Blockchain based Internet of Things (Debashis De, Siddhartha Bhattacharyya etc.)

220

M. Polychronaki et al.

3.1.4

Interface: Credentials and Interface—Personal Wallet

In the centralized architecture, the invocation of an identity by an entity is succeeded

using various methods. The most common one is providing the IdP with proof of

knowledge. Proof of some information that only the speciﬁc entity would know or

information that only the rightful owner of the particular identity should possess,

like a set of username and password. Other methods are also used, but the basic

interaction between the IdP and the entity remains the same, as the IdP remains the

holder of all identities.

At the same time, in a decentralized architecture, the entities, being the holders of

their DIDs, have the ability to control the visibility of certain parts of their identity,

by invoking smart contract functions which allow the entities to alter the accessibility

rules regarding exclusively their own data. There is no need for identity invocation,

but only providing proof that their identity is valid, by communicating with any

identity validator of the blockchain network.

In order to do that, each entity will need the proper software agent, which is able

to contain the DID and provide the application interface (graphical user interface,

programmable interface, etc.) for passing directly to the network the entity’s desired

modiﬁcations or asking for validation [22].

Blockchain is able to implement this software using Wallets, which are software

used for safekeeping and handling the cryptographic keys of user accounts [23].

Wallets can be used and modiﬁed accordingly in order to keep and manage the DID

of the entity. This way, the entity itself becomes the only owner of its identity and

the visibility of its data is controlled exclusively by the entity.

Figure 5 illustrates how the basic components of a blockchain-based IAM system

interact with each other. We can see that the blockchain comprised the identity

validators and issuers who communicate over the blockchain network holding the

common ledger. While it is mandatory for both of these components to be part of the

blockchain network, it is not exclusive that only they must comprise it. Anyone who

is willing to host a blockchain node and support the multiplication of the ledger can

do so, without compromising any information due to the fact that the information

on the ledger tends to be public. Users interact via their wallets which can directly

communicate with the network over the internet and invoke smart contracts on behalf

of the user’s will.

3.2

The Self-sovereign Identity Model

For the last decade, the self-sovereign identity (SSI) [24] has been under the scope of

many researchers because of the potential beneﬁts it has to offer, not only in IoT but in

anytechnologicalsystemwhichneedsidentitymanagementtofunctionproperly.SSI,

although not yet fully standardized regarding its implementation rules, it succeeds in

putting the user right in the middle of the identity and access management system.