Rethinking Self-Sovereign Identity Principles: An Actor-Oriented Categorization of Requirements
Daria Schumm, Burkhard Stiller
Abstract
Centralized identity management systems continuously experience security and privacy challenges, motivating the exploration of Decentralized Identity (DI) and Self-Sovereign Identity (SSI) as user-focused alternatives. Although prior research has consolidated SSI principles and derived quality requirements for DI/SSI systems, it is significantly limited in integrating the user viewpoint. This work addresses this gap by embedding a user perspective into the requirements engineering process for DI/SSI systems. Building on existing SSI principles, composite requirements were decomposed into 24 simple quality or non-functional requirements (NFR). The resulting NFR are systematically mapped to the key actors, namely data owner, issuer, verifier, and system, based on varying degrees of responsibility and ownership. A dependency model is introduced to formalize relationships between actors. Inspired by trust modeling concepts, the model explicitly describes how actors interact and rely on each other for requirements fulfillment. By integrating user-centered requirements, responsibility allocation, ownership specification, and dependency modeling, this work provides the first structured model for DI/SSI system architectures.