SoK: Self-Sovereign Digital Identities

TL;DR

This work presents a comprehensive systematization of knowledge on self-sovereign digital identities, with a primary focus on identifying the challenges that impede real-world adoption and hopes it will help advance the shift from centralized to self-sovereign digital identities in a disciplined and impactful way.

Abstract

Self-Sovereign Digital Identity (SSDI) enables individuals to control their own identity assertions and data, rather than relying on centralized or federated systems prone to large-scale data breaches. By eliminating centralized databases maintained by service providers and identity brokers, SSDIs offer enhanced security and privacy. However, adoption remains slow, and research in this area lacks systematization and uniformity. To address these gaps, we present a comprehensive systematization of knowledge on self-sovereign digital identities, with a primary focus on identifying the challenges that impede real-world adoption. We survey 80 academic and non-academic sources and identify six major challenges: (i) binding a single identity to one individual or organization, (ii) the absence of mature cryptographic and communication protocols, (iii) significant usability barriers, (iv) regulatory and oversight gaps, (v) bootstrapping to critical-mass adoption, and (vi) dependence on a permissionless, decentralized, yet singular infrastructure that may expose unforeseen vulnerabilities over time. We then analyze 47 scientific publications and find that the vast majority focus on blockchain-based solutions rather than generalized SSDI architectures. Additionally, we catalog 12 real-world, production-grade SSDI applications. Our evaluation of these solutions reveals that self-sovereignty is, in practice, a spectrum rather than a binary property. Finally, we explore the frontiers of SSDI by identifying major trends, open problems, and opportunities for future research. We hope this systematization will help advance the shift from centralized to self-sovereign digital identities in a disciplined and impactful way.

Figures (7)

• Figure 1: Evolution of digital identity paradigms: Centralized Digital Identity (CDI) is based on the premise that each service provider maintains and stores accounts of its users. Federated Digital Identity (FDI) outsources authentication to an Identity Broker, such as Google, Facebook, Apple, or LinkedIn. Self-Sovereign Digital Identity (SSDI) is the latest paradigm in which user authentication keys and data are stored by the user and provided on demand in the form of digital certifications.
• Figure 2: Five-step methodology of this study. We first analyze existing surveys, revealing a near-complete absence of existing systematization. Then we identify six major challenges impeding the adoption of SSDIs. After that, we analyze 47 research papers and observe disproportionate focus on certain areas and challenges. Next, we survey real-world applications of SSDIs, confirming the "sovereignty washing" phenomenon and the lack of production deployment. Finally, we identify five major frontiers of SSDI research and outline directions for future work.
• Figure 3: Targeted infrastructure. Our survey of scholarly work reveals the dominance of blockchain-focused work and very little focus on generalized targets.
• Figure 4: Cryptographic techniques in the scholarly literature. Public-key cryptography is the most popular type (72.3%) followed by ZK proofs (17%).
• Figure 5: Percentage of scholarly work addressing particular SSDI challenges. The analysis reveals the predominance of focus on key management and protocols as well as identity binding, and a notable lack of focus on usability and meta-centralization.