Decentralized Semantic Identity

This paper examines a semantic approach for identity management, namely the W3C WebID, as a representation of personal information, and the WebID-TLS as a decentralized authentication protocol, allowing individuals to manage their own identities and data privacy. The paper identifies a set of important usability, privacy and security issues that needs to be addressed, and proposes an end to end authentication mechanism based on WebID, JSON Web Tokens (JWT) and the blockchain. The WebID includes a personal profile with its certificate, and the social relationship information described as the RDF-based FOAF ontology. The JWT is a standardized container format to encode personal related information in a secure way using "claims". The distributed, irreversible, undeletable, and immutable nature of the blockchain has appropriate attributes for distributed credential storage and decentralized identity management.

[1]  Alex Pentland,et al.  Decentralizing Privacy: Using Blockchain to Protect Personal Data , 2015, 2015 IEEE Security and Privacy Workshops.

[2]  Michael Naehrig,et al.  Elliptic Curve Cryptography in Practice , 2014, Financial Cryptography.

[3]  Arvind Narayanan,et al.  An Empirical Study of Namecoin and Lessons for Decentralized Namespace Design , 2015, WEIS.

[4]  Daniel J. Weitzner Whose Name Is It, Anyway? Decentralized Identity Systems on the Web , 2007, IEEE Internet Computing.

[5]  Serguei Leontiev,et al.  Using the GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 Algorithms with the Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 2006, RFC.

[6]  Jon Crowcroft,et al.  The main name system: an exercise in centralized computing , 2005, CCRV.

[7]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.

[8]  Juan Benet,et al.  IPFS - Content Addressed, Versioned, P2P File System , 2014, ArXiv.

[9]  Kirstie Hawkey,et al.  Security , Privacy and Usability Requirements for Federated Identity , 2012 .

[10]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[11]  Jeremy Clark,et al.  SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies , 2015, 2015 IEEE Symposium on Security and Privacy.

[12]  Yves Raimond,et al.  RDF 1.1 Primer , 2014 .

[13]  Matthew Green,et al.  Decentralized Anonymous Credentials , 2014, NDSS.