Self-sovereign, Decentralised Identity Management and Personal Data Sharing

Motivation

Today, users are often required to share personal data, like email addresses, to use services on the web. As part of normal service operation, such as notifications or billing, services require access to -- ideally fresh and correct -- user data. Sharing attributes in the Web today is often done via centralized service providers to reduce data redundancy and to give services access to current, up-to-date information even if the user is currently offline. Abuse of this power is theoretically limited by local laws and regulations. But, the past has shown that even well-meaning identity providers struggle to keep user data safe as they become major targets for hackers and nation state actors while striving for monetizing anonymized statistics from these data. We advocate for a new, decentralized way for users to manage their identities for the following reasons:

  • The current state of omniscient identity providers is a significant threat to the users' privacy.
  • Users must completely trust the service provider with respect to protecting the integrity and confidentiality of their identity in their interest.
  • The service provider itself is facing substantial liability risks given the responsibility of securely managing potentially sensitive personal data of millions of users.

re:claimID is built as a service on top of the peer-to-peer framework GNUnet.
It emerged from research conducted by the research group "Secure Applications and Services" at the Fraunhofer AISEC research institute.
A scientific, peer-reviewed paper on the theoretical foundations of re:claimID was published at TrustCom 2018 (Arxiv).
re:claimID is primarily developed in the GNUnet source tree. Accompanying tools and sources can be found in the Gitlab project.

re:claimID is funded by Fraunhofer AISEC and by the NGI_Trust framework as part of the project "DISSENS".