Connecting Self-Sovereign Identity with Federated and User-centric Identities via SAML Integration

Abstract

Self-sovereign identity provides a feasible alternative to login via username and password through an identity provider to access digital services. It allows identity subjects to control and own their data. Although this is an appealing approach, it requires a whole new infrastructure with almost no dependencies on the existing ones. We designed and implemented a solution that combines an existing federated identity access management solution with the new approach by enabling authentication via self-sovereign-identity-based credentials while the identity provider retains verification and communication with the service provider via Security Assertion Mark Up Language. Thanks to the standardized federated systems in the German higher education domain, the solution not only enables a smooth transition to self-sovereign identities but can also be easily transferred to other universities using the same federated identity framework.