in an offline setting. We do this by introducing attestations of the ledger's state, issued by ledger nodes, aggregatable into a collective attestation by all nodes. This attestation enables a user to prove the provenance of DL-based data to an offline verifier. Our approach is generic. So once deployed it serves as a basis for any use case with an offline verifier. We also provide an implementation for the Ethereum stack and evaluate it, demonstrating the practicability of our approach.

show abstract

TPL: A Trust Policy Language

Cited by 9 publications

References 17 publications

Self-Sovereign Identity: A Systematic Review, Mapping and Taxonomy

Self-Sovereign Identity: A Systematic Review, Mapping and Taxonomy

Self-Sovereign Identity: A Systematic Review, Mapping and Taxonomy

Offline-verifiable Data from Distributed Ledger-based Registries

Contact Info

Product

Resources

About