Decentralization trends in identity management: From federated to Self-Sovereign Identity Management Systems

Identity Management Systems (IMSs) are fundamental elements in a myriad of digital services across different industries. Traditionally, electronic IMSs have been centralized, similar to historical paper-based IMSs: there is a single authority responsible for issuing, storing, and sharing identity-related information on behalf of the identified subjects (people or devices). Over the last decade, we have been witnessing a decentralization trend in IMSs due to a number of reasons such as an attempt to bridge disconnected identity silos and the strive to involve the user in identity management to a larger degree. Federated and Self-Sovereign IMSs are the two most prominent approaches in the decentralization trend. Despite significant progress in this area, Federated and Self-Sovereign IMSs have not been studied from a conceptual point of view and the fundamental differences between different decentralization approaches have not been analyzed.

It is important to understand the implications of different approaches when designing future IMSs that may affect millions of users daily. In this work, we conduct a conceptual study of these two IMS classes. First, we propose a generic model consisting of a set of functionalities and a set of operations and use it as a comparison framework. Using the generic model, we analyze three representatives from Federated and Self-Sovereign IMSs, namely, IOTA Identity, Hyperledger Indy, and eIDAS. Based on the analysis, we propose a new multi-dimensional taxonomy to capture the key differences between these systems. Furthermore, we discuss SSI principles and decentralization approaches followed in IMSs. Finally, we present research gaps in Self-Sovereign IMSs along with solution directions.