CredTrust: Credential Based Issuer Management for Trust in Self-Sovereign Identity

Abstract

Self Sovereign Identity (SSI) facilitates secure issuance and verification of digitised credentials without having to rely on a centralised authority. Most SSI implementations rely on blockchain to take advantage of decentralisation and cryptographic security over the credentials. Given that verifying the authenticity of credentials such as identification papers or proof of qualifications are critical to the system, current SSI solutions, assume the issuers to be “official” entities (e.g., government agencies) who must follow a stringent process to vet their credentials. However, there is no systematic support for directing the same level of trust agencies for individual users who may issue credentials (e.g., delegation of access, consent letter) in the context of business processes. A verifier who relies on user-issued credentials to complete a business process (e.g., a postal worker handing over parcel to someone other than the addressee) bears the risk of accepting these credentials without reliance on a trust agency. This paper proposes CredTrust, a blockchain based SSI framework that allows individual users to be “onboarded” to the platform as a verifiable issuer via the establishment of a trust registry in the blockchain. Our approach utilises the existing SSI credential generation and verification processes to create a “chain of trust” as a trust propagation method. Our evaluation results show that CredTrust is feasible and exhibits minimal overheads when compared with a conventional SSI based credential management system.